Author Topic: [Resolved] XP Home Security 2012 & redirects (Read 1395 times)

jskeezy84 · « **on:** December 12, 2011, 04:26:05 PM »

Infected with "XP Home Security 2012." Started getting a prompt telling me that I have viruses and what not and this "program" wants me to buy a membership. I went to bleeping computer and followed the malware removal work through: restart in safe mode, FixNCR registry edit, rKill.exe, malwarebytes - which found and deleted things, did a reboot, ran spybot S&D, then immunized, then reboot ) However, after all that I'm getting web page redirects. I'm guessing I either missed a step or there are more viruses. Also, I down loaded Peer Guardian2 thinking it would act as a great firewall but I really don't know if I'm using it right, so there for I might be more vulnerable. Do I remove peer gaurdian2 as well? Thanks ahead of time for your assistance.

My log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:06:05 PM, on 12/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\system32\CrazyTalk.dll,DllServeMediaFile
O4 - HKLM\..\Run: [WMP110] C:\Program Files\Linksys\WMP110\WMP110.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287155969421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
O17 - HKLM\System\CS1\Services\Tcpip\..\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
O17 - HKLM\System\CS3\Services\Tcpip\..\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: WLSng Service - TODO: <Company name> - C:\Program Files\Linksys\WMP110\WLSngS.exe

--
End of file - 13104 bytes

1972vet · « **Reply #1 on:** December 12, 2011, 04:35:15 PM »

Greetings jskeezy84 and Welcome to our Forums,

Please download Malwarebytes Anti-Malware and save it to your desktop.
If you have problems with that link, you can also download it from Here or Here

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here
and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected then click on the Scan button.

The scan will begin and "Scan in progress" will show at the top. Wait for the scan to complete and do nothing else with the computer during the scan.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Exit MBAM. Please remember to copy and paste the contents of that report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

jskeezy84 · « **Reply #2 on:** December 12, 2011, 05:27:06 PM »

thanks for your response. I guess the full scan in safe mode didn't get everything after all.

Quick scan log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8360

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2011 5:23:34 PM
mbam-log-2011-12-12 (17-23-34).txt

Scan type: Quick scan
Objects scanned: 195663
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\nnnv0.12204415791427325.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.14340473057561365.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.6364243696043065.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gggf0.10242714584186352.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\gggf0.5155846192760242.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.5914461544439042.exe (Trojan.Agent) -> Quarantined and deleted successfully.

1972vet · « **Reply #3 on:** December 12, 2011, 07:45:29 PM »

Great, thanks! Yes, uninstall the peer guardian, then please do this:
isable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool

When it completes, DDS will open two (2) logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Next, Download GMER from the following location and save it to your desktop.

GMER Download Link 1
GMER Download Link 2 (Only use if the previous link does not work)

Right-click on the gmer.zip icon and select the Extract all... menu option. You should now see the gmer folder.
Open the folder and double-click on the gmer.exe icon. Please "ok" any prompts to allow the program to start.
You should now see the main GMER window. If you receive a warning about rootkit activity asking if you want to run a full scan, please click on the NO button.
We now need to configure GMER to prevent some features from being used during the scan. Please uncheck the following settings (we do NOT want to see these in our scan):
- IAT/EAT
- Drives/Partition other than Systemdrive,[/b] which is typically C:\
- Show All <--Important. Don't miss this one
Now that you have removed the check marks from the boxes for those items listed above, please click the Scan button.
This scan may take quite some time, so please be patient. When it has finished, you will be back at the main screen.
Please click on the Save... button and save the report to your desktop. Please name the saved file ark.txt
Please do not act on any of the information in this report. Many legitimate programs could be listed there.
Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

Please remember to include the following logs in your next reply.

DDS.txt
Attach.txt
ARK.txt

jskeezy84 · « **Reply #4 on:** December 13, 2011, 07:03:33 PM »

Update: this will be in the form of two posts due to character limit.

Currently I can only work from safe mode, and please bare with my formatting.

1. Uninstalled Peer Gaurdian2 then got the following prompt (dont know if this is important but here you go):

   16 bit MS-DOS Subsystem
   C:\WINDOWS\Temp\_ex-68.exe
   The NTVDM CPU has encountered an illegal instruction.
   CS:055f IP:fff9 OP:ff ff 01 5f 00 choose 'Close' to terminate the application

2. Next I ran dds.scr, here is that log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Jskeezy at 10:16:14 on 2011-12-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2406 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\Linksys\WMP110\WMP110.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [GEST] m‘|\ü
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [<NO NAME>]
mRun: [CrazyTalk Serve] rundll32.exe c:\windows\system32\CrazyTalk.dll,DllServeMediaFile
mRun: [WMP110] c:\program files\linksys\wmp110\WMP110.exe
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\jskeezy\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287155969421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE} : NameServer = 76.85.229.110,76.85.229.111
TCP: Interfaces\{3BBCDC99-FE11-43F3-8358-3D0DC485693F} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{6FB925CB-ADAF-40EF-AA4E-19C924499225} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jskeezy\application data\mozilla\firefox\profiles\64rp41ew.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: e:\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2008-9-8 18336]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-2-1 41456]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-10-1 20072]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-7-26 95568]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-15 217088]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-30 80392]
R2 GTWPSService;GTWPSSRV;c:\program files\linksys\wmp110\gtwpssrv.exe [2009-4-27 34816]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-3-14 5010288]
R2 WLSng Service;WLSng Service;c:\program files\linksys\wmp110\WLSngS.exe [2009-4-27 233472]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-7-26 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-15 36640]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-4-27 57344]
R3 WMP110v2;Linksys WMP110 RangePlus Wireless PCI Adapter Wireless Driver;c:\windows\system32\drivers\WMP110v2.sys [2009-4-27 625024]
RUnknown 5689;5689;

S0 axwe;axwe;c:\windows\system32\drivers\cppudiba.sys --> c:\windows\system32\drivers\cppudiba.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-25 1691480]
S3 CrystalCpuInfo;CrystalCpuInfo;c:\program files\occt\CpuInfo.sys [2003-11-25 3151]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-7 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\linksys\wmp110\jswpsapi.exe [2009-4-27 352338]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-15 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-15 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-15 121576]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-3-14 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-27 17:51:30   --------   d-----w-   c:\windows\system32\Adobe
2011-11-15 17:36:08   --------   d-----w-   c:\documents and settings\jskeezy\application data\Malwarebytes
2011-11-15 17:36:04   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-11-15 17:36:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-11-15 17:36:00   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-11-15 17:27:46   --------   d-----w-   c:\program files\F30E1
2011-11-15 17:27:15   --------   d-----w-   c:\documents and settings\jskeezy\application data\48FF3
2011-11-15 17:27:14   --------   d-----w-   c:\program files\LP
2011-11-15 17:26:54   --------   d-----w-   c:\documents and settings\jskeezy\application data\KYYCCwkIVrlOtx0
2011-11-15 17:26:54   --------   d-----w-   c:\documents and settings\jskeezy\application data\fH55sWWJ7dE8gZq
2011-11-15 17:26:50   --------   d-----w-   c:\documents and settings\jskeezy\application data\shYYCCwkUVrlNtP
2011-11-15 17:26:50   --------   d-----w-   c:\documents and settings\jskeezy\application data\EtttzPPNycAiv2o
.
==================== Find3M ====================
.
2011-12-13 15:41:10   16608   ----a-w-   c:\windows\gdrv.sys
2011-11-24 17:24:58   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:09:37   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-10-17 18:19:07   138160   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2011-10-17 18:18:59   271200   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2011-10-17 18:18:59   271200   ----a-w-   c:\windows\system32\PnkBstrB.exe
2011-10-17 18:14:35   215104   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2011-10-10 14:22:41   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 16:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 16:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2009-02-25 05:44:52   36868   ----a-w-   c:\program files\uninst-Particular.exe
.
============= FINISH: 10:16:29.54 ===============

attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2009 5:06:29 AM
System Uptime: 12/13/2011 9:40:35 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45T-UD3P
Processor: Intel Pentium III Xeon processor | Socket 775 | 2999/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 140 GiB total, 3.603 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 140 GiB total, 25.261 GiB free.
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI Function Driver for High Definition Audio - ATI AA01
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&260D9ED0&0&0001
Manufacturer: ATI
Name: ATI Function Driver for High Definition Audio - ATI AA01
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&260D9ED0&0&0001
Service: AtiHdmiService
.
==== System Restore Points ===================
.
RP535: 9/14/2011 3:58:56 PM - Software Distribution Service 3.0
RP536: 9/16/2011 12:07:28 PM - System Checkpoint
RP537: 9/30/2011 11:58:00 AM - System Checkpoint
RP538: 9/30/2011 3:12:09 PM - Software Distribution Service 3.0
RP539: 9/30/2011 3:29:58 PM - Installed DirectX
RP540: 10/4/2011 11:27:33 AM - System Checkpoint
RP541: 10/5/2011 3:00:13 AM - Software Distribution Service 3.0
RP542: 10/7/2011 2:29:44 PM - System Checkpoint
RP543: 10/8/2011 6:41:13 PM - System Checkpoint
RP544: 10/12/2011 3:26:33 PM - System Checkpoint
RP545: 10/14/2011 9:29:00 AM - System Checkpoint
RP546: 10/17/2011 8:39:22 AM - Software Distribution Service 3.0
RP547: 10/18/2011 1:15:44 PM - System Checkpoint
RP548: 10/19/2011 1:15:59 PM - System Checkpoint
RP549: 10/24/2011 10:17:47 AM - System Checkpoint
RP550: 10/25/2011 11:57:02 AM - System Checkpoint
RP551: 10/28/2011 9:19:13 AM - System Checkpoint
RP552: 10/30/2011 10:11:30 AM - System Checkpoint
RP553: 11/12/2011 6:47:42 PM - Software Distribution Service 3.0
RP554: 11/24/2011 11:48:06 AM - System Checkpoint
RP555: 11/27/2011 1:26:43 PM - System Checkpoint
RP556: 11/28/2011 2:48:13 PM - System Checkpoint
RP557: 12/5/2011 10:27:23 AM - System Checkpoint
RP558: 12/12/2011 11:56:29 AM - System Checkpoint
.
==== Installed Programs ======================
.
@BIOS Ver.2.03
3ivx MPEG-4 5.0.3 (remove only)
AAC Decoder
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.6
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.4.5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.6
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Age of Conan - Hyborian Adventures
AiO_Scan_CDA
AiOSoftwareNPI
Alias DirectConnect 2.0
America's Army 3
AnimationMentor Shelf
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArmA Uninstall
ATI AVIVO Codecs
ATI Catalyst Install Manager
AutoUpdate
Battlefield 2(TM)
Battlefield: Bad Company™ 2
BattlEye Uninstall
Bonjour
Browser Configuration Utility
BufferChm
Call of Duty 2
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Compatibility Pack for the 2007 Office system
Connect
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CPUID HWMonitor 1.16
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PowerDVD8
Data Lifeguard Tools
DeadAIM
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DMIView B8.0717.01
DocProc
Energy Saver Advance B8.0905.1
eSupportQFolder
F300
F300_Help
F300Trb
Fax_CDA
File Uploader
FlipShare
Gigabyte Raid Configurer
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
Intel(R) Processor ID Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Kies
kuler
L&H TTS3000 British English
Left 4 Dead
Linksys WMP110 RangePlus Wireless PCI Adapter
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia HomeSite+
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Maya 8.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Word Viewer 2003
Microsoft Speech Recognition Engine 4.0 (English)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft Xbox 360 Accessories 1.1
MKV Splitter
Mozilla Firefox (3.6.24)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Mumble 1.2.3
MyFreeCodec
Need for Speed™ SHIFT
NewCopy_CDA
Nikon Message Center
Nikon Transfer
NVIDIA PhysX
OCCT v0.91
OpenAL
OpenOffice.org 3.1
Origin
OutlookAddInNet3Setup
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Picture Control Utility
Pixel Bender Toolkit
Portal
Power Tab Editor 1.7
Prime95
ProductContextNPI
Project Reality 0856 Core
Project Reality 0856 Levels
Project Reality 0860 Patch
PunkBuster Services
QuickTime
Ray Adams ATI Tray Tools
Readme
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Red Alert Windows 95
SAMSUNG USB Driver for Mobile Phones
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver
Sid Meier's Civilization V
Sierra Utilities
SolutionCenter
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Steam
Suite Shared Configuration CS4
swMSM
Toolbox
TopStyle Lite (Version 3.0)
Trapcode 3DStroke
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager B08.0905.1
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
ViewNX
Viewpoint Media Player
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Wacom Tablet
WebFldrs XP
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Essentials Media Codec Pack 2.3
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
12/12/2011 9:08:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/12/2011 9:00:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atitray Fips intelppm
12/12/2011 4:19:58 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/12/2011 11:38:05 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/12/2011 10:25:29 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
12/12/2011 10:24:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/12/2011 10:09:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atitray Fips intelppm ohci1394
12/12/2011 10:08:01 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

jskeezy84 · « **Reply #5 on:** December 13, 2011, 07:04:24 PM »

3. then I ran GMER and immediately got a BSOD, had to boot into safe mode because my pc kept rebooting.

4. in safe mode I ran Malwarebytes thinking I could eradicate what ever is keeping me from booting into windows, here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8365

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/13/2011 10:40:17 AM
mbam-log-2011-12-13 (10-40-14).txt

Scan type: Quick scan
Objects scanned: 193864
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\5689.sys (Heuristics.Shuriken) -> No action taken.
c:\WINDOWS\Temp\nnnv0.6736472055370573.exe (Exploit.Drop.6) -> No action taken.
c:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> No action taken.

5. I then proceeded to have Malwarebytes remove the infected files.

6. I was then able to boot into windows and then try GMER again only to get a BSOD

7. I then rebooted into safe mode and ran GMER from there, here is that log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-13 17:51:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1500HLFS-01G6U0 rev.04.04V01
Running: gmer.exe; Driver: C:\DOCUME~1\Jskeezy\LOCALS~1\Temp\pxtdapob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text atapi.sys F74C6852 1 Byte [CC] {INT 3 }
? C:\WINDOWS\system32\DRIVERS\i8042prt.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BC000A
.text C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7000A
.text C:\WINDOWS\System32\ping.exe[1044] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C
.text C:\WINDOWS\System32\ping.exe[1044] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\ping.exe[1044] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C0000A
.text C:\WINDOWS\System32\ping.exe[1044] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C1000A
.text C:\WINDOWS\System32\ping.exe[1044] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01AA000A
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 01AB000A
.text C:\WINDOWS\system32\svchost.exe[2044] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01A9000C

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) BA65F000-BA675000 (90112 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:344] 8AB76161
Thread System [4:1304] 8A243C30

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xAA 0xD8 0x81 0x40 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NX43K0VB\viapi[2] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NX43K0VB\passback.c.r[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLA41OIR\if[2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SLA41OIR\getAds[1].jsp 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\jquery.livequery[1].js 6102 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\homeicon[1].png 1787 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\dot[3].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TG1LJN2S\getjs[1].aspx 8830 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\cr_std_144_pti-rally[1].jpg 14725 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\index[1].html 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\log[3].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\log[4].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V249RFWD\log[5].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ipad2-review[1].jpg 8089 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\j-167534-262917[1].js 14229 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\default[1].jpg 4746 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\default[2].jpg 3830 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\diabetes-type2[1].jpg 19809 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCAB6DXO1 1268 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCABN1VVI 580 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCAFBIFVJ 636 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adsCALLK4RP 580 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ttj[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\1229[2].js 1350 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\1244009783@Top1[1] 2008 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\moreLexusSites_pursuitContinuesOv[1].png 2971 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\mucinex_mucinexd_wheelofmisery15_rev_us_linear_450x360_h264[1].mp4 1186189 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\as=250961[1].mjs 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\sendtracker[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\sendtracker[2].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[3].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[4].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\service[5].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\g[1].gif 50 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\890[1].js 1456 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\t2p364fr986219924[1] 382 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\JS[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dynamic_companion_banner_iframe[2].htm 990 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\logCA52CEXP.txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\textLayout_1.0.0.595[1].swz 156308 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\st[3] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\st[4] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\st[5] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\surly[4].js 1702 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ROME_NHEZ00161504[1].htm 964 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ClientSynchronizationServlet[2].txt 2136 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ab[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\log;tx=cm-10517817211_1323735330;it=0;vt=0;ic=0;atf=0;pv=1;fv=0;seq=3;et=L;cid=123cc25c63893fb;ord=343472[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\log;tx=cm-10517817211_1323735330;it=1;vt=30;ic=1;atf=0;pv=1;fv=0;seq=6;et=B;cid=123cc25c63893fb;ord=934302[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\healthylifestylesolution[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dref=http%253A%252F%252Fchinaflix.com%252Fvideoplayer_movie[1].php%253Fpid%253D148%2526part%253D5 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dref=http%253A%252F%252Fwww.healthywaytocook[1].com%252F2011%252F09%252F12%252Fpeachy-heirloom-tomato-salad-with-blue-borage-blossoms%252F 815 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\dref=http%253A%252F%252Fwww.mevio[1].com%252Fepisode%252F305763%252Fmm234-kindle-fire-update-xbox-kills-verizon 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\wrapper[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\w[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\PublisherEventServlet[3].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\PublisherEventServlet[4].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\PublisherEventServlet[5].txt 5 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\NOP[1].swf 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\oauth[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\opt_log[1].txt 5 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\29300[1].htm 26551 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\tntwo[1].php 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\audit_303br_net[4].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\24258600[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\26271-15[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\26317-2[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\MaytagTide_Concept3_v6_300x250[1].swf 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\c3VTabstrct-6-2[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adServer[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\adServer[2].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[10] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[11] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[2].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[8] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\ads[9] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\1[4].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\pixel[2] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\play-free-shooter-flash-game-gringo-bandido[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VWC64NLU\play-free-sports-flash-game-skater-boy[1].jpg 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\dropdown.vertical[1].css 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\AdServerServlet[1].htm 1601 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\fw-nonplayer-banner[3].htm &nbs

jskeezy84 · « **Reply #6 on:** December 13, 2011, 07:10:01 PM »

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\X0W6ZY4I\script250[1].js 4138 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y58FA1U0\log[8].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y58FA1U0\b[1].gif 43 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Y58FA1U0\__utmCA3RD4R4.gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YJDNKWTE\city;city=milwaukee;state=wi;pos=right300x250;ref=yp_org;sz=300x250;tile=2;ord=1323796694[1].txt 257 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YJDNKWTE\flowplayer-3.2.5[1].swf 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZO0G3JQG\%E2%80%9C-avengers%E2%80%9D-cover-entertainment-weekly-548512[1].txt 50221 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308 0 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\bckfg.tmp 850 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\cfg.ini 206 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\keywords 161 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\L 0 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\L\rrpsdfhi 52480 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U 0 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB16181$\2862716308\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB16181$\466714780 0 bytes

---- EOF - GMER 1.0.15 ----

1972vet · « **Reply #7 on:** December 14, 2011, 06:45:01 AM »

Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

1972vet · « **Reply #8 on:** December 16, 2011, 10:28:24 AM »

Still with us jskeezy84?

jskeezy84 · « **Reply #9 on:** December 16, 2011, 10:36:51 AM »

Yes sir. Thanks for your help so far. Its been a busy week. I had my paramedic practical and final in the past couple days so I have been swamped. I will be going through the steps you mentioned tomorrow because I'm at work for 24hours. Again, I greatly appreciate your assistance with my pc.

1972vet · « **Reply #10 on:** December 16, 2011, 12:10:32 PM »

Quote from: jskeezy84 on December 16, 2011, 10:36:51 AM

Yes sir. Thanks for your help so far. Its been a busy week. I had my paramedic practical and final in the past couple days so I have been swamped. I will be going through the steps you mentioned tomorrow because I'm at work for 24hours. Again, I greatly appreciate your assistance with my pc.

Gotcha. Good luck on your exam(s). I took mine a couple decades ago when I was still a street cop. The paramedic training was optional, but I wanted it. It's well worth the effort. Just think...it may come in handy some day to save the life of one of your own family members. Always good to know.

jskeezy84 · « **Reply #11 on:** December 17, 2011, 09:32:00 AM »

Thanks, I passed everything. Just waiting on that license. It feels like the easy part is over, even though all year has been tough as hell. Now I have to be a "paramedic" instead of a student with a safety net.

So here's the update, and it doesn't look good. I downloaded and ran combofix, let it do its thing by installing the recovery console and shortly after it did so it prompted me with a message saying I was infected with "rootkit" and before I could really read the whole message it restarted my computer and resumed its scan. Then at "Stage 50" I got a BSOD. After restarting the computer I was finally able to boot back into windows. I restarted ComboFix only to get to "Stage 50" again, however this time combofix started "deleting files" but shortly after it started that I got another BSOD that stated something about "BAD_POOL_HEADER". Neither instances of running combofix produced a log for me to upload. So instead of continuing to rerun combofix I figured I would post an update and wait for further instruction.

1972vet · « **Reply #12 on:** December 17, 2011, 06:08:25 PM »

Alright, we need to just back pedal a bit and resolve a couple issues first.

The absence of antivirus software is something we need to address as part of this issue, but for now we need to uninstall a few things. Look for and uninstall the following:
Java(TM) 6 Update 26 <--we'll install the latest version when the system is cleaned
Spybot - Search & Destroy <--the TeaTimer element will interfere with combofix. You can reinstall this when we finish.
Viewpoint Media Player <--and this one was installed without your knowledge or consent. We call that foistware.

Next, you have the msconfig utility running on startup. We should put a stop to it...Please click start-->run, then type:
msconfig

...and click "ok". When the System Configuration Utility opens, click the "Startup" tab.

Please check the box next to every program that is listed there. You can put things back the way you had them later, but for now, any of those you removed may also be at issue here. I should say though, it's never a good idea to use the msconfig utility to remove anything from startup. You should stop a program from running, from within the software itself.

Reboot the system and when it comes back up, check the box "Do not show this again" that pops up when the system restarts your desktop.

Next, please run HijackThis again and check the box next to these entries:
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Close all windows, then click the Fix Checked button. Reboot the system into safe mode and run combofix there. If it completes successfully, please post back the resulting log...otherwise, please report back what issues you had with it this time. Thanks!

jskeezy84 · « **Reply #13 on:** December 20, 2011, 10:08:32 AM »

everything went fine this time, here is the log:

ComboFix 11-12-20.04 - Jskeezy 12/20/2011 9:54.3.4 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2883 [GMT -6:00]
Running from: c:\documents and settings\Jskeezy\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jskeezy\WINDOWS
c:\program files\LP
c:\program files\LP\1DB4\1.tmp
c:\program files\LP\3814\B8.tmp
c:\program files\LP\3814\B9.tmp
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
c:\windows\system32\tmp62.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-14 00:23 . 2011-12-14 00:24   --------   d-----w-   c:\documents and settings\Administrator
2011-11-27 17:51 . 2011-11-27 17:55   --------   d-----w-   c:\windows\system32\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 15:42 . 2009-01-30 11:18   16608   ----a-w-   c:\windows\gdrv.sys
2011-11-24 17:24 . 2011-05-17 13:58   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 20:09 . 2004-08-04 12:00   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-10-17 18:19 . 2009-02-12 01:57   138160   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2011-10-17 18:18 . 2009-04-11 04:43   271200   ----a-w-   c:\windows\system32\PnkBstrB.xtr
2011-10-17 18:18 . 2009-02-12 01:55   271200   ----a-w-   c:\windows\system32\PnkBstrB.exe
2011-10-17 18:14 . 2009-02-12 01:55   215104   ----a-w-   c:\windows\system32\PnkBstrB.ex0
2011-10-10 14:22 . 2009-01-30 11:04   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 12:00   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 12:00   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2009-02-25 05:44 . 2009-02-25 05:34   36868   ----a-w-   c:\program files\uninst-Particular.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2008-12-09 657920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2011-09-05 1242448]
"AIM"="c:\progra~1\AIM\aim.exe" [2003-07-21 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"GBTUpd"="c:\program files\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
"CrazyTalk Serve"="c:\windows\system32\CrazyTalk.dll" [2009-04-10 995328]
"WMP110"="c:\program files\Linksys\WMP110\WMP110.exe" [2008-05-26 991232]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-19 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 77824]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-08-26 3365176]
"iTunesHelper"="E:\iTunesHelper.exe" [2010-09-24 421160]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2003-02-24 266313]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2007-11-15 91432]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
.
c:\documents and settings\Jskeezy\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-12-13 576000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 434176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Xfire\\xfire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\Atari\\ArmA\\arma.exe"=
"c:\\Xfire\\xfire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty 2\\CoD2SP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed SHIFT\\shift.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\CivilizationV.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
.
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [4/27/2009 5:20 PM 57344]
R3 WMP110v2;Linksys WMP110 RangePlus Wireless PCI Adapter Wireless Driver;c:\windows\system32\drivers\WMP110v2.sys [4/27/2009 5:20 PM 625024]
S0 axwe;axwe;c:\windows\system32\drivers\cppudiba.sys --> c:\windows\system32\drivers\cppudiba.sys [?]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [9/8/2008 11:32 AM 18336]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 4:24 PM 41456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [10/1/2010 5:05 PM 20072]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [7/26/2010 7:17 AM 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [10/15/2010 9:29 AM 217088]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/30/2009 5:40 AM 80392]
S2 GTWPSService;GTWPSSRV;c:\program files\Linksys\WMP110\gtwpssrv.exe [4/27/2009 5:20 PM 34816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 8:11 AM 135664]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [3/14/2009 5:38 PM 5010288]
S2 WLSng Service;WLSng Service;c:\program files\Linksys\WMP110\WLSngS.exe [4/27/2009 5:20 PM 233472]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 288112]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/25/2009 6:34 PM 1691480]
S3 CrystalCpuInfo;CrystalCpuInfo;c:\program files\OCCT\CpuInfo.sys [11/25/2003 7:50 AM 3151]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [7/26/2010 7:17 AM 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [10/15/2010 9:29 AM 36640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2010 8:11 AM 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Linksys\WMP110\jswpsapi.exe [4/27/2009 5:20 PM 352338]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/15/2010 9:30 AM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/15/2010 9:30 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/15/2010 9:30 AM 121576]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/14/2009 5:38 PM 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 14:11]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 14:11]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-583907252-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-12-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-583907252-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{0520A20A-B4AF-41F2-A1DA-180A1D6C8CBE}: NameServer = 76.85.229.110,76.85.229.111
FF - ProfilePath - c:\documents and settings\Jskeezy\Application Data\Mozilla\Firefox\Profiles\64rp41ew.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
SafeBoot-14746061.sys
AddRemove-HijackThis - e:\install files\HijackThis.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 10:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CrazyTalk Serve = rundll32.exe c:\windows\system32\CrazyTalk.dll,DllServeMediaFile?1?

|?

?E?|@??|???|YF?|?U?|yE?|\

?H?

^?

~?|^???w?

?\

(

???e??|?

}?|
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1004336348-583907252-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:f7,83,91,91,37,a4,d7,ba,f4,cd,7e,7b,bb,ed,cd,d1,5a,5a,ea,87,37,
66,ec,30,68,8d,77,2b,d3,ab,fb,81,c1,74,a4,3e,e4,a5,08,1a,a0,d8,63,0c,88,a2,\
"rkeysecu"=hex:4b,35,d6,44,bb,02,56,51,30,13,17,72,db,21,fc,d1
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:aa,d8,81,40,d1,7d,4b,9f,65,95,ef,62,53,dc,41,2d,b9,61,8d,16,ea,
65,f7,16,a3,22,05,6b,95,dc,57,f0,95,31,c1,c5,bd,0d,8f,02,f8,91,60,77,d2,6e,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:aa,d8,81,40,d1,7d,4b,9f,65,95,ef,62,53,dc,41,2d,b9,61,8d,16,ea,
65,f7,16,a3,22,05,6b,95,dc,57,f0,95,31,c1,c5,bd,0d,8f,02,f8,91,60,77,d2,6e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1360)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-12-20 10:02:23
ComboFix-quarantined-files.txt 2011-12-20 16:02
.
Pre-Run: 3,631,280,128 bytes free
Post-Run: 4,638,216,192 bytes free
.
- - End Of File - - 781A25E7B9D8472836024BE1BC9EA622

1972vet · « **Reply #14 on:** December 20, 2011, 11:23:16 PM »

How's that thing running now?

News:

Author Topic: [Resolved] XP Home Security 2012 & redirects (Read 1395 times)

jskeezy84

[Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects

jskeezy84

Re: [Resolved] XP Home Security 2012 & redirects

1972vet

Re: [Resolved] XP Home Security 2012 & redirects