Author Topic: [Resolved] XP Home Security 2012 & redirects  (Read 2091 times)

0 Members and 1 Guest are viewing this topic.

Offline jskeezy84

  • Bronze Member
  • Posts: 9
[Resolved] XP Home Security 2012 & redirects
« on: December 12, 2011, 04:26:05 pm »
Infected with "XP Home Security 2012."  Started getting a prompt telling me that I have viruses and what not and this "program" wants me to buy a membership. I went to bleeping computer and followed the malware removal work through: restart in safe mode, FixNCR registry edit, rKill.exe, malwarebytes - which found and deleted things, did a reboot, ran spybot S&D, then immunized, then reboot ) However, after all that I'm getting web page redirects. I'm guessing I either missed a step or there are more viruses.  Also, I down loaded Peer Guardian2 thinking it would act as a great firewall but I really don't know if I'm using it right, so there for I might be more vulnerable. Do I remove peer gaurdian2 as well? Thanks ahead of time for your assistance.

My log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:06:05 PM, on 12/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287155969421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
O17 - HKLM\System\CS3\Services\Tcpip\..\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe

--
End of file - 13104 bytes
« Last Edit: December 12, 2011, 04:33:14 pm by 1972vet »



Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Resolved] XP Home Security 2012 & redirects
« Reply #1 on: December 12, 2011, 04:35:15 pm »
Greetings jskeezy84 and Welcome to our Forums,

Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
     If you encounter any problems while downloading the updates, manually download them from here
    and just double-click on mbam-rules.exe to install.

  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected then click on the Scan button.
    • The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Exit MBAM. Please remember to copy and paste the contents of that report in your next reply.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
     Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #2 on: December 12, 2011, 05:27:06 pm »
    thanks for your response. I guess the full scan in safe mode didn't get everything after all.

    Quick scan log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8360

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/12/2011 5:23:34 PM
    mbam-log-2011-12-12 (17-23-34).txt

    Scan type: Quick scan
    Objects scanned: 195663
    Time elapsed: 2 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\Temp\nnnv0.12204415791427325.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\nnnv0.14340473057561365.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\nnnv0.6364243696043065.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\gggf0.10242714584186352.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\gggf0.5155846192760242.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.5914461544439042.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Offline 1972vet

    • Microsoft® MVP
    • Malware Removal Staff
    • Diamond Member
    • Posts: 8290
    • Patience is bitter indeed, but its fruit is sweet.
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #3 on: December 12, 2011, 07:45:29 pm »
    Great, thanks! Yes, uninstall the peer guardian, then please do this:
    isable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
    Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
    Double click dds.scr to run the tool
    • When it completes, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt
    • Save both reports to your desktop.
    Next, Download GMER from the following location and save it to your desktop.

    GMER Download Link 1
    GMER Download Link 2 (Only use if the previous link does not work)

    • Right-click on the gmer.zip icon and select the Extract all... menu option. You should now see the gmer folder.
    • Open the folder and double-click on the gmer.exe icon. Please "ok" any prompts to allow the program to start.
    • You should now see the main GMER window. If you receive a warning about rootkit activity asking if you want to run a full scan, please click on the NO button.
    • We now need to configure GMER to prevent some features from being used during the scan. Please uncheck the following settings (we do NOT want to see these in our scan):
      • IAT/EAT
      • Drives/Partition other than Systemdrive,[/b]  which is typically C:\
      • Show All <--Important. Don't miss this one
    • Now that you have removed the check marks from the boxes for those items listed above, please click the Scan button.
      This scan may take quite some time, so please be patient. When it has finished, you will be back at the main screen.

    • Please click on the Save... button and save the report to your desktop. Please name the saved file ark.txt

    • Please do not act on any of the information in this report. Many legitimate programs could be listed there.
    • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

    Please remember to include the following logs in your next reply.
    • DDS.txt
    • Attach.txt
    • ARK.txt
    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #4 on: December 13, 2011, 07:03:33 pm »
    Update: this will be in the form of two posts due to character limit.

    Currently I can only work from safe mode, and please bare with my formatting.

    1. Uninstalled Peer Gaurdian2 then got the following prompt (dont know if this is important but here you go):

             16 bit MS-DOS Subsystem
                  C:\WINDOWS\Temp\_ex-68.exe
                  The NTVDM CPU has encountered an illegal instruction.
                  CS:055f IP:fff9 OP:ff ff 01 5f 00   choose 'Close' to terminate the application

    2. Next I ran dds.scr, here is that log:  


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
    Run by Jskeezy at 10:16:14 on 2011-12-13
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3326.2406 [GMT -6:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
    C:\Program Files\Linksys\WMP110\WMP110.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\dgdersvc.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Linksys\WMP110\gtwpssrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Linksys\WMP110\WLSngS.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\System32\ping.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [AdobeBridge]
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [GEST] m‘|\ü
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [<NO NAME>]
    mRun: [CrazyTalk Serve] rundll32.exe c:\windows\system32\CrazyTalk.dll,DllServeMediaFile
    mRun: [WMP110] c:\program files\linksys\wmp110\WMP110.exe
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\jskeezy\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287155969421
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE} : NameServer = 76.85.229.110,76.85.229.111
    TCP: Interfaces\{3BBCDC99-FE11-43F3-8358-3D0DC485693F} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    TCP: Interfaces\{6FB925CB-ADAF-40EF-AA4E-19C924499225} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jskeezy\application data\mozilla\firefox\profiles\64rp41ew.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: e:\mozilla plugins\npitunes.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2008-9-8 18336]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
    R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-10-1 20072]
    R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-7-26 95568]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-15 217088]
    R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-30 80392]
    R2 GTWPSService;GTWPSSRV;c:\program files\linksys\wmp110\gtwpssrv.exe [2009-4-27 34816]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-14 5010288]
    R2 WLSng Service;WLSng Service;c:\program files\linksys\wmp110\WLSngS.exe [2009-4-27 233472]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-7-26 18136]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-15 36640]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-4-27 57344]
    R3 WMP110v2;Linksys WMP110 RangePlus Wireless PCI Adapter Wireless Driver;c:\windows\system32\drivers\WMP110v2.sys [2009-4-27 625024]
    RUnknown 5689;5689;

    S0 axwe;axwe;c:\windows\system32\drivers\cppudiba.sys --> c:\windows\system32\drivers\cppudiba.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 135664]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-25 1691480]
    S3 CrystalCpuInfo;CrystalCpuInfo;c:\program files\occt\CpuInfo.sys [2003-11-25 3151]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 135664]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\linksys\wmp110\jswpsapi.exe [2009-4-27 352338]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-15 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-15 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-15 121576]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-14 16168]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-27 17:51:30   --------   d-----w-   c:\windows\system32\Adobe
    2011-11-15 17:36:08   --------   d-----w-   c:\documents and settings\jskeezy\application data\Malwarebytes
    2011-11-15 17:36:04   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
    2011-11-15 17:36:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2011-11-15 17:36:00   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2011-11-15 17:27:46   --------   d-----w-   c:\program files\F30E1
    2011-11-15 17:27:15   --------   d-----w-   c:\documents and settings\jskeezy\application data\48FF3
    2011-11-15 17:27:14   --------   d-----w-   c:\program files\LP
    2011-11-15 17:26:54   --------   d-----w-   c:\documents and settings\jskeezy\application data\KYYCCwkIVrlOtx0
    2011-11-15 17:26:54   --------   d-----w-   c:\documents and settings\jskeezy\application data\fH55sWWJ7dE8gZq
    2011-11-15 17:26:50   --------   d-----w-   c:\documents and settings\jskeezy\application data\shYYCCwkUVrlNtP
    2011-11-15 17:26:50   --------   d-----w-   c:\documents and settings\jskeezy\application data\EtttzPPNycAiv2o
    .
    ==================== Find3M  ====================
    .
    2011-12-13 15:41:10   16608   ----a-w-   c:\windows\gdrv.sys
    2011-11-24 17:24:58   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 20:09:37   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
    2011-10-17 18:19:07   138160   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
    2011-10-17 18:18:59   271200   ----a-w-   c:\windows\system32\PnkBstrB.xtr
    2011-10-17 18:18:59   271200   ----a-w-   c:\windows\system32\PnkBstrB.exe
    2011-10-17 18:14:35   215104   ----a-w-   c:\windows\system32\PnkBstrB.ex0
    2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
    2009-02-25 05:44:52   36868   ----a-w-   c:\program files\uninst-Particular.exe
    .
    ============= FINISH: 10:16:29.54 ===============




    attach log:



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/30/2009 5:06:29 AM
    System Uptime: 12/13/2011 9:40:35 AM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. |  | EP45T-UD3P
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 140 GiB total, 3.603 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 140 GiB total, 25.261 GiB free.
    F: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: ATI Function Driver for High Definition Audio - ATI AA01
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&260D9ED0&0&0001
    Manufacturer: ATI
    Name: ATI Function Driver for High Definition Audio - ATI AA01
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&260D9ED0&0&0001
    Service: AtiHdmiService
    .
    ==== System Restore Points ===================
    .
    RP535: 9/14/2011 3:58:56 PM - Software Distribution Service 3.0
    RP536: 9/16/2011 12:07:28 PM - System Checkpoint
    RP537: 9/30/2011 11:58:00 AM - System Checkpoint
    RP538: 9/30/2011 3:12:09 PM - Software Distribution Service 3.0
    RP539: 9/30/2011 3:29:58 PM - Installed DirectX
    RP540: 10/4/2011 11:27:33 AM - System Checkpoint
    RP541: 10/5/2011 3:00:13 AM - Software Distribution Service 3.0
    RP542: 10/7/2011 2:29:44 PM - System Checkpoint
    RP543: 10/8/2011 6:41:13 PM - System Checkpoint
    RP544: 10/12/2011 3:26:33 PM - System Checkpoint
    RP545: 10/14/2011 9:29:00 AM - System Checkpoint
    RP546: 10/17/2011 8:39:22 AM - Software Distribution Service 3.0
    RP547: 10/18/2011 1:15:44 PM - System Checkpoint
    RP548: 10/19/2011 1:15:59 PM - System Checkpoint
    RP549: 10/24/2011 10:17:47 AM - System Checkpoint
    RP550: 10/25/2011 11:57:02 AM - System Checkpoint
    RP551: 10/28/2011 9:19:13 AM - System Checkpoint
    RP552: 10/30/2011 10:11:30 AM - System Checkpoint
    RP553: 11/12/2011 6:47:42 PM - Software Distribution Service 3.0
    RP554: 11/24/2011 11:48:06 AM - System Checkpoint
    RP555: 11/27/2011 1:26:43 PM - System Checkpoint
    RP556: 11/28/2011 2:48:13 PM - System Checkpoint
    RP557: 12/5/2011 10:27:23 AM - System Checkpoint
    RP558: 12/12/2011 11:56:29 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    @BIOS Ver.2.03
    3ivx MPEG-4 5.0.3 (remove only)
    AAC Decoder
    Acrobat.com
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.5 - CPSID_83708
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Template Projects & Footage
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge 1.0
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CS4 American English Speech Analysis Models
    Adobe CS4 International English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe Encore CS4 Library
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Photoshop Lightroom 2.6
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.4.5
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11.6
    Adobe SING CS4
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Age of Conan - Hyborian Adventures
    AiO_Scan_CDA
    AiOSoftwareNPI
    Alias DirectConnect 2.0
    America's Army 3
    AnimationMentor Shelf
    AOL Instant Messenger
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArmA Uninstall
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    AutoUpdate
    Battlefield 2(TM)
    Battlefield: Bad Company™ 2
    BattlEye Uninstall
    Bonjour
    Browser Configuration Utility
    BufferChm
    Call of Duty 2
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Compatibility Pack for the 2007 Office system
    Connect
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CPUID HWMonitor 1.16
    Critical Update for Windows Media Player 11 (KB959772)
    CyberLink PowerDVD8
    Data Lifeguard Tools
    DeadAIM
    Destinations
    DeviceManagementQFolder
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    DMIView B8.0717.01
    DocProc
    Energy Saver Advance B8.0905.1
    eSupportQFolder
    F300
    F300_Help
    F300Trb
    Fax_CDA
    File Uploader
    FlipShare
    Gigabyte Raid Configurer
    Google Toolbar for Internet Explorer
    Google Update Helper
    H.264 Decoder
    High Definition Audio Driver Package - KB888111
    HiJackThis
    HijackThis 2.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 6.1
    HP Photosmart Essential
    HP Product Assistant
    HP PSC & OfficeJet 6.1.A
    HP Solution Center and Imaging Support Tools 6.1
    HP Update
    HPProductAssistant
    Intel(R) Processor ID Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Kies
    kuler
    L&H TTS3000 British English
    Left 4 Dead
    Linksys WMP110 RangePlus Wireless PCI Adapter
    Logitech SetPoint
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia HomeSite+
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Maya 8.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Word Viewer 2003
    Microsoft Speech Recognition Engine 4.0 (English)
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Microsoft Xbox 360 Accessories 1.1
    MKV Splitter
    Mozilla Firefox (3.6.24)
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    Mumble 1.2.3
    MyFreeCodec
    Need for Speed™ SHIFT
    NewCopy_CDA
    Nikon Message Center
    Nikon Transfer
    NVIDIA PhysX
    OCCT v0.91
    OpenAL
    OpenOffice.org 3.1
    Origin
    OutlookAddInNet3Setup
    PDF Settings CS4
    Photoshop Camera Raw
    Picasa 3
    Picture Control Utility
    Pixel Bender Toolkit
    Portal
    Power Tab Editor 1.7
    Prime95
    ProductContextNPI
    Project Reality 0856 Core
    Project Reality 0856 Levels
    Project Reality 0860 Patch
    PunkBuster Services
    QuickTime
    Ray Adams ATI Tray Tools
    Readme
    RealPlayer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Red Alert Windows 95
    SAMSUNG USB Driver for Mobile Phones
    Scan
    ScannerCopy
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sentinel System Driver
    Sid Meier's Civilization V
    Sierra Utilities
    SolutionCenter
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Status
    Steam
    Suite Shared Configuration CS4
    swMSM
    Toolbox
    TopStyle Lite (Version 3.0)
    Trapcode 3DStroke
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Manager B08.0905.1
    VC80CRTRedist - 8.0.50727.762
    Ventrilo Client
    ViewNX
    Viewpoint Media Player
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    Wacom Tablet
    WebFldrs XP
    WebReg
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Winamp
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
    Windows Essentials Media Codec Pack 2.3
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/12/2011 9:08:46 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    12/12/2011 9:00:20 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atitray Fips intelppm
    12/12/2011 4:19:58 PM, error: Service Control Manager [7023]  - The Network Location Awareness (NLA) service terminated with the following error:  The specified procedure could not be found.
    12/12/2011 11:38:05 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    12/12/2011 10:25:29 AM, error: Service Control Manager [7000]  - The DS1410D service failed to start due to the following error:  The system cannot find the file specified.
    12/12/2011 10:24:02 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/12/2011 10:09:28 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atitray Fips intelppm ohci1394
    12/12/2011 10:08:01 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
    .
    ==== End Of File ===========================


    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #5 on: December 13, 2011, 07:04:24 pm »


    3. then I ran GMER and immediately got a BSOD, had to boot into safe mode because my pc kept rebooting.

    4. in safe mode I ran Malwarebytes thinking I could eradicate what ever is keeping me from booting into windows, here is the log:




    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8365

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    12/13/2011 10:40:17 AM
    mbam-log-2011-12-13 (10-40-14).txt

    Scan type: Quick scan
    Objects scanned: 193864
    Time elapsed: 4 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\Temp\5689.sys (Heuristics.Shuriken) -> No action taken.
    c:\WINDOWS\Temp\nnnv0.6736472055370573.exe (Exploit.Drop.6) -> No action taken.
    c:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> No action taken.



    5. I then proceeded to have Malwarebytes remove the infected files.

    6. I was then able to boot into windows and then try GMER again only to get a BSOD

    7. I then rebooted into safe mode and ran GMER from there, here is that log:



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-13 17:51:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1500HLFS-01G6U0 rev.04.04V01
    Running: gmer.exe; Driver: C:\DOCUME~1\Jskeezy\LOCALS~1\Temp\pxtdapob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text   atapi.sys                                                                                                                                                                                                                                         F74C6852 1 Byte  [CC] {INT 3 }
    ?       C:\WINDOWS\system32\DRIVERS\i8042prt.sys                                                                                                                                                                                                          suspicious PE modification

    ---- User code sections - GMER 1.0.15 ----

    .text   C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtCreateProcess                                                                                                                                                                                      7C90D14E 5 Bytes  JMP 00BB000A
    .text   C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtCreateProcessEx                                                                                                                                                                                    7C90D15E 5 Bytes  JMP 00BC000A
    .text   C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                               7C90D6EE 5 Bytes  JMP 00A6000A
    .text   C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                                 7C90DFAE 5 Bytes  JMP 00A7000A
    .text   C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!KiUserExceptionDispatcher                                                                                                                                                                            7C90E47C 5 Bytes  JMP 00A5000C
    .text   C:\WINDOWS\System32\ping.exe[1044] USER32.dll!GetCursorPos                                                                                                                                                                                        7E42974E 5 Bytes  JMP 00BF000A
    .text   C:\WINDOWS\System32\ping.exe[1044] USER32.dll!WindowFromPoint                                                                                                                                                                                     7E429766 5 Bytes  JMP 00C0000A
    .text   C:\WINDOWS\System32\ping.exe[1044] USER32.dll!GetForegroundWindow                                                                                                                                                                                 7E429823 5 Bytes  JMP 00C1000A
    .text   C:\WINDOWS\System32\ping.exe[1044] ole32.dll!CoCreateInstance                                                                                                                                                                                     774FF1AC 5 Bytes  JMP 00BE000A
    .text   C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                            7C90D6EE 5 Bytes  JMP 01AA000A
    .text   C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtWriteVirtualMemory                                                                                                                                                                              7C90DFAE 5 Bytes  JMP 01AB000A
    .text   C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!KiUserExceptionDispatcher                                                                                                                                                                         7C90E47C 5 Bytes  JMP 01A9000C

    ---- Modules - GMER 1.0.15 ----

    Module  (noname) (*** hidden *** )                                                                                                                                                                                                                        BA65F000-BA675000 (90112 bytes) 

    ---- Threads - GMER 1.0.15 ----

    Thread  System [4:344]                                                                                                                                                                                                                                    8AB76161
    Thread  System [4:1304]                                                                                                                                                                                                                                   8A243C30

    ---- Registry - GMER 1.0.15 ----

    Reg     HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version                                                                                                                                                                       
    Reg     HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version                                                                                                                                                                0xAA 0xD8 0x81 0x40 ...

    ---- Files - GMER 1.0.15 ----

    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NX43K0VB\viapi[2]                                                                                                                                    0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NX43K0VB\passback.c.r[1].php                                                                                                                         0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLA41OIR\if[2].txt                                                                                                                                   0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLA41OIR\getAds[1].jsp                                                                                                                               0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\jquery.livequery[1].js                                                                                                                      6102 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\homeicon[1].png                                                                                                                             1787 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\dot[3].gif                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\getjs[1].aspx                                                                                                                               8830 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\cr_std_144_pti-rally[1].jpg                                                                                                                 14725 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\index[1].html                                                                                                                               0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\log[3].txt                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\log[4].txt                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\log[5].txt                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ipad2-review[1].jpg                                                                                                                         8089 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\j-167534-262917[1].js                                                                                                                       14229 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\default[1].jpg                                                                                                                              4746 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\default[2].jpg                                                                                                                              3830 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\diabetes-type2[1].jpg                                                                                                                       19809 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCAB6DXO1                                                                                                                                 1268 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCABN1VVI                                                                                                                                 580 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCAFBIFVJ                                                                                                                                 636 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCALLK4RP                                                                                                                                 580 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ttj[1]                                                                                                                                      0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\1229[2].js                                                                                                                                  1350 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\1244009783@Top1[1]                                                                                                                          2008 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\moreLexusSites_pursuitContinuesOv[1].png                                                                                                    2971 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\mucinex_mucinexd_wheelofmisery15_rev_us_linear_450x360_h264[1].mp4                                                                          1186189 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\as=250961[1].mjs                                                                                                                            0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\sendtracker[1].gif                                                                                                                          0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\sendtracker[2].gif                                                                                                                          43 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[2].htm                                                                                                                              0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[3].htm                                                                                                                              0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[4].htm                                                                                                                              0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[5].htm                                                                                                                              0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\g[1].gif                                                                                                                                    50 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\890[1].js                                                                                                                                   1456 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\t2p364fr986219924[1]                                                                                                                        382 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\JS[1].htm                                                                                                                                   0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dynamic_companion_banner_iframe[2].htm                                                                                                      990 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\logCA52CEXP.txt                                                                                                                             0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\textLayout_1.0.0.595[1].swz                                                                                                                 156308 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\st[3]                                                                                                                                       0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\st[4]                                                                                                                                       0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\st[5]                                                                                                                                       0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\surly[4].js                                                                                                                                 1702 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ROME_NHEZ00161504[1].htm                                                                                                                    964 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ClientSynchronizationServlet[2].txt                                                                                                         2136 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ab[1]                                                                                                                                       0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\log;tx=cm-10517817211_1323735330;it=0;vt=0;ic=0;atf=0;pv=1;fv=0;seq=3;et=L;cid=123cc25c63893fb;ord=343472[1].gif                            0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\log;tx=cm-10517817211_1323735330;it=1;vt=30;ic=1;atf=0;pv=1;fv=0;seq=6;et=B;cid=123cc25c63893fb;ord=934302[1].gif                           0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\healthylifestylesolution[1].php                                                                                                             0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dref=http%253A%252F%252Fchinaflix.com%252Fvideoplayer_movie[1].php%253Fpid%253D148%2526part%253D5                                           0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dref=http%253A%252F%252Fwww.healthywaytocook[1].com%252F2011%252F09%252F12%252Fpeachy-heirloom-tomato-salad-with-blue-borage-blossoms%252F  815 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dref=http%253A%252F%252Fwww.mevio[1].com%252Fepisode%252F305763%252Fmm234-kindle-fire-update-xbox-kills-verizon                             0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\wrapper[1].js                                                                                                                               0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\w[1].gif                                                                                                                                    0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\PublisherEventServlet[3].txt                                                                                                                0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\PublisherEventServlet[4].txt                                                                                                                0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\PublisherEventServlet[5].txt                                                                                                                5 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\NOP[1].swf                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\oauth[1].txt                                                                                                                                0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\opt_log[1].txt                                                                                                                              5 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\29300[1].htm                                                                                                                                26551 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\tntwo[1].php                                                                                                                                0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\audit_303br_net[4].gif                                                                                                                      0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\24258600[1].jpg                                                                                                                             0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\26271-15[1].js                                                                                                                              0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\26317-2[1].js                                                                                                                               0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\MaytagTide_Concept3_v6_300x250[1].swf                                                                                                       0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\c3VTabstrct-6-2[1].htm                                                                                                                      0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adServer[1].htm                                                                                                                             0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adServer[2].htm                                                                                                                             0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[10]                                                                                                                                     0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[11]                                                                                                                                     0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[1].js                                                                                                                                   0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[1].txt                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[2].js                                                                                                                                   0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[8]                                                                                                                                      0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[9]                                                                                                                                      0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\1[4].gif                                                                                                                                    0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\pixel[2]                                                                                                                                    0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\play-free-shooter-flash-game-gringo-bandido[1].jpg                                                                                          0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\play-free-sports-flash-game-skater-boy[1].jpg                                                                                               0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\dropdown.vertical[1].css                                                                                                                    0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\AdServerServlet[1].htm                                                                                                                      1601 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\fw-nonplayer-banner[3].htm                                                                                      &nbs

    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #6 on: December 13, 2011, 07:10:01 pm »
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\script250[1].js                                                                                                                             4138 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y58FA1U0\log[8].txt                                                                                                                                  0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y58FA1U0\b[1].gif                                                                                                                                    43 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y58FA1U0\__utmCA3RD4R4.gif                                                                                                                           0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YJDNKWTE\city;city=milwaukee;state=wi;pos=right300x250;ref=yp_org;sz=300x250;tile=2;ord=1323796694[1].txt                                            257 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YJDNKWTE\flowplayer-3.2.5[1].swf                                                                                                                     0 bytes
    File    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZO0G3JQG\%E2%80%9C-avengers%E2%80%9D-cover-entertainment-weekly-548512[1].txt                                                                        50221 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308                                                                                                                                                                                                        0 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\@                                                                                                                                                                                                      2048 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\bckfg.tmp                                                                                                                                                                                              850 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\cfg.ini                                                                                                                                                                                                206 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\Desktop.ini                                                                                                                                                                                            4608 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\keywords                                                                                                                                                                                               161 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\kwrd.dll                                                                                                                                                                                               223744 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\L                                                                                                                                                                                                      0 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\L\rrpsdfhi                                                                                                                                                                                             52480 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\lsflt7.ver                                                                                                                                                                                             5176 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U                                                                                                                                                                                                      0 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\00000001.@                                                                                                                                                                                           2048 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\00000002.@                                                                                                                                                                                           224768 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\00000004.@                                                                                                                                                                                           1024 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\80000000.@                                                                                                                                                                                           1024 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\80000004.@                                                                                                                                                                                           12800 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\80000032.@                                                                                                                                                                                           98304 bytes
    File    C:\WINDOWS\$NtUninstallKB16181$\466714780                                                                                                                                                                                                         0 bytes

    ---- EOF - GMER 1.0.15 ----

    Offline 1972vet

    • Microsoft® MVP
    • Malware Removal Staff
    • Diamond Member
    • Posts: 8290
    • Patience is bitter indeed, but its fruit is sweet.
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #7 on: December 14, 2011, 06:45:01 am »
    Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
    ...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

    Please download combofix from This Webpage...and read through the instructions there for running the tool.

    ***Important Note***
    Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

    If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


    The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.  It's a simple procedure that will only take a few moments.

    Once installed, a blue screen prompt should appear that reads as follows:

    The Recovery Console was successfully installed.

    When you see that screen, please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.
    When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

    Note:
    Do not mouseclick combofix's window while it's running....that may cause the scan to stall

    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

    Offline 1972vet

    • Microsoft® MVP
    • Malware Removal Staff
    • Diamond Member
    • Posts: 8290
    • Patience is bitter indeed, but its fruit is sweet.
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #8 on: December 16, 2011, 10:28:24 am »
    Still with us jskeezy84?
    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #9 on: December 16, 2011, 10:36:51 am »
    Yes sir. Thanks for your help so far. Its been a busy week. I had my paramedic practical and final in the past couple days so I have been swamped. I will be going through the steps you mentioned tomorrow because I'm at work for 24hours. Again, I greatly appreciate your assistance with my pc.

    Offline 1972vet

    • Microsoft® MVP
    • Malware Removal Staff
    • Diamond Member
    • Posts: 8290
    • Patience is bitter indeed, but its fruit is sweet.
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #10 on: December 16, 2011, 12:10:32 pm »
    Yes sir. Thanks for your help so far. Its been a busy week. I had my paramedic practical and final in the past couple days so I have been swamped. I will be going through the steps you mentioned tomorrow because I'm at work for 24hours. Again, I greatly appreciate your assistance with my pc.
    Gotcha. Good luck on your exam(s). I took mine a couple decades ago when I was still a street cop. The paramedic training was optional, but I wanted it. It's well worth the effort. Just think...it may come in handy some day to save the life of one of your own family members. Always good to know.
    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #11 on: December 17, 2011, 09:32:00 am »
    Thanks, I passed everything. Just waiting on that license. It feels like the easy part is over, even though all year has been tough as hell. Now I have to be a "paramedic" instead of a student with a safety net.

    So here's the update, and it doesn't look good. I downloaded and ran combofix, let it do its thing by installing the recovery console and shortly after it did so it prompted me with a message saying I was infected with "rootkit" and before I could really read the whole message it restarted my computer and resumed its scan. Then at "Stage 50" I got a BSOD. After restarting the computer I was finally able to boot back into windows. I restarted ComboFix only to get to "Stage 50" again, however this time combofix started "deleting files" but shortly after it started that I got another BSOD that stated something about "BAD_POOL_HEADER". Neither instances of running combofix produced a log for me to upload. So instead of continuing to rerun combofix I figured I would post an update and wait for further instruction.

    Offline 1972vet

    • Microsoft® MVP
    • Malware Removal Staff
    • Diamond Member
    • Posts: 8290
    • Patience is bitter indeed, but its fruit is sweet.
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #12 on: December 17, 2011, 06:08:25 pm »
    Alright, we need to just back pedal a bit and resolve a couple issues first.

    The absence of antivirus software is something we need to address as part of this issue, but for now we need to uninstall a few things. Look for and uninstall the following:
    Java(TM) 6 Update 26 <--we'll install the latest version when the system is cleaned
    Spybot - Search & Destroy <--the TeaTimer element will interfere with combofix. You can reinstall this when we finish.
    Viewpoint Media Player <--and this one was installed without your knowledge or consent. We call that foistware.

    Next, you have the msconfig utility running on startup. We should put a stop to it...Please click start-->run, then type:
    msconfig

    ...and click "ok". When the System Configuration Utility opens, click the "Startup" tab.

    Please check the box next to every program that is listed there. You can put things back the way you had them later, but for now, any of those you removed may also be at issue here. I should say though, it's never a good idea to use the msconfig utility to remove anything from startup. You should stop a program from running, from within the software itself.

    Reboot the system and when it comes back up, check the box "Do not show this again" that pops up when the system restarts your desktop.

    Next, please run HijackThis again and check the box next to these entries:
    O4 - HKLM\..\Run: [GEST] m‘|\ü
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    Close all windows, then click the Fix Checked button. Reboot the system into safe mode and run combofix there. If it completes successfully, please post back the resulting log...otherwise, please report back what issues you had with it this time. Thanks!
    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

    Offline jskeezy84

    • Bronze Member
    • Posts: 9
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #13 on: December 20, 2011, 10:08:32 am »
    everything went fine this time, here is the log:

    ComboFix 11-12-20.04 - Jskeezy 12/20/2011   9:54.3.4 - x86 NETWORK
    Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3326.2883 [GMT -6:00]
    Running from: c:\documents and settings\Jskeezy\Desktop\ComboFix.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Jskeezy\WINDOWS
    c:\program files\LP
    c:\program files\LP\1DB4\1.tmp
    c:\program files\LP\3814\B8.tmp
    c:\program files\LP\3814\B9.tmp
    c:\windows\system32\muzapp.exe
    c:\windows\system32\system32
    c:\windows\system32\system32\cis-2.4.dll
    c:\windows\system32\system32\issacapi_bs-2.3.dll
    c:\windows\system32\system32\issacapi_pe-2.3.dll
    c:\windows\system32\system32\issacapi_se-2.3.dll
    c:\windows\system32\system32\MACXMLProto.dll
    c:\windows\system32\system32\MaDRM.dll
    c:\windows\system32\system32\MaJGUILib.dll
    c:\windows\system32\system32\MaJUtilLib.dll
    c:\windows\system32\system32\MAMACExtract.dll
    c:\windows\system32\system32\MASetupCaller.dll
    c:\windows\system32\system32\MASetupCleaner.exe
    c:\windows\system32\system32\MaXMLProto.dll
    c:\windows\system32\system32\MetaStore2.dll
    c:\windows\system32\system32\Microsoft.Synchronization.dll
    c:\windows\system32\system32\MK_Lyric.dll
    c:\windows\system32\system32\MSCLib.dll
    c:\windows\system32\system32\MSFLib.dll
    c:\windows\system32\system32\MSLUR71.dll
    c:\windows\system32\system32\msvcp60.dll
    c:\windows\system32\system32\MTTELECHIP.dll
    c:\windows\system32\system32\MTXSYNCICON.dll
    c:\windows\system32\system32\muzaf1.dll
    c:\windows\system32\system32\muzapp.dll
    c:\windows\system32\system32\muzapp.exe
    c:\windows\system32\system32\muzdecode.ax
    c:\windows\system32\system32\muzeffect.ax
    c:\windows\system32\system32\muzmp4sp.ax
    c:\windows\system32\system32\muzmpgsp.ax
    c:\windows\system32\system32\muzoggsp.ax
    c:\windows\system32\system32\muzwmts.dll
    c:\windows\system32\system32\psapi.dll
    c:\windows\system32\system32\Synchronization2.dll
    c:\windows\system32\tmp62.tmp
    .
    .
    (((((((((((((((((((((((((   Files Created from 2011-11-20 to 2011-12-20  )))))))))))))))))))))))))))))))
    .
    .
    2011-12-14 00:23 . 2011-12-14 00:24   --------   d-----w-   c:\documents and settings\Administrator
    2011-11-27 17:51 . 2011-11-27 17:55   --------   d-----w-   c:\windows\system32\Adobe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-20 15:42 . 2009-01-30 11:18   16608   ----a-w-   c:\windows\gdrv.sys
    2011-11-24 17:24 . 2011-05-17 13:58   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 20:09 . 2004-08-04 12:00   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
    2011-10-17 18:19 . 2009-02-12 01:57   138160   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
    2011-10-17 18:18 . 2009-04-11 04:43   271200   ----a-w-   c:\windows\system32\PnkBstrB.xtr
    2011-10-17 18:18 . 2009-02-12 01:55   271200   ----a-w-   c:\windows\system32\PnkBstrB.exe
    2011-10-17 18:14 . 2009-02-12 01:55   215104   ----a-w-   c:\windows\system32\PnkBstrB.ex0
    2011-10-10 14:22 . 2009-01-30 11:04   692736   ----a-w-   c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2004-08-04 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2008-07-30 01:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2004-08-04 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2004-08-04 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
    2009-02-25 05:44 . 2009-02-25 05:34   36868   ----a-w-   c:\program files\uninst-Particular.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2008-12-09 657920]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
    "Steam"="c:\program files\Steam\Steam.exe" [2011-09-05 1242448]
    "AIM"="c:\progra~1\AIM\aim.exe" [2003-07-21 61440]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
    "CrazyTalk Serve"="c:\windows\system32\CrazyTalk.dll" [2009-04-10 995328]
    "WMP110"="c:\program files\Linksys\WMP110\WMP110.exe" [2008-05-26 991232]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-19 202256]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 77824]
    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-08-26 3365176]
    "iTunesHelper"="E:\iTunesHelper.exe" [2010-09-24 421160]
    "DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2003-02-24 266313]
    "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-15 91432]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    .
    c:\documents and settings\Jskeezy\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-13 576000]
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 434176]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "e:\\Xfire\\xfire.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
    "c:\\Program Files\\Atari\\ArmA\\arma.exe"=
    "c:\\Xfire\\xfire.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty 2\\CoD2SP_s.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\call of duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
    "c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
    "c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
    "c:\\Program Files\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "e:\\iTunes.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\CivilizationV.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5353:TCP"= 5353:TCP:Adobe CSI CS4
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
    "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
    "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
    .
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [4/27/2009 5:20 PM 57344]
    R3 WMP110v2;Linksys WMP110 RangePlus Wireless PCI Adapter Wireless Driver;c:\windows\system32\drivers\WMP110v2.sys [4/27/2009 5:20 PM 625024]
    S0 axwe;axwe;c:\windows\system32\drivers\cppudiba.sys --> c:\windows\system32\drivers\cppudiba.sys [?]
    S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [9/8/2008 11:32 AM 18336]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 4:24 PM 41456]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [10/1/2010 5:05 PM 20072]
    S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [7/26/2010 7:17 AM 95568]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/15/2010 9:29 AM 217088]
    S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/30/2009 5:40 AM 80392]
    S2 GTWPSService;GTWPSSRV;c:\program files\Linksys\WMP110\gtwpssrv.exe [4/27/2009 5:20 PM 34816]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 8:11 AM 135664]
    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/14/2009 5:38 PM 5010288]
    S2 WLSng Service;WLSng Service;c:\program files\Linksys\WMP110\WLSngS.exe [4/27/2009 5:20 PM 233472]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/25/2009 6:34 PM 1691480]
    S3 CrystalCpuInfo;CrystalCpuInfo;c:\program files\OCCT\CpuInfo.sys [11/25/2003 7:50 AM 3151]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [7/26/2010 7:17 AM 18136]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/15/2010 9:29 AM 36640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 8:11 AM 135664]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Linksys\WMP110\jswpsapi.exe [4/27/2009 5:20 PM 352338]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/15/2010 9:30 AM 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/15/2010 9:30 AM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/15/2010 9:30 AM 121576]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/14/2009 5:38 PM 16168]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 14:11]
    .
    2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 14:11]
    .
    2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-583907252-725345543-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    2011-12-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-583907252-725345543-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
    FF - ProfilePath - c:\documents and settings\Jskeezy\Application Data\Mozilla\Firefox\Profiles\64rp41ew.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
    SafeBoot-14746061.sys
    AddRemove-HijackThis - e:\install files\HijackThis.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
    AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-20 10:01
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      CrazyTalk Serve = rundll32.exe c:\windows\system32\CrazyTalk.dll,DllServeMediaFile?1?????????????????????????|?????????????????E?|@??|???|YF?|?U?|yE?|\????????????????H??????????^????????????????~?|^???w???????????????????????\???????????????(???????????????e??|?????????????}?|
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1004336348-583907252-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-1004336348-583907252-725345543-1004\Software\SecuROM\License information*]
    "datasecu"=hex:f7,83,91,91,37,a4,d7,ba,f4,cd,7e,7b,bb,ed,cd,d1,5a,5a,ea,87,37,
       66,ec,30,68,8d,77,2b,d3,ab,fb,81,c1,74,a4,3e,e4,a5,08,1a,a0,d8,63,0c,88,a2,\
    "rkeysecu"=hex:4b,35,d6,44,bb,02,56,51,30,13,17,72,db,21,fc,d1
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:aa,d8,81,40,d1,7d,4b,9f,65,95,ef,62,53,dc,41,2d,b9,61,8d,16,ea,
       65,f7,16,a3,22,05,6b,95,dc,57,f0,95,31,c1,c5,bd,0d,8f,02,f8,91,60,77,d2,6e,\
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:aa,d8,81,40,d1,7d,4b,9f,65,95,ef,62,53,dc,41,2d,b9,61,8d,16,ea,
       65,f7,16,a3,22,05,6b,95,dc,57,f0,95,31,c1,c5,bd,0d,8f,02,f8,91,60,77,d2,6e,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1360)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Completion time: 2011-12-20  10:02:23
    ComboFix-quarantined-files.txt  2011-12-20 16:02
    .
    Pre-Run: 3,631,280,128 bytes free
    Post-Run: 4,638,216,192 bytes free
    .
    - - End Of File - - 781A25E7B9D8472836024BE1BC9EA622

    Offline 1972vet

    • Microsoft® MVP
    • Malware Removal Staff
    • Diamond Member
    • Posts: 8290
    • Patience is bitter indeed, but its fruit is sweet.
    Re: [Resolved] XP Home Security 2012 & redirects
    « Reply #14 on: December 20, 2011, 11:23:16 pm »
    How's that thing running now?
    Disabled Veteran
    U.S.C.G. 1972 - 1978
    Membership: U.N.I.T.E., A.S.A.P.

    2009-12

    Performance and Maintenance for Windows XP, Windows Vista and Windows Seven