# Solved windows cannot locate webfldrs.msi

April 21, 2013 at 17:16:24
Specs: Windows 7

See More: windows cannot locate webfldrs.msi

April 29, 2013 at 02:34:06
 All being well it should now be flying, almost like a clean install.Finally."I clicked on the link in the program menu and this window popped up. First time to see this"If Internet Explorer has any glitches, use this & check > Repair Internet ExplorerTweaking.com - Windows Repair http://www.softpedia.com/get/Tweak/...http://www.softpedia.com/progScreen...http://www.tweaking.com/http://www.tweaking.com/content/pag...

#1
April 21, 2013 at 18:22:39
 Firstly I would run sfc /scannow from the Run box. This should restore missing system files.Otherwise I wonder if this update would help (unless it's what you've tried)http://www.microsoft.com/en-us/down...Always pop back and let us know the outcome - thanks

Report •

#2
April 22, 2013 at 02:44:29

Report •

#3
April 22, 2013 at 09:00:57
 When things are better in Safe Mode it can often be due to a driver issue. Corruption maybe. Updating drivers might fix it but the problem is knowing which one. Top my head says that graphics driver would be worth a try (Safe Mode graphics are minimal).Just the same, if you haven't done so already, install and run this freebie to see if there is any virus about (another reason for slowness):http://www.filehippo.com/download_m...Another possibility is that some program startup is slowing the issue. Unchecking items in msconfig Startup might unearth it.Always pop back and let us know the outcome - thanks

Report •

Related Solutions

#4
April 22, 2013 at 12:25:01
 I've run comodo anti-virus, malwarebytes, and eset (I think its called)... plus another one I forget. I believe it is clean at this point. I'll try the msconfig startup and let you know what happens. Is there a way that you know of to download from Microsoft the XP Pro disks so that I can reload the missing components? I uninstalled and reinstalled the display adapter, but that didn't help with the slow boot either.I'll check back after I go thru the startup items.

Report •

#5
April 22, 2013 at 13:16:14
 Not much in the way of operating systems you can download legally. If you can lay your hands one someone else's XP Pro disk you can at least run sfc.Always pop back and let us know the outcome - thanks

Report •

#6
April 22, 2013 at 19:45:33
 I did msconfig dianostic mode, except for re-adding event log. It still loads slowly. When I checked the logs nothing popped up except for "system" which gave me an error message saying the event log for system is corrupt. Can I fix that somehow?

Report •

#7
April 22, 2013 at 19:54:42
 I cleared the system log and restarted. DCOM is causing errors. I am now looking up how to deal with that.

Report •

#8
April 22, 2013 at 23:05:11
 I opened the CD for an XP Home version and it had the i386 folder. In that folder was the webfldrs.msi file. I copied that to the desktop and opened with RAR. I was able to run that and it reinstalled the windows components. When I did the first restart, there was zero delay. I did a second restart and it delayed again. After re-running webfldrs.msi nothing changed in terms of the boot time.I have run malwarebytes again and it found zero things wrong. I also decided to look at the defragment level and there was significant defragment on the disk. I defraged the drive, but again no change to boot time. Now I am downloading eset's online scanner for viruses. I'll run that again. After that, I'll do chkdsk /p /r and see if there are any disk issues that it finds.Incidently, once the system does start, the load time for the desktop etc. has improved. So, it feels like I am moving in the right direction. One of these things is bound to work eventually.

Report •

#9
April 23, 2013 at 05:40:27
 So, today what did I do???....... I ran ESET online scanner and it found 3 new malware files. Those have been cleaned. I did the msconfig startup and deseleted all of the startup items. Neither of these have had any impact on the boot time.As it turns out I have an OEM version of XP Pro on disk. It is the one I spoke of above. I thought it wasn't XP Pro as the laptop would not recognize it for sfc /scannow; however, I went thru the process of entering into a repair mode and the disks appear to work for doing that process. I just worry if I fix the system with that and then need to re-enter the CD KEY that the installation will request the old OEM key which is no longer valid. I did use the magic jelly bean program to find the current CD KEY for the current installation... so I have that if I do go forward with repairing.I did do a chkdsk /p /r and errors that were found were fixed. Again, the black screen with cursor remains and boot time is approx 3 minutes. I guess they can live with that, but I worry that at some point it will stop booting altogether.I did reach out to the company which is a Thai company and I now see the computer is made in China not Vietnam. So I'll see where that gets me with their tech department. Any other ideas for the black screen problem?

Report •

#10
April 23, 2013 at 07:22:52
 Can't add much. Wonder if the long delay is due to the systems waiting for some service or other to start. Some nasty malware rootkit or Trojan might still being present, especially as a new run of ESET continued to find something.Always pop back and let us know the outcome - thanks

Report •

#11
April 24, 2013 at 00:43:17
 I'm running ESET again and after that Comodo. I'll report back...Udpate: Eset is still running but its found three threats already. One is win32 opencandy which is apparently a really malicious adware. It was the same one Eset found before. I think i'll have to go into safemode to get rid of this one... I'll report back what happens.

Report •

#12
April 24, 2013 at 07:08:05
 I see that "win32 opencandy" involves toolbars. It might take a bit of fixing but I think you sould including running this freebie if you haven't already: http://www.bleepingcomputer.com/dow...The Scan shows what it has found and the Delete removes all toolbars and their remnants (unless you invoke the listed options). It's a good program and I've not yet hit any problem by letting it Delete all. Sometimes you have to reboot so that it can remove items when Windows is not running. I've found that most toolbars are at least unnecessary, at worst scams.Just to add some general points. Somtimes running scans in Safe Mode is more effective. Also running Rkill first can often give you a better chance of killing off these pests:http://www.bleepingcomputer.com/dow...Always pop back and let us know the outcome - thanks

Report •

#13
April 24, 2013 at 07:28:08
 Yes, agree on toolbars personally I never load them on my computer, but my friends are only semi-computer literate and have no idea how much they've infected this machine. I'll run several programs in safemode and see if I can eliminate it and follow up with the program you're suggesting.

Report •

#14
April 24, 2013 at 10:59:20
 I ran RKILL and then your program and it found several more toolbar entries that were cleaned. After that I restarted and it booted normally. I then rebooted and it went back to doing the same thing. BTW RKILL has one entry: RpcSs => %systemroot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]Any ideas on that? I tried expanding a copy of the svchost.ex_ file and replacing the original with a new svchost.exe, but when it finally loaded after the black screen the services were all not starting so I had to change back to the original svchost.exe file again.I ran combofix too, but no help from that. ESET ran again and the candy malware and others were no longer popping up. Malwarebytes is also clean.I also ran the Fixit file from Microsoft for the Hosts file just to be sure it wasn't corrupted. No change for booting with that either.So unless you have further ideas about the above or other things I can do... I think I've reached the end of what is possible without the OS disks.Let me know what you think about that issue that RKILL found.Thanks

Report •

#15
April 24, 2013 at 11:42:11
 Have you tried a system restore?~winipcfgASCII question, get an ANSI

Report •

#16
April 24, 2013 at 12:15:10
 There are no old restore points that I would trust given the number of infections this computer had. If there was one from 2010 or earlier maybe... In fact, there are only two restore points total on the computer. I guess that is the max allowed for this system. Dunno.

Report •

#17
April 24, 2013 at 13:17:19
 That path to rpcss looks fine to me, so I don't know what it is on about. If you look at the Remote Procedure Call (RPC) service you will find it given there - service normally Automatic and Running. Maybe the "nasty" is fooling Rkill somehow.One more thing that might be worth a shot is this root kit remover:http://support.kaspersky.com/5350?e...Always pop back and let us know the outcome - thanks

Report •

#18
April 25, 2013 at 02:51:45
 I ran the new one on its regular settings and it found zero. I selected the two options and it found 8 suspicious files. I have quarantined them, but not sure what to do with them other than that. Here is the report... any ideas?16:28:25.0437 3828 Detected object count: 816:28:25.0437 3828 Actual detected object count: 816:32:49.0390 3828 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine16:32:49.0390 3828 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:49.0531 3828 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys - copied to quarantine16:32:49.0531 3828 BCM43XX ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:49.0593 3828 C:\WINDOWS\system32\DRIVERS\e100b325.sys - copied to quarantine16:32:49.0593 3828 E100B ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:49.0718 3828 C:\WINDOWS\system32\DRIVERS\ITECIR.sys - copied to quarantine16:32:49.0718 3828 ITECIR ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:49.0890 3828 C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe - copied to quarantine16:32:49.0890 3828 MsgPlusService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:50.0031 3828 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - copied to quarantine16:32:50.0031 3828 NBService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:50.0109 3828 C:\WINDOWS\system32\DRIVERS\siside.sys - copied to quarantine16:32:50.0109 3828 SiSide ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 16:32:50.0312 3828 C:\WINDOWS\system32\DRIVERS\smserial.sys - copied to quarantine16:32:50.0312 3828 smserial ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

Report •

#19
April 25, 2013 at 04:51:34
 I do have a file from the pc company that has the VGA and a few other drivers on it. I decided to try and reload the VGA driver on the computer. However, I am receiving an error that says "Can't find instfunc.exe result file". So the process just hangs and the driver doesn't load. Ideas?

Report •

#20
April 25, 2013 at 07:40:08
 You did right to quarantine them.Seems to me you still have something nasty kicking around. It's really a matter of whether that can be cleaned out and what it might have wrecked by being there.I'm going to ask a colleague if he can pop by and look at this (a MrGoodguy) because I think it needs a lot more delving. He might not be available - we shall see.Always pop back and let us know the outcome - thanks

Report •

#21
April 25, 2013 at 20:41:25
 I can't think of anything else to do as long as I can't even update these files. Let me know if your colleague has any ideas. Thanks!

Report •

#22
April 26, 2013 at 06:10:52
 I did let him know but I guess he is not available right now - keep watching.Always pop back and let us know the outcome - thanks

Report •

#23
April 26, 2013 at 10:37:42
 It was probably a waste of time, but I manually ran Windows Malicious SRT in safe mode. It found zero errors. That is two plus hours I would like back. :-/

Report •

#24
April 26, 2013 at 12:58:23
 I did stumble across this re #19, although I can't vouch for it:http://www.geeksnerrors.com/instfun...EDIT: Careful tho, I've just seen that the blue link at the top is just a download for their pet speedup program. As the file is a display driver, maybe updating that would be a safer option.I was also pondering about your slow speed after second boot - sometimes slowness can be a sign of the HD nearing the end of its life.Always pop back and let us know the outcome - thanks

Report •

#25
April 26, 2013 at 17:11:27
 I actually came across a bunch of sites for this same program. I think they actually used to let you do 10 fixes at a time for free a few years back. Now it is pay upfront. I tried to find the drive from SIS.com, but they don't list "mirage 3" as an option. No idea on the HD, but unless the drive was not installed new I know the computer owners don't use the laptop very much... of course I rarely turn my computer off so that is compared to me.

Report •

#26
April 27, 2013 at 19:19:04

Report •

#27
April 28, 2013 at 02:43:04
 First off, I didn't realize that defogger should have been run first. So this report is without defogger having been run on the system. Should I redo? Here is the report:ComboFix 13-04-27.04 - JamSang 04/28/2013 16:30:00.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.765.141 [GMT 7:00]Running from: c:\documents and settings\JamSang\My Documents\Downloads\ComboFix.exeAV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe..((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))..2028-01-12 08:19 . 2028-01-12 08:19 195584 ----a-w- c:\windows\system32\Xvoice.dll2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\program files\Common Files\Skype2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----r- c:\program files\Skype2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2013-04-28 09:00 . 2013-04-28 09:00 -------- d-----w- c:\program files\Microsoft Silverlight2013-04-28 08:59 . 2006-11-29 06:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll2013-04-28 08:59 . 2013-04-28 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2013-04-28 08:58 . 2013-04-28 08:59 -------- d-----w- c:\windows\LastGood2013-04-28 08:58 . 2013-04-28 08:58 -------- d-----w- c:\program files\Microsoft2013-04-28 08:57 . 2010-04-16 12:16 4927864 ----a-w- c:\program files\Common Files\Windows Live\.cache\65c82fbe1ce43ee\Silverlight.2.0.exe2013-04-27 18:42 . 2013-04-27 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon2013-04-27 18:42 . 2013-04-27 18:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\program files\spotflux2013-04-25 09:47 . 2013-04-25 09:47 -------- d-----w- c:\windows\Sun2013-04-25 09:13 . 2013-04-25 09:32 -------- d-----w- C:\TDSSKiller_Quarantine2013-04-24 19:43 . 2013-04-24 19:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\program files\SRWare Iron2013-04-24 18:17 . 2013-04-28 08:39 -------- d-----w- c:\windows\system32\CatRoot22013-04-24 18:15 . 2013-04-24 18:40 181064 ----a-w- c:\windows\PSEXESVC.EXE2013-04-24 18:14 . 2013-04-24 18:14 -------- d-----w- C:\RegBackup2013-04-24 18:12 . 2013-04-24 18:12 -------- d-----w- c:\program files\Tweaking.com2013-04-24 14:43 . 2013-04-24 14:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2013-04-24 14:32 . 2013-04-24 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2013-04-23 12:06 . 2013-04-23 12:07 -------- d-----w- c:\program files\Magical Jelly Bean2013-04-23 10:05 . 2013-04-24 17:06 -------- d-----w- c:\windows\I3862013-04-23 03:43 . 2001-08-16 23:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys2013-04-23 03:42 . 2008-04-13 15:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys2013-04-23 03:42 . 2001-08-16 22:20 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys2013-04-23 03:42 . 2001-08-16 22:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys2013-04-23 03:42 . 2008-04-13 15:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys2013-04-23 03:42 . 2001-08-16 23:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys2013-04-23 03:42 . 2001-08-17 08:36 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll2013-04-23 03:42 . 2001-08-17 08:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll2013-04-23 03:42 . 2001-08-17 00:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll2013-04-23 03:42 . 2008-04-13 17:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys2013-04-23 03:42 . 2008-04-13 17:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys2013-04-23 03:42 . 2001-08-17 00:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll2013-04-23 03:42 . 2001-08-16 22:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys2013-04-23 03:39 . 2008-04-13 17:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys2013-04-23 03:39 . 2001-08-17 00:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys2013-04-23 03:39 . 2001-08-23 00:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll2013-04-23 03:39 . 2001-08-17 00:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll2013-04-23 03:39 . 2001-08-23 00:00 17408 ----a-w- c:\windows\system32\dllcache\nwapi16.dll2013-04-23 03:39 . 2001-08-23 00:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe2013-04-23 03:39 . 2001-08-23 00:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll2013-04-23 03:39 . 2001-08-23 00:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll2013-04-23 03:39 . 2001-08-23 00:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll2013-04-23 03:39 . 2001-08-23 00:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe2013-04-23 03:39 . 2001-08-23 00:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll2013-04-23 03:24 . 2013-04-23 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead2013-04-22 15:07 . 2013-04-27 21:22 -------- d-----w- c:\documents and settings\Indy2013-04-22 14:04 . 2013-04-28 08:40 -------- d-----w- c:\documents and settings\Meow2013-04-22 11:06 . 2013-04-22 11:18 -------- d-----w- c:\program files\Google2013-04-22 10:45 . 2013-04-28 09:01 -------- d-----w- c:\documents and settings\JamSang2013-04-21 22:03 . 2008-04-13 22:42 64000 ----a-w- c:\windows\system32\dllcache\nwapi32.dll2013-04-21 22:03 . 2008-04-13 22:41 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll2013-04-21 22:03 . 2008-04-13 22:41 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll2013-04-21 22:03 . 2008-04-13 22:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll2013-04-21 22:03 . 2008-04-13 22:41 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll2013-04-21 22:03 . 2008-04-13 22:42 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe2013-04-21 22:03 . 2008-04-13 22:41 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll2013-04-21 22:03 . 2008-04-13 22:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll2013-04-21 22:03 . 2008-04-13 22:42 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\EHome2013-04-21 21:10 . 2013-04-21 21:10 -------- d-----w- c:\program files\Common Files\Java2013-04-21 21:07 . 2013-04-21 21:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll2013-04-21 21:07 . 2013-04-21 21:07 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-04-21 21:07 . 2013-04-21 21:07 144896 ----a-w- c:\windows\system32\javacpl.cpl2013-04-21 21:07 . 2013-04-21 21:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-04-21 21:07 . 2013-04-21 21:07 -------- d-----w- c:\program files\Java2013-04-21 19:08 . 2012-06-02 08:18 275696 ----a-w- c:\windows\system32\mucltui.dll2013-04-21 18:12 . 2013-04-21 18:32 -------- d-----w- c:\windows\SxsCaPendDel2013-04-21 17:19 . 2013-04-21 17:19 -------- d-----w- c:\windows\ie8updates2013-04-21 17:09 . 2013-04-21 17:09 -------- d-----w- c:\program files\MSECache2013-04-21 16:31 . 2013-04-21 18:16 -------- d-----w- c:\windows\system32\XPSViewer2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\program files\Reference Assemblies2013-04-21 16:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- C:\3012f4420958b0b6782013-04-21 16:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2013-04-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2013-04-21 15:52 . 2013-03-02 02:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2013-04-21 15:52 . 2013-03-02 02:06 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll2013-04-21 15:50 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll2013-04-21 14:47 . 2013-04-22 14:48 -------- d--h--w- c:\windows\$hf_mig$2013-04-21 14:41 . 2012-06-02 08:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2013-04-21 14:34 . 2003-06-25 09:05 266360 ----a-w- c:\windows\system32\TweakUI.exe2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\dllcache\bthpan.sys2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\irftp.exe2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\wshirda.dll2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\irmon.dll2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys2013-04-19 22:00 . 2013-04-19 22:00 5073136 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe2013-04-19 22:00 . 2013-04-19 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\program files\Baidu Security2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\searchplugins2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\Extensions2013-04-19 20:09 . 2013-04-19 20:09 -------- d-----w- c:\program files\Common Files\InstallShield2013-04-19 19:13 . 2013-04-19 19:18 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat2013-04-19 19:13 . 2013-04-19 19:13 -------- d-----w- C:\VTRoot2013-04-18 15:24 . 2013-04-28 09:15 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat2013-04-18 15:22 . 2013-04-18 15:22 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space2013-04-18 15:21 . 2013-04-18 15:21 -------- d-----w- c:\program files\COMODO2013-04-18 15:21 . 2013-04-18 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo2013-04-18 15:20 . 2013-04-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-04-18 14:16 . 2013-04-04 07:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-04-24 19:58 . 2011-03-31 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-03-08 08:36 . 2008-04-14 05:42 293376 ----a-w- c:\windows\system32\winsrv.dll2013-03-07 05:21 . 2013-03-07 05:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys2013-03-07 01:32 . 2008-04-14 00:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-07 00:50 . 2008-04-13 17:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-03-02 02:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll2013-03-02 02:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-02 02:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-03-02 01:25 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-03-02 01:08 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec2013-02-27 07:56 . 2009-11-16 10:58 2067456 ----a-w- c:\windows\system32\mstscax.dll2013-02-12 00:32 . 2008-04-14 00:26 12928 ------w- c:\windows\system32\drivers\usb8023.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-29 121089]"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 802304]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-12-16 125952]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"_nltide_3"="advpack.dll" [2009-03-07 128512].c:\documents and settings\Indy\Start Menu\Programs\Startup\spotflux.lnk - c:\program files\spotflux\spotflux.exe [2013-4-17 469848].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/22/2012 5:20 PM 108448]R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2/24/2013 7:12 AM 125952]R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/22/2012 1:46 AM 144472]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2/13/2013 3:38 PM 340096]R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\drivers\tapSF0901.sys [3/7/2013 12:21 PM 33160]S0 SMBALI;SMBALI;c:\windows\system32\drivers\smbali.sys [4/22/2013 5:00 AM 5888]S0 SMBHC;SMBHC;c:\windows\system32\DRIVERS\SMBHC.sys --> c:\windows\system32\DRIVERS\SMBHC.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 7:09 PM 161384]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2012 1:46 AM 1691480]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]S3 KNZECTIJ;KNZECTIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe [?].--- Other Services/Drivers In Memory ---.*NewlyCreated* - SKYPEUPDATE.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-22 11:18 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 19:58].2013-04-28 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-28 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-28 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-28 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12].2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12].2013-04-28 c:\windows\Tasks\User_Feed_Synchronization-{0C0894DE-5483-43D7-9FB3-EA9A58CD62E5}.job- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/mStart Page = hxxp://start.myplaycity.com/mWindow Title = Microsoft Internet ExplorerIE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 10.0.1.1DPF: {EB75A3EF-AF6A-4032-B840-D057A8442A0F} - hxxp://disk.vn/webhard/diskvn.cab..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-04-28 16:37Windows 5.1.2600 Service Pack 3 NTFS.detected NTDLL code modification:ZwClose.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(608)c:\windows\system32\guard32.dllc:\windows\system32\mswsock.dllc:\windows\System32\wshtcpip.dll.- - - - - - - > 'csrss.exe'(524)c:\windows\system32\cmdcsr.dll.- - - - - - - > 'csrss.exe'(2736)c:\windows\system32\cmdcsr.dll.Completion time: 2013-04-28 16:40:23ComboFix-quarantined-files.txt 2013-04-28 09:40ComboFix2.txt 2013-04-19 16:36.Pre-Run: 142,310,260,736 bytes freePost-Run: 142,469,632,000 bytes free.- - End Of File - - 6B5DF1413BCDD5AEC798D9234CB94ECB

Report •

#28
April 28, 2013 at 03:02:32
 The computer continues to hang on boot up as it has been doing. It eventually starts after 3 minutes or so.

Report •

#29
April 28, 2013 at 03:53:56
 Thanks Bangkokindy, give me a little time to go through the log.I am here, where are you please.http://www.timeanddate.com/worldclo..."The computer continues to hang on boot up as it has been doing. It eventually starts after 3 minutes or so"As we dismantle the infection bit by bit, that may allow the repeat use of programs, which may in turn pick up more.Removal of infected parts of the system, may cause other parts to stop working, such as your Internet connection or Services. These we then, have to repair later.If any program won't run ( due to the infection ) let me know. Copy and Paste the contents of the log/logs after running each program.

Report •

#30
April 28, 2013 at 04:01:47

Report •

#31
April 28, 2013 at 04:21:45

Report •

#32
April 28, 2013 at 04:26:04

Report •

#33
April 28, 2013 at 04:26:59

Report •

#34
April 28, 2013 at 04:27:32

Report •

#35
April 28, 2013 at 04:28:06
 c:\program files\Naver\LINE\res\skin\basic\talkAddBuddy.nxulc:\program files\Naver\LINE\res\skin\basic\talkBuddyList.nxulc:\program files\Naver\LINE\res\skin\basic\talkChatList.nxulc:\program files\Naver\LINE\res\skin\basic\test.nxulc:\program files\Naver\LINE\res\skin\basic\toast.nxulc:\program files\Naver\LINE\res\skin\basic\uploadPicture.nxulc:\program files\Naver\LINE\res\skin\basic\voip.nxulc:\program files\Naver\LINE\res\skin\basic\windowPositionHelperTester.nxulc:\program files\Naver\LINE\res\skin\emoji\emoji_facemark.csvc:\program files\Naver\LINE\res\skin\emoji\emoji_icon.csvc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_001.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_002.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_003.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_004.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_005.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_006.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_007.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_008.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoji_w_009.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0120.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0121.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0122.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0123.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0124.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0125.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0126.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0127.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0128.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0129.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0130.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0131.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0132.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0133.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0134.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0135.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0136.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0137.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0138.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_0139.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_13.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_14.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_15.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_16.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_17.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_18.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_19.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_20.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_02_21.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_03_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_04_13.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_13.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_14.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_05_15.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_13.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_14.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_15.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_16.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_17.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_18.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_19.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_20.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_06_21.png

Report •

#36
April 28, 2013 at 04:28:59
 c:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_13.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_14.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_15.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_16.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_17.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_18.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_19.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_20.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_01_21.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_01.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_02.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_03.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_04.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_05.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_06.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_07.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_08.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_09.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_10.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_11.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_12.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_13.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_14.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_15.pngc:\program files\Naver\LINE\res\skin\emoji\icon\emoticon_face_02_16.pngc:\program files\Naver\LINE\res\skin\sticker\gift\gift_1.pngc:\program files\Naver\LINE\res\skin\sticker\gift\gift_2.pngc:\program files\Naver\LINE\res\skin\sticker\gift\gift_3.pngc:\program files\Naver\LINE\res\skin\sticker\gift\gift_4.pngc:\program files\Naver\LINE\res\skin\sticker\tab\tab00_off.pngc:\program files\Naver\LINE\res\skin\sticker\tab\tab00_on.pngc:\program files\Naver\LINE\res\sounds\Bell.wavc:\program files\Naver\LINE\res\sounds\VoipEnd.wavc:\program files\Naver\LINE\res\sounds\VoipRing.wavc:\program files\Naver\LINE\res\sounds\VoipRingback.wav..((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))..2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\4shared Desktop2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\program files\4shared Desktop2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\program files\Common Files\Skype2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----r- c:\program files\Skype2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2013-04-28 09:00 . 2013-04-28 09:00 -------- d-----w- c:\program files\Microsoft Silverlight2013-04-28 08:59 . 2006-11-29 06:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll2013-04-28 08:59 . 2013-04-28 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2013-04-28 08:58 . 2013-04-28 08:58 -------- d-----w- c:\program files\Microsoft2013-04-28 08:57 . 2010-04-16 12:16 4927864 ----a-w- c:\program files\Common Files\Windows Live\.cache\65c82fbe1ce43ee\Silverlight.2.0.exe2013-04-27 18:42 . 2013-04-27 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon2013-04-27 18:42 . 2013-04-27 18:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\program files\spotflux2013-04-25 09:47 . 2013-04-25 09:47 -------- d-----w- c:\windows\Sun2013-04-25 09:13 . 2013-04-25 09:32 -------- d-----w- C:\TDSSKiller_Quarantine2013-04-24 19:43 . 2013-04-24 19:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\program files\SRWare Iron2013-04-24 18:17 . 2013-04-28 10:50 -------- d-----w- c:\windows\system32\CatRoot22013-04-24 18:15 . 2013-04-24 18:40 181064 ----a-w- c:\windows\PSEXESVC.EXE2013-04-24 18:14 . 2013-04-24 18:14 -------- d-----w- C:\RegBackup2013-04-24 18:12 . 2013-04-24 18:12 -------- d-----w- c:\program files\Tweaking.com2013-04-24 14:43 . 2013-04-24 14:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2013-04-24 14:32 . 2013-04-24 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2013-04-23 12:06 . 2013-04-23 12:07 -------- d-----w- c:\program files\Magical Jelly Bean2013-04-23 10:05 . 2013-04-24 17:06 -------- d-----w- c:\windows\I3862013-04-23 03:43 . 2001-08-16 23:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys2013-04-23 03:42 . 2008-04-13 15:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys2013-04-23 03:42 . 2001-08-16 22:20 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys2013-04-23 03:42 . 2001-08-16 22:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys2013-04-23 03:42 . 2008-04-13 15:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys2013-04-23 03:42 . 2001-08-16 23:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys2013-04-23 03:42 . 2001-08-17 08:36 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll2013-04-23 03:42 . 2001-08-17 08:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll2013-04-23 03:42 . 2001-08-17 00:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll2013-04-23 03:42 . 2008-04-13 17:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys2013-04-23 03:42 . 2008-04-13 17:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys2013-04-23 03:42 . 2001-08-17 00:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll2013-04-23 03:42 . 2001-08-16 22:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys2013-04-23 03:39 . 2008-04-13 17:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys2013-04-23 03:39 . 2001-08-17 00:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys2013-04-23 03:39 . 2001-08-23 00:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll2013-04-23 03:39 . 2001-08-17 00:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll2013-04-23 03:39 . 2001-08-23 00:00 17408 ----a-w- c:\windows\system32\dllcache\nwapi16.dll2013-04-23 03:39 . 2001-08-23 00:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe2013-04-23 03:39 . 2001-08-23 00:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll2013-04-23 03:39 . 2001-08-23 00:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll2013-04-23 03:39 . 2001-08-23 00:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll2013-04-23 03:39 . 2001-08-23 00:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe2013-04-23 03:39 . 2001-08-23 00:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll2013-04-23 03:24 . 2013-04-23 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead2013-04-22 15:07 . 2013-04-27 21:22 -------- d-----w- c:\documents and settings\Indy2013-04-22 14:04 . 2013-04-28 10:28 -------- d-----w- c:\documents and settings\Meow2013-04-22 11:06 . 2013-04-22 11:18 -------- d-----w- c:\program files\Google2013-04-22 10:45 . 2013-04-28 10:49 -------- d-----w- c:\documents and settings\JamSang2013-04-21 22:03 . 2008-04-13 22:42 64000 ----a-w- c:\windows\system32\dllcache\nwapi32.dll2013-04-21 22:03 . 2008-04-13 22:41 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll2013-04-21 22:03 . 2008-04-13 22:41 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll2013-04-21 22:03 . 2008-04-13 22:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll2013-04-21 22:03 . 2008-04-13 22:41 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll2013-04-21 22:03 . 2008-04-13 22:42 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe2013-04-21 22:03 . 2008-04-13 22:41 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll2013-04-21 22:03 . 2008-04-13 22:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll2013-04-21 22:03 . 2008-04-13 22:42 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\EHome2013-04-21 21:10 . 2013-04-21 21:10 -------- d-----w- c:\program files\Common Files\Java2013-04-21 21:07 . 2013-04-21 21:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll2013-04-21 21:07 . 2013-04-21 21:07 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-04-21 21:07 . 2013-04-21 21:07 144896 ----a-w- c:\windows\system32\javacpl.cpl2013-04-21 21:07 . 2013-04-21 21:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-04-21 21:07 . 2013-04-21 21:07 -------- d-----w- c:\program files\Java2013-04-21 19:08 . 2012-06-02 08:18 275696 ----a-w- c:\windows\system32\mucltui.dll2013-04-21 18:12 . 2013-04-21 18:32 -------- d-----w- c:\windows\SxsCaPendDel2013-04-21 17:19 . 2013-04-21 17:19 -------- d-----w- c:\windows\ie8updates2013-04-21 17:09 . 2013-04-21 17:09 -------- d-----w- c:\program files\MSECache2013-04-21 16:31 . 2013-04-21 18:16 -------- d-----w- c:\windows\system32\XPSViewer2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\program files\Reference Assemblies2013-04-21 16:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- C:\3012f4420958b0b6782013-04-21 16:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2013-04-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2013-04-21 15:52 . 2013-03-02 02:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2013-04-21 15:52 . 2013-03-02 02:06 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll2013-04-21 15:50 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll2013-04-21 14:47 . 2013-04-22 14:48 -------- d--h--w- c:\windows\$hf_mig$2013-04-21 14:41 . 2012-06-02 08:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\dllcache\bthpan.sys2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\irftp.exe2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\wshirda.dll2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\irmon.dll2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys2013-04-19 22:00 . 2013-04-19 22:00 5073136 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe2013-04-19 22:00 . 2013-04-19 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\program files\Baidu Security2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\searchplugins2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\Extensions2013-04-19 20:09 . 2013-04-19 20:09 -------- d-----w- c:\program files\Common Files\InstallShield2013-04-19 19:13 . 2013-04-19 19:18 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat2013-04-19 19:13 . 2013-04-19 19:13 -------- d-----w- C:\VTRoot2013-04-18 15:24 . 2013-04-28 10:39 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat2013-04-18 15:22 . 2013-04-18 15:22 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space2013-04-18 15:21 . 2013-04-18 15:21 -------- d-----w- c:\program files\COMODO2013-04-18 15:21 . 2013-04-18 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo2013-04-18 15:20 . 2013-04-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-04-18 14:16 . 2013-04-04 07:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-04-15 11:39 . 2013-04-18 17:02 99392 ----a-w- c:\windows\system32\drivers\inspect.sys.

Report •

#37
April 28, 2013 at 04:31:22

Report •

#38
April 28, 2013 at 04:32:47
 And sorry it was LINE not LIVE. Thanks for your help. I will continue the process of virus hunting later this evening (Thailand time). Dale

Report •

#39
April 28, 2013 at 04:42:11
 "I will continue the process of virus hunting later this evening (Thailand time)"Ok Dale, I shall make sure I don't go to bed too early.http://www.timeanddate.com/worldclo...

Report •

#40
April 28, 2013 at 04:44:29
 "I went ahead and re-ran the defogger/combofix"Just as well you did, I would never have known what was going on.

Report •

#41
April 28, 2013 at 05:12:26
 Googling LINE reveals the program is OK.Best she doesn't install any new programs, other than what I ask you to run.I can only guess it was from a bad source.When we get all the problems sorted out, here are safe links to download LINE.http://www.softpedia.com/get/Mobile...http://www.softpedia.com/progScreen...http://line.naver.jp/en/

Report •

#42
April 28, 2013 at 06:46:38
 Well, bad news. I just ran ESET on my computer and it discovered the same malware called Win32 opencandy. I did not share any files between computers nor download any of the same programs she has on hers. I did however have an open network connection and I had a shared folder there. I did establish a connection once between the computers which required my password for my computer. Was that all it took? I am getting ready to run the defogger/combofix on my toshiba (hers is svoa for ease of typing).

Report •

#43
April 28, 2013 at 07:01:04
 The goal of trying to fix a computer is to keep it simple, one small step at a time.I can only visualize her computer in my head, trying to keep your details is way too complicated."This computer is a friend's and it appears to have been configured in vietnam"Where is that comp?In your possession or elsewhere.

Report •

#44
April 28, 2013 at 07:04:29
 Her computer henceforth to be called svoa is in the other room being used... I should have access to it in an hour or two. My computer is what I am using now which I will now call the toshiba. I'm getting tired of virus hunting :)

Report •

#45
April 28, 2013 at 07:14:47
 Eset found on Toshiba...C:\Users\Indy\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\VTRoot\HarddiskVolume2\Users\Indy\AppData\Local\Temp\is-EE7GI.tmp\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantinedI did download keyfinder, but I thought that was from bleeping computer. So this could be unrelated to the computers being networked and just the result of downloading keyfinder...?? I have defogger/combofix ready to go.

Report •

#46
April 28, 2013 at 07:20:26
 Start a new thread for the Toshiba, otherwise this will end up an impossible mess.

Report •

#47
April 28, 2013 at 07:32:37

Report •

#48
April 28, 2013 at 07:43:57
 Oops! too late. I'll open one now.

Report •

#49
April 28, 2013 at 08:26:00
 I ran unhide and rebooted. The text file is on the desktop. I downloaded and ran RogueKiller and here is the report:RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRKgmailcomFeedback : http://www.geekstogo.com/forum/file...Website : http://tigzy.geekstogo.com/roguekil...Blog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : JamSang [Admin rights]Mode : Remove -- Date : 04/28/2013 22:24:24| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++--- User ---[MBR] 0e5a150bcd3e5279cf69e919c0968348[BSP] eed3b1b3e8bee6eecbe09b28dc4e4d31 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156249 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 319998736 | Size: 148993 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2]_D_04282013_02d2224.txt >>RKreport[1]_S_04282013_02d2223.txt ; RKreport[2]_D_04282013_02d2224.txt

Report •

#50
April 28, 2013 at 08:38:07
 Good news! The computer restarted without the delay. I tried it twice.

Report •

#51
April 28, 2013 at 08:44:44
 "I ran unhide and rebooted. The text file is on the desktop"Details please.

Report •

#52
April 28, 2013 at 08:47:24

Report •

#53
April 28, 2013 at 19:01:41
 Re-running the scans. I re-downloaded combofix. Here is the defogger/combofix report:ComboFix 13-04-28.01 - JamSang 04/29/2013 8:48.4.2 - x86Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.765.210 [GMT 7:00]Running from: c:\documents and settings\JamSang\My Documents\Downloads\ComboFix.exeAV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}..((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))))))..2013-04-28 15:22 . 2013-04-28 15:22 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys2013-04-28 15:14 . 2013-04-28 15:14 -------- d-----w- c:\program files\7-Zip2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\4shared Desktop2013-04-28 09:56 . 2013-04-28 09:56 -------- d-----w- c:\program files\4shared Desktop2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\program files\Common Files\Skype2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----r- c:\program files\Skype2013-04-28 09:08 . 2013-04-28 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2013-04-28 09:00 . 2013-04-28 09:00 -------- d-----w- c:\program files\Microsoft Silverlight2013-04-28 08:59 . 2006-11-29 06:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll2013-04-28 08:59 . 2013-04-28 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition2013-04-28 08:58 . 2013-04-28 08:58 -------- d-----w- c:\program files\Microsoft2013-04-28 08:57 . 2010-04-16 12:16 4927864 ----a-w- c:\program files\Common Files\Windows Live\.cache\65c82fbe1ce43ee\Silverlight.2.0.exe2013-04-27 18:42 . 2013-04-27 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Caphyon2013-04-27 18:42 . 2013-04-27 18:42 -------- d-sh--w- c:\windows\system32\AI_RecycleBin2013-04-27 18:41 . 2013-04-27 18:41 -------- d-----w- c:\program files\spotflux2013-04-25 09:47 . 2013-04-25 09:47 -------- d-----w- c:\windows\Sun2013-04-25 09:13 . 2013-04-25 09:32 -------- d-----w- C:\TDSSKiller_Quarantine2013-04-24 19:43 . 2013-04-24 19:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-04-24 19:37 . 2013-04-24 19:37 -------- d-----w- c:\program files\SRWare Iron2013-04-24 18:17 . 2013-04-29 01:35 -------- d-----w- c:\windows\system32\CatRoot22013-04-24 18:15 . 2013-04-24 18:40 181064 ----a-w- c:\windows\PSEXESVC.EXE2013-04-24 18:14 . 2013-04-24 18:14 -------- d-----w- C:\RegBackup2013-04-24 18:12 . 2013-04-24 18:12 -------- d-----w- c:\program files\Tweaking.com2013-04-24 14:43 . 2013-04-24 14:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2013-04-24 14:32 . 2013-04-24 14:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2013-04-23 12:06 . 2013-04-23 12:07 -------- d-----w- c:\program files\Magical Jelly Bean2013-04-23 10:05 . 2013-04-24 17:06 -------- d-----w- c:\windows\I3862013-04-23 03:43 . 2001-08-16 23:53 7424 ----a-w- c:\windows\system32\dllcache\adicvls.sys2013-04-23 03:42 . 2008-04-13 15:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys2013-04-23 03:42 . 2001-08-16 22:20 297728 ----a-w- c:\windows\system32\dllcache\ac97sis.sys2013-04-23 03:42 . 2001-08-16 22:20 96256 ----a-w- c:\windows\system32\dllcache\ac97intc.sys2013-04-23 03:42 . 2008-04-13 15:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys2013-04-23 03:42 . 2001-08-16 23:52 23552 ----a-w- c:\windows\system32\dllcache\abp480n5.sys2013-04-23 03:42 . 2001-08-17 08:36 98304 ----a-w- c:\windows\system32\dllcache\a3d.dll2013-04-23 03:42 . 2001-08-17 08:36 462848 ----a-w- c:\windows\system32\dllcache\a3dapi.dll2013-04-23 03:42 . 2001-08-17 00:55 38400 ----a-w- c:\windows\system32\dllcache\8514a.dll2013-04-23 03:42 . 2008-04-13 17:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys2013-04-23 03:42 . 2008-04-13 17:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys2013-04-23 03:42 . 2001-08-17 00:55 689216 ----a-w- c:\windows\system32\dllcache\3dfxvs.dll2013-04-23 03:42 . 2001-08-16 22:48 148352 ----a-w- c:\windows\system32\dllcache\3dfxvsm.sys2013-04-23 03:39 . 2008-04-13 17:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys2013-04-23 03:39 . 2001-08-17 00:06 11264 ----a-w- c:\windows\system32\dllcache\1394vdbg.sys2013-04-23 03:39 . 2001-08-23 00:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll2013-04-23 03:39 . 2001-08-17 00:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll2013-04-23 03:39 . 2001-08-23 00:00 17408 ----a-w- c:\windows\system32\dllcache\nwapi16.dll2013-04-23 03:39 . 2001-08-23 00:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe2013-04-23 03:39 . 2001-08-23 00:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll2013-04-23 03:39 . 2001-08-23 00:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll2013-04-23 03:39 . 2001-08-23 00:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll2013-04-23 03:39 . 2001-08-23 00:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe2013-04-23 03:39 . 2001-08-23 00:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll2013-04-23 03:24 . 2013-04-23 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead2013-04-22 15:07 . 2013-04-28 18:09 -------- d-----w- c:\documents and settings\Indy2013-04-22 14:04 . 2013-04-28 23:25 -------- d-----w- c:\documents and settings\Meow2013-04-22 11:06 . 2013-04-22 11:18 -------- d-----w- c:\program files\Google2013-04-22 10:45 . 2013-04-28 16:35 -------- d-----w- c:\documents and settings\JamSang2013-04-21 22:03 . 2008-04-13 22:42 64000 ----a-w- c:\windows\system32\dllcache\nwapi32.dll2013-04-21 22:03 . 2008-04-13 22:41 68608 ----a-w- c:\windows\system32\dllcache\isatq.dll2013-04-21 22:03 . 2008-04-13 22:41 13312 ----a-w- c:\windows\system32\dllcache\infoadmn.dll2013-04-21 22:03 . 2008-04-13 22:41 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll2013-04-21 22:03 . 2008-04-13 22:41 64512 ----a-w- c:\windows\system32\dllcache\iismap.dll2013-04-21 22:03 . 2008-04-13 22:42 30720 ----a-w- c:\windows\system32\dllcache\iisrstas.exe2013-04-21 22:03 . 2008-04-13 22:41 133632 ----a-w- c:\windows\system32\dllcache\iisrtl.dll2013-04-21 22:03 . 2008-04-13 22:41 46592 ----a-w- c:\windows\system32\dllcache\coadmin.dll2013-04-21 22:03 . 2008-04-13 22:42 8192 ----a-w- c:\windows\system32\dllcache\staxmem.dll2013-04-21 21:59 . 2013-04-21 21:59 -------- d-----w- c:\windows\EHome2013-04-21 21:10 . 2013-04-21 21:10 -------- d-----w- c:\program files\Common Files\Java2013-04-21 21:07 . 2013-04-21 21:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll2013-04-21 21:07 . 2013-04-21 21:07 788896 ----a-w- c:\windows\system32\deployJava1.dll2013-04-21 21:07 . 2013-04-21 21:07 144896 ----a-w- c:\windows\system32\javacpl.cpl2013-04-21 21:07 . 2013-04-21 21:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-04-21 21:07 . 2013-04-21 21:07 -------- d-----w- c:\program files\Java2013-04-21 19:08 . 2012-06-02 08:18 275696 ----a-w- c:\windows\system32\mucltui.dll2013-04-21 18:12 . 2013-04-21 18:32 -------- d-----w- c:\windows\SxsCaPendDel2013-04-21 17:19 . 2013-04-21 17:19 -------- d-----w- c:\windows\ie8updates2013-04-21 17:09 . 2013-04-21 17:09 -------- d-----w- c:\program files\MSECache2013-04-21 16:31 . 2013-04-21 18:16 -------- d-----w- c:\windows\system32\XPSViewer2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\program files\Reference Assemblies2013-04-21 16:30 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- C:\3012f4420958b0b6782013-04-21 16:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll2013-04-21 16:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll2013-04-21 16:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll2013-04-21 16:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe2013-04-21 16:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2013-04-21 15:52 . 2013-03-02 02:06 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll2013-04-21 15:52 . 2013-03-02 02:06 522240 ------w- c:\windows\system32\dllcache\jsdbgui.dll2013-04-21 15:50 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll2013-04-21 15:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll2013-04-21 14:47 . 2013-04-22 14:48 -------- d-----w- c:\windows\$hf_mig$2013-04-21 14:41 . 2012-06-02 08:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys2013-04-20 21:55 . 2008-04-13 10:21 101120 ----a-w- c:\windows\system32\dllcache\bthpan.sys2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys2013-04-20 21:54 . 2008-04-13 10:16 59136 ----a-w- c:\windows\system32\dllcache\rfcomm.sys2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys2013-04-20 21:54 . 2008-04-13 10:16 17024 ----a-w- c:\windows\system32\dllcache\bthenum.sys2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\irftp.exe2013-04-20 21:54 . 2008-04-13 15:42 151552 ----a-w- c:\windows\system32\dllcache\irftp.exe2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\wshirda.dll2013-04-20 21:54 . 2008-04-13 15:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\irmon.dll2013-04-20 21:54 . 2008-04-13 15:41 28160 ----a-w- c:\windows\system32\dllcache\irmon.dll2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS2013-04-20 21:54 . 2008-04-13 10:16 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys2013-04-19 22:00 . 2013-04-19 22:00 5073136 ----a-w- c:\documents and settings\All Users\Application Data\pclunst.exe2013-04-19 22:00 . 2013-04-19 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Baidu Security2013-04-19 21:00 . 2013-04-19 21:00 -------- d-----w- c:\program files\Baidu Security2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\searchplugins2013-04-19 20:58 . 2013-04-19 20:58 -------- d-----w- c:\windows\system32\Extensions2013-04-19 20:09 . 2013-04-19 20:09 -------- d-----w- c:\program files\Common Files\InstallShield2013-04-19 19:13 . 2013-04-19 19:18 2126 ----a-w- c:\windows\system32\drivers\fvstore.dat2013-04-19 19:13 . 2013-04-19 19:13 -------- d-----w- C:\VTRoot2013-04-18 15:24 . 2013-04-28 23:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat2013-04-18 15:22 . 2013-04-18 15:22 -------- d-s---w- c:\documents and settings\All Users\Application Data\Shared Space2013-04-18 15:21 . 2013-04-18 15:21 -------- d-----w- c:\program files\COMODO2013-04-18 15:21 . 2013-04-18 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo2013-04-18 15:20 . 2013-04-18 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-04-18 14:16 . 2013-04-18 14:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware..(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-04-24 19:58 . 2011-03-31 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-03-08 08:36 . 2008-04-14 05:42 293376 ----a-w- c:\windows\system32\winsrv.dll2013-03-07 05:21 . 2013-03-07 05:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys2013-03-07 01:32 . 2008-04-14 00:54 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-07 00:50 . 2008-04-13 17:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-03-02 02:06 . 2008-04-14 05:42 916480 ----a-w- c:\windows\system32\wininet.dll2013-03-02 02:06 . 2008-04-14 05:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-02 02:06 . 2008-04-14 05:41 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-03-02 01:25 . 2008-04-14 01:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-03-02 01:08 . 2008-04-14 00:07 385024 ----a-w- c:\windows\system32\html.iec2013-02-27 07:56 . 2009-11-16 10:58 2067456 ----a-w- c:\windows\system32\mstscax.dll2013-02-12 00:32 . 2008-04-14 00:26 12928 ------w- c:\windows\system32\drivers\usb8023.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Vistadrv"="c:\program files\VistaDrives\vsdrv.exe" [2006-07-29 121089]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 802304]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-12-16 125952]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-04-15 3012816]"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"_nltide_3"="advpack.dll" [2009-03-07 128512].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/15/2013 6:39 PM 18528]R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [4/15/2013 6:39 PM 592384]R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/15/2013 6:39 PM 32816]R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [12/22/2012 5:20 PM 108448]R2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2/24/2013 7:12 AM 125952]R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/22/2012 1:46 AM 144472]R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2/13/2013 3:38 PM 340096]R3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\drivers\tapSF0901.sys [3/7/2013 12:21 PM 33160]S0 SMBALI;SMBALI;c:\windows\system32\drivers\smbali.sys [4/22/2013 5:00 AM 5888]S0 SMBHC;SMBHC;c:\windows\system32\DRIVERS\SMBHC.sys --> c:\windows\system32\DRIVERS\SMBHC.sys [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 7:09 PM 161384]S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2012 1:46 AM 1691480]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys --> c:\windows\system32\DRIVERS\clwvd.sys [?]S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [4/15/2013 6:38 PM 127184]S3 KNZECTIJ;KNZECTIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\KNZECTIJ.exe [?].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-22 11:18 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 19:58].2013-04-29 c:\windows\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-29 c:\windows\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-29 c:\windows\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-29 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-04-15 11:38].2013-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12].2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-22 11:12].2013-04-29 c:\windows\Tasks\User_Feed_Synchronization-{0C0894DE-5483-43D7-9FB3-EA9A58CD62E5}.job- c:\windows\system32\msfeedssync.exe [2009-03-07 21:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/mStart Page = hxxp://start.myplaycity.com/mWindow Title = Microsoft Internet ExplorerIE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ALL_LINKIE: &Download using 4shared Desktop - c:\program files\4shared Desktop\Desktop.32/D_ONE_LINKIE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 10.0.1.1DPF: {EB75A3EF-AF6A-4032-B840-D057A8442A0F} - hxxp://disk.vn/webhard/diskvn.cab..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-04-29 08:56Windows 5.1.2600 Service Pack 3 NTFS.detected NTDLL code modification:ZwClose.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(644)c:\windows\system32\guard32.dllc:\windows\system32\mswsock.dllc:\windows\System32\wshtcpip.dll.- - - - - - - > 'explorer.exe'(2592)c:\windows\system32\WININET.dllc:\windows\system32\guard32.dllc:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllc:\program files\Internet Download Manager\IDMShellExt.dllc:\program files\Internet Download Manager\IDMNetMon.DLLc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\WS2_32.dllc:\windows\system32\WS2HELP.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.- - - - - - - > 'csrss.exe'(560)c:\windows\system32\cmdcsr.dll.Completion time: 2013-04-29 08:59:09ComboFix-quarantined-files.txt 2013-04-29 01:59ComboFix2.txt 2013-04-28 11:14ComboFix3.txt 2013-04-28 09:40.Pre-Run: 142,319,693,824 bytes freePost-Run: 142,321,487,872 bytes free.- - End Of File - - 576FC094BE66AB567F5EE049675F1E35

Report •

#54
April 28, 2013 at 19:06:00

Report •

#55
April 28, 2013 at 19:08:44
 "Re-running the scans. I re-downloaded combofix. Here is the defogger/combofix report:"That's clean.What sort of comp is this?Do you have the recovery disks?

Report •

#56
April 28, 2013 at 19:11:51
 Post #54That's also Clean.

Report •

#57
April 28, 2013 at 19:13:17

Report •

#58
April 28, 2013 at 19:16:59
 RogueKiller: RogueKiller V8.5.4 [Mar 18 2013] by Tigzymail : tigzyRKgmailcomFeedback : http://www.geekstogo.com/forum/file...Website : http://tigzy.geekstogo.com/roguekil...Blog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : JamSang [Admin rights]Mode : Remove -- Date : 04/29/2013 09:16:12| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++--- User ---[MBR] 0e5a150bcd3e5279cf69e919c0968348[BSP] eed3b1b3e8bee6eecbe09b28dc4e4d31 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156249 Mo1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 319998736 | Size: 148993 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[4]_D_04292013_02d0916.txt >>RKreport[1]_S_04282013_02d2223.txt ; RKreport[2]_D_04282013_02d2224.txt ; RKreport[3]_S_04292013_02d0915.txt ; RKreport[4]_D_04292013_02d0916.txt

Report •

#59
April 28, 2013 at 19:25:01
 I'll do ESET now as you posted on the other feed.

Report •

#60
April 28, 2013 at 19:26:31
 http://www.svoa.co.th

Report •

#61
April 28, 2013 at 19:30:53
 Still not clean... I'm watching the scan and Win32/Toolbar.Babylon.E just popped up. I'll post the report when it wraps up... in about 45 minutes.

Report •

#62
April 28, 2013 at 19:33:09
 Someone is not being careful installing programs, it is no longer a matter of click, click.A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install.Example post #57 > 4shared Tools

Report •

#63
April 28, 2013 at 19:37:18
 I'm usually pretty careful with that and avoid all browser add-ons. I must have missed something there... BTW the Line download was from one of the safe sites that are out there. I will reload that later after svoa is deemed clean.

Report •

#64
April 28, 2013 at 19:42:39
 Re svoa, I thought that was your abreviation ( nickname )http://www.svoa.co.th/See if the recovery disks are available.download svoa recovery disks ( I did'nt know the model number )http://is.gd/f4inQb

Report •

#65
April 28, 2013 at 19:56:16
 Okay, I will check. This model is ISIS M745S C2D21000. Meanwhile... 7 total malware found. The new ones are variants of Win32/SoftonicDownloader.E.

Report •

#66
April 28, 2013 at 19:58:31
 I meant to type IRIS not ISIS.

Report •

#67
April 28, 2013 at 20:09:24
 Other keywords for a Google search.svoa how to make recovery disks

Report •

#68
April 28, 2013 at 20:13:33
 Not finding anything under those searches for the recovery disks.

Report •

#69
April 28, 2013 at 20:17:56
 ESET:C:\Documents and Settings\All Users\Application Data\Comodo\Cis\Quarantine\data\{C46EA4F1-447B-4CE3-AEC8-F8DB1F41B874} a variant of Win32/Toolbar.Babylon.E application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc13.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc14.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc4.exe a variant of Win32/4Shared.C application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc6.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc7.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantinedC:\RECYCLER\S-1-5-21-1715567821-261903793-1606980848-1005\Dc8.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

Report •

#70
April 28, 2013 at 20:23:45
 Post #69They are all fine, you probably haven't emptied the recycle bin or cleaned out your quarantined files.

Report •

#71
April 28, 2013 at 20:25:21
 Now do scans with Comodo & Malwarebytes ( MBAM )Quick scan is OK.

Report •

#72
April 28, 2013 at 20:28:54
 Okay, I emptied recycle bin. Can I delete RK Quarantine folder on desktop? I have updated and am running Malwarebytes now.

Report •

#73
April 28, 2013 at 20:32:06
 "Can I delete RK Quarantine folder on desktop?"Yep, wait for MBAM to finish & delete anything that is quarantined.

Report •

#74
April 28, 2013 at 20:32:21
 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.04.29.01Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702JamSang :: JAMSANGBANG [administrator]4/29/2013 10:27:43 AMmbam-log-2013-04-29 (10-27-43).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 267778Time elapsed: 4 minute(s), 2 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

Report •

#75
April 28, 2013 at 20:37:23
 Zero found with Comodo. No txt file report generated for that one I guess. I deleted RK folder and the recycle bin again.

Report •

#76
April 28, 2013 at 20:39:31

Report •

#77
April 28, 2013 at 20:42:18
 ListParts by Farbar Version: 27-04-2013Ran by JamSang (administrator) on 29-04-2013 at 10:41:30Windows XP (X86)Running From: C:\Documents and Settings\JamSang\My Documents\DownloadsLanguage: 0409************************************************************========================= Memory info ====================== Percentage of memory in use: 73%Total physical RAM: 765.1 MBAvailable physical RAM: 199.48 MBTotal Pagefile: 1873.96 MBAvailable Pagefile: 1233.22 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1995.64 MB======================= Partitions =========================1 Drive c: (XP-PRO) (Fixed) (Total:152.59 GB) (Free:133.42 GB) NTFS ==>[Drive with boot components (Windows XP)]2 Drive d: () (Fixed) (Total:145.5 GB) (Free:134.52 GB) NTFSThe disk management services could not complete the operation.============================== MBR Partition Table ==================****** End Of Log ******

Report •

#78
April 28, 2013 at 20:48:23
 "2 Drive d: () (Fixed) (Total:145.5 GB) (Free:134.52 GB) NTFSThe disk management services could not complete the operation"Do you know what is on Drive 2?Is it a partition or a separate drive?

Report •

#79
April 28, 2013 at 20:51:50
 Games. Partition I believe... doubt this has two drives.

Report •

#80
April 28, 2013 at 20:55:01
 Click on D drive & have a look please.A separate drive if it has one, is an USB plug in.

Report •

#81
April 28, 2013 at 21:01:45
D partition local drive
 See attached screen capture of the folder for d.

Report •

#82
April 28, 2013 at 21:13:54
 Nice work."The disk management services could not complete the operation"I think we have a problem with Windows Updates.Let me have a look at what is available via Custom Updates. Don't do any updates yet.

Report •

#83
April 28, 2013 at 21:19:12
 I clicked on the link in the program menu and this window popped up. First time to see this.

Report •

#84
April 28, 2013 at 21:25:53
Update of the Windows Update process
 BTW when I first started looking at this laptop this was one of the first things I noticed. Update was apparently never turned on. I had to download many many updates.

Report •

#85
April 28, 2013 at 21:27:27

Report •

#86
April 28, 2013 at 21:29:39
 I didn't click update... express or custom.

Report •

#87
April 28, 2013 at 21:34:02
 I was just doing SS's.Post #82Let me have a look at what is available via Custom Updates. Don't do any updates yet.

Report •

#88
April 28, 2013 at 21:42:18
 Here is the capture I think you wanted.

Report •

#89
April 28, 2013 at 22:02:43
 Thanks.http://i.imgur.com/vPZeJKf.gif

Report •

#90
April 28, 2013 at 22:39:39
hardware scr cap
 Here is the requested capture.

Report •

#91
April 28, 2013 at 23:07:48
 Thanks, you can update that driver, offers better security.Still no answer for > "The disk management services could not complete the operation"

Report •

#92
April 28, 2013 at 23:08:43
 Update & Run TDSSKiller again. Post the contents of the log. Delete anything in quarantine when finished.

Report •

#93
April 28, 2013 at 23:46:18

Report •

#94
April 28, 2013 at 23:46:54

Report •

#95
April 28, 2013 at 23:47:21
 13:43:51.0687 3840 tapSF0901 - ok13:43:51.0734 3840 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys13:43:51.0750 3840 Tcpip - ok13:43:51.0796 3840 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys13:43:51.0796 3840 TDPIPE - ok13:43:51.0812 3840 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys13:43:51.0828 3840 TDTCP - ok13:43:51.0843 3840 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys13:43:51.0859 3840 TermDD - ok13:43:51.0875 3840 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll13:43:51.0906 3840 TermService - ok13:43:51.0921 3840 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll13:43:51.0937 3840 Themes - ok13:43:51.0968 3840 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe13:43:51.0984 3840 TlntSvr - ok13:43:52.0000 3840 TosIde - ok13:43:52.0031 3840 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll13:43:52.0046 3840 TrkWks - ok13:43:52.0093 3840 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys13:43:52.0093 3840 uagp35 - ok13:43:52.0109 3840 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys13:43:52.0125 3840 Udfs - ok13:43:52.0140 3840 ultra - ok13:43:52.0203 3840 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys13:43:52.0234 3840 Update - ok13:43:52.0281 3840 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll13:43:52.0281 3840 upnphost - ok13:43:52.0312 3840 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe13:43:52.0328 3840 UPS - ok13:43:52.0359 3840 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys13:43:52.0375 3840 usbccgp - ok13:43:52.0406 3840 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys13:43:52.0406 3840 usbehci - ok13:43:52.0421 3840 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys13:43:52.0453 3840 usbhub - ok13:43:52.0484 3840 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys13:43:52.0484 3840 usbohci - ok13:43:52.0515 3840 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS13:43:52.0515 3840 USBSTOR - ok13:43:52.0546 3840 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys13:43:52.0546 3840 usbuhci - ok13:43:52.0578 3840 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys13:43:52.0593 3840 usbvideo - ok13:43:52.0625 3840 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys13:43:52.0625 3840 VgaSave - ok13:43:52.0640 3840 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys13:43:52.0656 3840 VolSnap - ok13:43:52.0687 3840 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe13:43:52.0687 3840 VSS - ok13:43:52.0718 3840 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll13:43:52.0734 3840 W32Time - ok13:43:52.0765 3840 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys13:43:52.0781 3840 Wanarp - ok13:43:52.0796 3840 WDICA - ok13:43:52.0859 3840 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys13:43:52.0875 3840 wdmaud - ok13:43:52.0906 3840 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll13:43:52.0937 3840 WebClient - ok13:43:53.0015 3840 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll13:43:53.0031 3840 winmgmt - ok13:43:53.0093 3840 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll13:43:53.0203 3840 WmdmPmSN - ok13:43:53.0250 3840 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll13:43:53.0250 3840 Wmi - ok13:43:53.0265 3840 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys13:43:53.0281 3840 WmiAcpi - ok13:43:53.0328 3840 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe13:43:53.0328 3840 WmiApSrv - ok13:43:53.0390 3840 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe13:43:53.0562 3840 WMPNetworkSvc - ok13:43:53.0593 3840 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys13:43:53.0609 3840 WS2IFSL - ok13:43:53.0656 3840 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll13:43:53.0656 3840 wscsvc - ok13:43:53.0687 3840 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS13:43:53.0703 3840 WSTCODEC - ok13:43:53.0734 3840 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll13:43:53.0750 3840 wuauserv - ok13:43:53.0796 3840 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys13:43:53.0796 3840 WudfPf - ok13:43:53.0828 3840 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll13:43:53.0828 3840 WudfSvc - ok13:43:53.0875 3840 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll13:43:53.0890 3840 WZCSVC - ok13:43:53.0921 3840 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll13:43:53.0937 3840 xmlprov - ok13:43:53.0968 3840 ================ Scan global ===============================13:43:54.0000 3840 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll13:43:54.0031 3840 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll13:43:54.0046 3840 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll13:43:54.0078 3840 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe13:43:54.0078 3840 [Global] - ok13:43:54.0078 3840 ================ Scan MBR ==================================13:43:54.0093 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR013:43:54.0265 3840 \Device\Harddisk0\DR0 - ok13:43:54.0265 3840 ================ Scan VBR ==================================13:43:54.0265 3840 [ 735EF57E1F455043D14D3DEF56679F44 ] \Device\Harddisk0\DR0\Partition113:43:54.0265 3840 \Device\Harddisk0\DR0\Partition1 - ok13:43:54.0296 3840 [ A1C94512EAD156266D1B3E71FD53C376 ] \Device\Harddisk0\DR0\Partition213:43:54.0296 3840 \Device\Harddisk0\DR0\Partition2 - ok13:43:54.0296 3840 ============================================================13:43:54.0296 3840 Scan finished13:43:54.0296 3840 ============================================================13:43:54.0328 1692 Detected object count: 013:43:54.0328 1692 Actual detected object count: 0

Report •

#96
April 28, 2013 at 23:59:01
 #93/#94/#95Clean.Listparts1: Restart the computer. Any messages after the reboot?2: Delete your copy of ListParts and download the latest ListParts and this time put in on the root of C drive (start => My Computer => C drive). Run ListParts and post the log.RebootRun ListParts and post the log.

Report •

#97
April 29, 2013 at 00:03:40
 You want me to download the file to the root drive c: correct?

Report •

#98
April 29, 2013 at 00:05:44
 "You want me to download the file to the root drive c: correct?"Correct

Report •

#99
April 29, 2013 at 00:12:20
 No messages after the reboot. Here is List:ListParts by Farbar Version: 27-04-2013Ran by JamSang (administrator) on 29-04-2013 at 14:11:51Windows XP (X86)Running From: C:\Language: 0409************************************************************========================= Memory info ====================== Percentage of memory in use: 92%Total physical RAM: 765.1 MBAvailable physical RAM: 59.77 MBTotal Pagefile: 1873.96 MBAvailable Pagefile: 1033.36 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1996.14 MB======================= Partitions =========================1 Drive c: (XP-PRO) (Fixed) (Total:152.59 GB) (Free:133.37 GB) NTFS ==>[Drive with boot components (Windows XP)]2 Drive d: () (Fixed) (Total:145.5 GB) (Free:134.52 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 153 GB 32 KB Partition 2 Extended 146 GB 153 GB Partition 3 Logical 146 GB 153 GB======================================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 C XP-PRO NTFS Partition 153 GB Healthy System (partition with boot components) ======================================================================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 D NTFS Partition 146 GB Healthy ==================================================================================================================================== MBR Partition Table ================================================Partitions of Disk 0:===============Disk ID: F0B1EBB0Partition 1: (Active) - (Size=153 GB) - (Type=07) (NTFS)Partition 2: (Not Active) - (Size=146 GB) - (Type=OF) (Extended)****** End Of Log ******

Report •

#100
April 29, 2013 at 00:16:54

Report •

#101
April 29, 2013 at 00:19:47
 Results of screen317's Security Check version 0.99.63 Windows XP Service Pack 3 x86 Internet Explorer 8 [b][u]Antivirus/Firewall Check:[/b][/u] Windows Firewall Enabled! COMODO Antivirus Antivirus up to date! (On Access scanning [b]disabled[/b]!) [b][u]Anti-malware/Other Utilities Check:[/b][/u] Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.169 Adobe Reader XI Google Chrome 26.0.1410.64 [b][u]Process Check: objlist.exe by Laurent[/b][/u] Comodo Firewall cmdagent.exe [b][u]System Health check[/b][/u] Total Fragmentation on Drive C:: 2% [b][u]End of Log[/b][/u]

Report •

#102
April 29, 2013 at 00:26:06
 Do you want me to run that with comodo on?

Report •

#103
April 29, 2013 at 00:33:08
 "Do you want me to run that with comodo on?"That was Ok, got the result I wanted, everything is up to date.Run TFChttp://www.geekstogo.com/forum/file...http://oldtimer.geekstogo.com/TFC.exehttp://www.itxassociates.com/OT-Too...Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Report •

#104
April 29, 2013 at 00:40:28
 Done and rebooted with no messages or issues.

Report •

#105
April 29, 2013 at 00:41:49
 Beautiful.System Restore will have infected files in it, turning System Restore OFF & then ON will remove them.Windows XPhttp://support.microsoft.com/kb/310...

Report •

#106
April 29, 2013 at 00:45:02
 That webpage has nothing on it. I went to system and clicked on system restore. I clicked the turn off system restore on all drives box. I hit apply and then close. I reopened and unclicked the box and hit apply and then close. Good?

Report •

#107
April 29, 2013 at 00:47:53
 Forgot to say. Start > My Computer > right click & select Properties.Select System Restore & untick > Turn off System Restore on all drives ( If partitioned or more than one drive installed )Select the drive with the operating system on, click Settings & set it on Min.Any other drive or partition, click Settings & tick > Turn off System Restore on this drive.http://img858.imageshack.us/g/syste...

Report •

#108
April 29, 2013 at 00:51:17
 Okay... I did that.

Report •

#109
April 29, 2013 at 00:52:33
 "That webpage has nothing on it"Does for me, we may have some repairing to do.Try this first.Run Chkdsk chkdsk /p /r again.Obtaining CHKDSK Results ( log file )http://www.cpucare.net/OS/XP/Viewin...How to get to Event Viewer.In Windows XP there are four ways to get to event viewer.Start > Control Panel > Administrative Tools > Event Viewer.Right click > My Computer > Manage > Event Viewer.Start > Run > Eventvwr. Start > All Programs > Accessories > Command Prompt, paste > Eventvwr & hit Enter.Obtaining CHKDSK ResultsOnce Event Viewer is open, select Application. The 4th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column. Scroll through the Source column to find the most recent entry titled Winlogon.Double-click Winlogon to open the CHKDSK results.Or,Go to Start > Run and copy/paste >cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"Press OK. A command window will open, and a check of your disk will run. When that finishes, it will create a checkhd.txt log on your desktop. The check disk will take a while to run, so please be patient.

Report •

#110
April 29, 2013 at 00:55:20
 To run chkdsk I can do the command in the cmd window, right? Or do I have to go into Windows repair to launch it?

Report •

#111
April 29, 2013 at 00:59:29

Report •

#112
April 29, 2013 at 01:05:02

Report •

#113
April 29, 2013 at 01:08:32
 Continue with Chkdsk, that was my final test."To run chkdsk I can do the command in the cmd window, right?"Yep. Same way as in post #8

Report •

#114
April 29, 2013 at 01:09:30
 when i put in chkdsk /p /r it said that it was not correct. Should it be chkdsk c: /p /r ??

Report •

#115
April 29, 2013 at 01:17:23
 "Should it be chkdsk c: /p /r ??"I've never used that command, because you said in posts #8 & #9, I suggested it again, so you would be comfortable with it.Do you want other ways?

Report •

#116
April 29, 2013 at 01:20:27
 Ahhh okay. Yeah, I found the windows doc I read before and remembered it has to be run from the recovery console. I am running it now.

Report •

#117
April 29, 2013 at 02:04:57
 Event Type: InformationEvent Source: WinlogonEvent Category: NoneEvent ID: 1001Date: 4/29/2013Time: 4:01:48 PMUser: N/AComputer: JAMSANGBANGDescription:Checking file system on \DosDevices\C:The type of the file system is NTFS.Volume label is XP-PRO.Cleaning up minor inconsistencies on the drive.Cleaning up 124 unused index entries from index $SII of file 0x9.Cleaning up 124 unused index entries from index$SDH of file 0x9.Cleaning up 124 unused security descriptors.CHKDSK is verifying Usn Journal...Usn Journal verification completed.CHKDSK is verifying file data (stage 4 of 5)...File data verification completed.CHKDSK is verifying free space (stage 5 of 5)...Free space verification is complete. 159999335 KB total disk space. 18578164 KB in 52141 files. 16460 KB in 5370 indexes. 0 KB in bad sectors. 204479 KB in use by the system. 65536 KB occupied by the log file. 141200232 KB available on disk. 4096 bytes in each allocation unit. 39999833 total allocation units on disk. 35300058 allocation units available on disk.Internal Info:30 e3 01 00 b3 e0 00 00 8e 2a 01 00 00 00 00 00 0........*......e3 00 00 00 02 00 00 00 cc 03 00 00 00 00 00 00 ................98 a3 27 01 00 00 00 00 f4 c0 59 19 00 00 00 00 ..'.......Y.....9a 07 b1 02 00 00 00 00 aa 7e cf 56 01 00 00 00 .........~.V....30 be 38 6b 04 00 00 00 bc 49 a0 e0 05 00 00 00 0.8k.....I......99 9e 36 00 00 00 00 00 c0 39 07 00 ad cb 00 00 ..6......9......00 00 00 00 00 d0 eb 6d 04 00 00 00 fa 14 00 00 .......m........For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...

Report •

#118
April 29, 2013 at 02:14:34
 Very good result.Forgot these, I use them on every comp I work on. Use on both comps.Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.http://www.softpedia.com/get/System...http://www.softpedia.com/progScreen...http://www.wisecleaner.com/download...Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.http://www.softpedia.com/get/Tweak/...http://www.softpedia.com/progScreen...http://www.wisecleaner.com/wiseregi...

Report •

#119
April 29, 2013 at 02:25:02
 Okay, I did that on the XP. I'll do mine later.

Report •

#120
April 29, 2013 at 02:33:09
 Okay, I can turn on windows updates again?

Report •

#121
April 29, 2013 at 02:34:06
 All being well it should now be flying, almost like a clean install.Finally."I clicked on the link in the program menu and this window popped up. First time to see this"If Internet Explorer has any glitches, use this & check > Repair Internet ExplorerTweaking.com - Windows Repair http://www.softpedia.com/get/Tweak/...http://www.softpedia.com/progScreen...http://www.tweaking.com/http://www.tweaking.com/content/pag...

Report •

#122
April 29, 2013 at 02:37:11
 "Okay, I can turn on windows updates again?'Yep & uninstall Combofix.

Report •

#123
April 29, 2013 at 02:37:21
 And I'll download LINE again from one of the sites you suggested.

Report •

#124
April 29, 2013 at 02:45:47
 Also, I just noticed a file called iMesh in the downloads. I know I did not download that program, so the owner must have done that. Is there a safe version of iMesh out there?

Report •

#125
April 29, 2013 at 02:56:22

Report •

#126
April 29, 2013 at 06:18:07
 "Let me know if you know about iMesh"Sorry, don't know anything about iMesh.

Report •

#127
April 30, 2013 at 03:49:50
 Okay thanks. I'll check around.

Report •