Jump to content

Something is on my computer, my DDS scans


Recommended Posts

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

I hope I pasted the results of the right one and not the one from the first scan ealier....thank you!

 

 

 

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-01-2014 03

Ran by HP_Administrator at 2014-01-26 19:56:43 Run:2

Running from C:\Documents and Settings\HP_Administrator\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

start

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip

C:\Program Files\PDFCreator\message.exe

end

*****************

 

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (1).exe => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (2).exe => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair (3).exe => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\ReimageRepair.exe => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\CD-konboot-v1.1-2in1.zip => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\FD0-konboot-v1.1-2in1.zip => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vkickstart.zip => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\CD-konboot-v1.0-Vorange.zip => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip => Moved successfully.

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\kon-boot-all\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip => Moved successfully.

C:\Program Files\PDFCreator\message.exe => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

I don't think it is the fan, because normally the computer is quiet. I have had a few strange things happen while browsing, a couple of times music started to play, another time a rather large picture popped up in front of my screen, I was able to X out of the picture. Are these what you would consider Malware?

 

It is really hard for me to explain, but this sound my computer makes only seems to happen when something has gotten into my computer and no matter how many times I run the usual scans if the scans don't find the problems and remove them then the computer will continue to act up. It is not constant but always when I am using my browser. So I came here again because all the scans I ran did not correct the issue. So now I am hoping what you suggested will help. At the moment it is very quiete, not whining at all.

 

Should I do any other scans to make sure all is well? Can't thank you enough Juliet for your help and I am so thankful for the PcPitstop. Everytime I get into a mess I always come here. Thank you so much!!

 

 

 

oops! another question.....what do I do with all of the above scans I have on my Desktop....keep....delete?

Edited by darkeyes
Link to post
Share on other sites

a couple of times music started to play, another time a rather large picture popped up in front of my screen, I was able to X out of the picture

This can be so let's try one more.

 

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    ---------------------------------------------------------------------------------------------

  • If there are Internet issues after running ComboFix:

    Internet Explorer:

    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

    Firefox:

    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:

    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari

    Launch Safari

    Go to general settings menu

    Then in Preferences/ Advanced

    Then on line click Proxies change settings ...

    Click Internet Options, then click the Connections tab, click Network Settings.

    Disable option (uncheck) for the use of proxy server ...

Link to post
Share on other sites

Thanks Juliet, when I went in to link you provided for how to do an emergency backup, my computer went haywire and a video popped up about spaceships and blah blah while I was trying to read the instructions. There is defenetely something hiding in my computer.

 

So I am going to get going with the new instructions you gave me. Thanks again!

Link to post
Share on other sites

 

Juliet please tell something has been found and we can get it off my computer. Thank you again!

 

 

 

 

 

ComboFix 14-01-27.02 - HP_Administrator 01/27/2014 13:43:04.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.394 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

c:\documents and settings\HP_Administrator\WINDOWS

c:\windows\system32\Cache

c:\windows\system32\Cache\081abff8e8ad405f.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\2cbc76d442dff50d.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\53546bca5aa52b3a.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6aec4b1ef991e653.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\a8ac613b3acde6ae.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\cd6ac642ef0376d6.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2013-12-27 to 2014-01-27 )))))))))))))))))))))))))))))))

.

.

2014-01-26 22:08 . 2014-01-26 22:08 -------- d-----w- c:\program files\ESET

2014-01-26 20:09 . 2014-01-26 20:09 -------- d-----w- c:\windows\ERUNT

2014-01-25 18:28 . 2014-01-25 18:28 -------- d-----w- C:\FRST

2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2014-01-16 19:48 . 2014-01-16 19:48 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2014-01-16 19:47 . 2014-01-16 19:48 -------- d-----w- c:\program files\QuickTime

2014-01-16 19:47 . 2014-01-16 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2014-01-05 02:59 . 2014-01-05 02:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVAST Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-27 02:02 . 2012-05-10 05:24 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-27 02:02 . 2011-12-22 08:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-26 20:53 . 2012-10-15 01:54 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-26 20:53 . 2012-10-15 01:54 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2014-01-26 20:53 . 2012-10-15 01:54 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-26 20:53 . 2013-03-21 19:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-26 20:53 . 2012-10-15 01:54 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2014-01-26 20:53 . 2012-10-15 01:53 43152 ----a-w- c:\windows\avastSS.scr

2014-01-26 20:53 . 2012-10-15 01:53 270240 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-16 19:39 . 2014-01-16 19:39 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2014-01-16 19:39 . 2013-03-07 23:24 145408 ----a-w- c:\windows\system32\javacpl.cpl

2014-01-05 02:55 . 2013-03-21 19:56 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-05 02:55 . 2013-03-21 19:56 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-11-27 20:21 . 2011-12-20 20:08 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-13 02:59 . 2004-08-10 19:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-07 05:38 . 2011-12-20 20:09 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03 . 2011-12-21 03:51 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-30 02:26 . 2011-12-20 20:12 1879040 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-26 20:53 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-14 5625624]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-10-17 295512]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]

.

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe -startup [2011-12-20 36903]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat [2005-11-13 27136]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/21/2013 2:56 PM 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/21/2013 2:56 PM 180248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/14/2012 8:54 PM 775952]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/14/2012 8:54 PM 410784]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3/21/2013 2:56 PM 67824]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]

S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15 02:02]

.

2014-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2014-01-27 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-15 20:53]

.

2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 06:22]

.

2014-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-21 06:22]

.

2014-01-27 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2014-01-27 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2014-01-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

2014-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe

HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe

HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe

HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe

AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-01-27 13:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

@DACL=(02 0000)

"Installed"="1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

@DACL=(02 0000)

"Installed"="1"

"NoChange"="1"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

@DACL=(02 0000)

"Installed"="1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(788)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1328)

c:\windows\system32\WININET.dll

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\arservice.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\ehome\mcrdsvc.exe

c:\windows\ARPWRMSG.EXE

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

c:\program files\Updates from HP\9972322\Program\Updates from HP.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

c:\hp\KBD\KBD.EXE

.

**************************************************************************

.

Completion time: 2014-01-27 14:05:26 - machine was rebooted

ComboFix-quarantined-files.txt 2014-01-27 19:05

.

Pre-Run: 204,659,134,464 bytes free

Post-Run: 204,703,301,632 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - CC4AC80BAEF29A1C90C4997AAE129AAA

0AC6D996BCE152AED9600E6D6B797E2E

Link to post
Share on other sites

Please re-run/Open FRST again and type the following in the edit box rpcss.dll

Click the Search button

It will make a log (Search.txt)- please post the log into your reply to me.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application

    tdss%20start.JPG

  • Then click on Change parameters.

     

    tdss%20Change%20param.JPG

  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.

     

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

     

    tdss%20threat.JPG

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

     

    tdss%20report.JPG

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
Link to post
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

Search: "rpcss.dll"

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02

Ran by HP_Administrator (administrator) on CARLINE on 27-01-2014 18:40:48

Running from C:\Documents and Settings\HP_Administrator\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) ===================

 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Microsoft) C:\WINDOWS\arservice.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft) C:\WINDOWS\arpwrmsg.exe

(Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Chrome:

=======

CHR HomePage: hxxp://www.yahoo.com/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-26] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-26] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] ()

R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

S2 ASPI32; No ImagePath

S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]

R3 catchme; \??\C:\ComboFix\catchme.sys [x]

S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

 

==================== One Month Created Files and Folders ========

 

2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

2014-01-27 18:38 - 2014-01-27 18:38 - 00000031 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.ext.txt

2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

2014-01-27 13:38 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2014-01-27 13:38 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2014-01-27 13:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe

2014-01-27 13:37 - 2014-01-27 14:05 - 00000000 ____D C:\Qoobox

2014-01-27 13:37 - 2014-01-27 14:04 - 00000000 ____D C:\WINDOWS\erdnt

2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

2014-01-26 17:07 - 2014-01-26 17:08 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

2014-01-26 17:06 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

2014-01-26 13:53 - 2014-01-27 18:41 - 00015580 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-26 13:22 - 2014-01-27 18:40 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-25 13:28 - 2014-01-27 18:40 - 00000000 ____D C:\FRST

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

 

==================== One Month Modified Files and Folders =======

 

2014-01-27 18:41 - 2014-01-26 13:53 - 00015580 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

2014-01-27 18:40 - 2014-01-26 13:22 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-27 18:40 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-27 18:38 - 2014-01-27 18:38 - 00000031 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.ext.txt

2014-01-27 18:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

2014-01-27 18:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

2014-01-27 15:53 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-01-27 15:22 - 2005-08-31 07:17 - 01354121 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-27 14:06 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

2014-01-27 14:06 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

2014-01-27 14:05 - 2014-01-27 13:37 - 00000000 ____D C:\Qoobox

2014-01-27 14:04 - 2014-01-27 13:37 - 00000000 ____D C:\WINDOWS\erdnt

2014-01-27 13:57 - 2005-08-30 23:52 - 00000227 _____ C:\WINDOWS\system.ini

2014-01-27 13:56 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-27 13:56 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-27 13:56 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-27 13:56 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

2014-01-27 13:55 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-27 13:55 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

2014-01-27 13:55 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

2014-01-27 13:53 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

2014-01-27 13:53 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

2014-01-27 13:40 - 2005-08-31 01:34 - 00000325 __RSH C:\boot.ini

2014-01-27 13:38 - 2005-08-31 07:17 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

2014-01-27 13:06 - 2005-08-31 07:06 - 00041173 _____ C:\WINDOWS\wmsetup.log

2014-01-26 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

2014-01-26 21:02 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-26 21:02 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

2014-01-26 21:02 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-01-26 19:56 - 2012-09-12 13:17 - 00000000 ____D C:\Program Files\PDFCreator

2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

2014-01-26 17:08 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

2014-01-26 17:07 - 2014-01-26 17:06 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

2014-01-26 15:53 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-01-26 15:53 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-01-26 15:53 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-01-26 15:29 - 2012-10-02 22:52 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

2014-01-26 14:45 - 2013-08-27 14:09 - 00000000 ____D C:\AdwCleaner

2014-01-26 14:44 - 2012-09-12 13:18 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

 

Some content of TEMP:

====================

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Link to post
Share on other sites

didn't work

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Search: "rpcss.dll"

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to post
Share on other sites

 

Here it is again

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014 02

Ran by HP_Administrator (administrator) on CARLINE on 27-01-2014 18:56:05

Running from C:\Documents and Settings\HP_Administrator\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) ===================

 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Microsoft) C:\WINDOWS\arservice.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

(Microsoft) C:\WINDOWS\arpwrmsg.exe

(Digital Interactive Systems Corporation) C:\Program Files\DISC\DISCover.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DISCUpdateMgr.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe

(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard) C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

(Digital Interactive Systems Corporation, Inc.) C:\Program Files\DISC\DiscStreamHub.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard Company) C:\hp\KBD\kbd.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

(Google Inc.) C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)

HKLM\...\Run: [AlwaysReady Power Message APP] - C:\WINDOWS\ARPWRMSG.EXE [77312 2005-08-02] (Microsoft)

HKLM\...\Run: [HPHUPD08] - c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)

HKLM\...\Run: [DISCover] - C:\Program Files\DISC\DISCover.exe [1060864 2005-09-26] (Digital Interactive Systems Corporation)

HKLM\...\Run: [DiscUpdateManager] - C:\Program Files\DISC\DiscUpdateMgr.exe [61440 2005-09-26] (Digital Interactive Systems Corporation, Inc.)

HKLM\...\Run: [HPBootOp] - C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [1605740 2005-09-21] (Hewlett-Packard Company)

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM\...\Run: [EEventManager] - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-26] (AVAST Software)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-14] (SUPERAntiSpyware)

HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F23A00A2F96CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Chrome:

=======

CHR HomePage: hxxp://www.yahoo.com/

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File

CHR Extension: (RealDownloader) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-06]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-10-02]

CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-12] (SUPERAntiSpyware.com)

R2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-02] (Microsoft)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-26] (AVAST Software)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-16] (Oracle Corporation)

R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S0 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

R3 aracpi; C:\WINDOWS\System32\DRIVERS\aracpi.sys [22784 2005-08-02] (Microsoft Corporation)

R3 arhidfltr; C:\WINDOWS\System32\DRIVERS\arhidfltr.sys [19200 2005-08-02] (Microsoft Corporation)

R3 arkbcfltr; C:\WINDOWS\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-02] (Microsoft Corporation)

R3 armoucfltr; C:\WINDOWS\System32\DRIVERS\armoucfltr.sys [4992 2005-08-02] (Microsoft Corporation)

R3 ARPolicy; C:\WINDOWS\System32\DRIVERS\arpolicy.sys [10112 2005-08-02] (Microsoft Corporation)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-26] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-26] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-04] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-26] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-01-26] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-26] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-04] ()

R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)

R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-30] (Promise Technology, Inc.)

R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )

S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 SISNIC; C:\WINDOWS\System32\DRIVERS\sisnic.sys [32768 2004-08-04] (SiS Corporation)

S2 ASPI32; No ImagePath

S1 avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys [x]

R3 catchme; \??\C:\ComboFix\catchme.sys [x]

S2 ONSIO; \??\C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS [x]

S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S0 SMPLSCSI; System32\drivers\SMPLSCSI.SYS [x]

U3 mbr; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mbr.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

 

==================== One Month Created Files and Folders ========

 

2014-01-27 18:53 - 2014-01-27 18:53 - 00000019 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

2014-01-27 13:38 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2014-01-27 13:38 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2014-01-27 13:38 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe

2014-01-27 13:38 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe

2014-01-27 13:37 - 2014-01-27 14:05 - 00000000 ____D C:\Qoobox

2014-01-27 13:37 - 2014-01-27 14:04 - 00000000 ____D C:\WINDOWS\erdnt

2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

2014-01-26 17:07 - 2014-01-26 17:08 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

2014-01-26 17:06 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

2014-01-26 13:53 - 2014-01-27 18:56 - 00015794 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-26 13:22 - 2014-01-27 18:40 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-25 13:28 - 2014-01-27 18:40 - 00000000 ____D C:\FRST

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:47 - 2014-01-16 14:48 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 03:00 - 2014-01-16 03:02 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-02 20:19 - 2014-01-02 20:20 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

 

==================== One Month Modified Files and Folders =======

 

2014-01-27 18:56 - 2014-01-26 13:53 - 00015794 _____ C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt

2014-01-27 18:53 - 2014-01-27 18:53 - 00000019 _____ C:\Documents and Settings\HP_Administrator\Desktop\fixlist.txt

2014-01-27 18:40 - 2014-01-27 18:40 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\FRST-OlderVersion

2014-01-27 18:40 - 2014-01-26 13:22 - 01622528 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

2014-01-27 18:40 - 2014-01-25 13:28 - 00000000 ____D C:\FRST

2014-01-27 18:34 - 2013-11-15 15:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-27 18:19 - 2014-01-27 18:19 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe

2014-01-27 18:18 - 2011-12-21 01:23 - 00001022 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008UA.job

2014-01-27 15:53 - 2012-10-14 20:54 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-01-27 15:22 - 2005-08-31 07:17 - 01354121 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-27 14:06 - 2011-12-20 21:41 - 00000185 _____ C:\WINDOWS\system\hpsysdrv.DAT

2014-01-27 14:06 - 2011-12-20 20:12 - 00000000 ____D C:\WINDOWS\system32\Lang

2014-01-27 14:05 - 2014-01-27 14:05 - 00017107 _____ C:\ComboFix.txt

2014-01-27 14:05 - 2014-01-27 13:37 - 00000000 ____D C:\Qoobox

2014-01-27 14:04 - 2014-01-27 13:37 - 00000000 ____D C:\WINDOWS\erdnt

2014-01-27 13:57 - 2005-08-30 23:52 - 00000227 _____ C:\WINDOWS\system.ini

2014-01-27 13:56 - 2013-04-22 22:54 - 00000300 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-27 13:56 - 2013-04-06 22:21 - 00000308 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-27 13:56 - 2012-10-02 13:53 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-27 13:56 - 2005-09-01 13:58 - 00000000 ____D C:\WINDOWS\Registration

2014-01-27 13:55 - 2005-08-31 07:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-27 13:55 - 2005-08-30 23:55 - 00000159 _____ C:\WINDOWS\wiadebug.log

2014-01-27 13:55 - 2005-08-30 23:55 - 00000049 _____ C:\WINDOWS\wiaservc.log

2014-01-27 13:53 - 2011-12-20 18:46 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini

2014-01-27 13:53 - 2011-12-20 18:46 - 00000000 ____D C:\Documents and Settings\HP_Administrator

2014-01-27 13:40 - 2014-01-27 13:40 - 00000000 _RSHD C:\cmdcons

2014-01-27 13:40 - 2005-08-31 01:34 - 00000325 __RSH C:\boot.ini

2014-01-27 13:38 - 2005-08-31 07:17 - 00032482 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-27 13:32 - 2014-01-27 13:32 - 05175619 ____R (Swearware) C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe

2014-01-27 13:06 - 2005-08-31 07:06 - 00041173 _____ C:\WINDOWS\wmsetup.log

2014-01-26 22:18 - 2011-12-21 01:23 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-877228005-2687231834-3398282986-1008Core.job

2014-01-26 21:02 - 2012-05-10 00:24 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-26 21:02 - 2012-01-06 18:41 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe

2014-01-26 21:02 - 2011-12-22 03:49 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-01-26 19:56 - 2012-09-12 13:17 - 00000000 ____D C:\Program Files\PDFCreator

2014-01-26 19:17 - 2014-01-26 19:17 - 00001551 _____ C:\Documents and Settings\HP_Administrator\Desktop\ESETSCAN.txt

2014-01-26 17:08 - 2014-01-26 17:08 - 00000000 ____D C:\Program Files\ESET

2014-01-26 17:08 - 2014-01-26 17:07 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu (1).exe

2014-01-26 17:07 - 2014-01-26 17:06 - 02347384 _____ (ESET) C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe

2014-01-26 15:53 - 2013-03-21 14:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-01-26 15:53 - 2012-10-14 20:54 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-01-26 15:53 - 2012-10-14 20:53 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-01-26 15:53 - 2012-10-14 20:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-01-26 15:29 - 2012-10-02 22:52 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2014-01-26 15:29 - 2011-12-21 01:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2014-01-26 15:26 - 2014-01-26 15:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.75.0.1300.exe

2014-01-26 15:17 - 2014-01-26 15:17 - 00001982 _____ C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

2014-01-26 15:09 - 2014-01-26 15:09 - 00000000 ____D C:\WINDOWS\ERUNT

2014-01-26 15:08 - 2014-01-26 15:08 - 01037068 _____ (Thisisu) C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe

2014-01-26 14:58 - 2014-01-26 14:58 - 00002323 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner[s0].txt

2014-01-26 14:45 - 2013-08-27 14:09 - 00000000 ____D C:\AdwCleaner

2014-01-26 14:44 - 2012-09-12 13:18 - 00000000 ____D C:\Program Files\Mozilla Firefox

2014-01-26 14:29 - 2014-01-26 14:29 - 01236282 _____ C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe

2014-01-25 23:13 - 2012-10-02 13:53 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-877228005-2687231834-3398282986-1008.job

2014-01-25 00:07 - 2014-01-25 00:07 - 00022443 _____ C:\Documents and Settings\HP_Administrator\Desktop\attach.txt

2014-01-25 00:07 - 2014-01-25 00:07 - 00011944 _____ C:\Documents and Settings\HP_Administrator\Desktop\dds.txt

2014-01-23 00:17 - 2011-12-22 02:05 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\HpUpdate

2014-01-23 00:16 - 2011-12-20 20:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP

2014-01-23 00:16 - 2011-12-20 20:13 - 00000000 ____D C:\Program Files\HP

2014-01-21 21:55 - 2012-09-02 17:46 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-01-18 22:30 - 2012-01-14 14:35 - 00000757 _____ C:\WINDOWS\Ulead32.ini

2014-01-16 14:48 - 2014-01-16 14:48 - 00001615 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

2014-01-16 14:48 - 2014-01-16 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

2014-01-16 14:48 - 2014-01-16 14:47 - 00000000 ____D C:\Program Files\QuickTime

2014-01-16 14:47 - 2014-01-16 14:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer

2014-01-16 14:39 - 2014-01-16 14:39 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-16 14:39 - 2014-01-16 14:39 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-16 14:39 - 2013-03-07 18:24 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-16 03:05 - 2013-08-13 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-16 03:02 - 2014-01-16 03:00 - 00005053 _____ C:\WINDOWS\KB2914368.log

2014-01-16 03:02 - 2011-12-20 22:20 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-16 03:02 - 2005-08-31 07:04 - 00944612 _____ C:\WINDOWS\tsoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00579837 _____ C:\WINDOWS\comsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00350374 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00289104 _____ C:\WINDOWS\iis6.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00201460 _____ C:\WINDOWS\MedCtrOC.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00103769 _____ C:\WINDOWS\tabletoc.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00096038 _____ C:\WINDOWS\ehOCGen.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00094955 _____ C:\WINDOWS\ocmsn.log

2014-01-16 03:02 - 2005-08-31 07:04 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-16 03:02 - 2005-08-31 06:59 - 02064617 _____ C:\WINDOWS\FaxSetup.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00994467 _____ C:\WINDOWS\ocgen.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00374097 _____ C:\WINDOWS\netfxocm.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00233943 _____ C:\WINDOWS\plusoc.log

2014-01-16 03:02 - 2005-08-31 06:59 - 00102944 _____ C:\WINDOWS\msgsocm.log

2014-01-16 03:02 - 2005-08-31 06:57 - 00643664 _____ C:\WINDOWS\msmqinst.log

2014-01-16 03:01 - 2014-01-16 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-16 00:32 - 2011-12-21 01:24 - 00002376 _____ C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk

2014-01-14 16:57 - 2011-12-21 01:00 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2014-01-04 21:59 - 2014-01-04 21:59 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\AVAST Software

2014-01-04 21:55 - 2014-01-04 21:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-04 21:55 - 2013-03-21 14:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-01-04 21:55 - 2013-03-21 14:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys

2014-01-04 21:52 - 2012-10-14 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-01-04 21:52 - 2005-08-31 07:02 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT

2014-01-02 20:20 - 2014-01-02 20:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ebay

 

Some content of TEMP:

====================

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Link to post
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Search: "rpcss.dll

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to post
Share on other sites

it doesn't look like it's doing the search for me.

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    rpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to post
Share on other sites

Juliet when you say press the fix button once and then wait, am I suppose to to hit the scan button too? I did hit the scan button after I hit the fix button.

just the fix button would had worked.
Link to post
Share on other sites

Sorry about that Juliet

 

 

 

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 19:08 on 27/01/2014 by HP_Administrator

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "rpcss.dll"

C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll --a--c- 398336 bytes [01:07 21/12/2011] [04:20 26/07/2005] C369DF215D352B6F3A0B8C3469AA34F8

C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [10:01 09/02/2009] 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll --a--c- 401408 bytes [03:56 21/12/2011] [10:56 09/02/2009] 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll -----c- 399360 bytes [05:01 21/12/2011] [10:20 09/02/2009] 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll --a--c- 395776 bytes [01:07 21/12/2011] [05:00 10/08/2004] 5C83A4408604F737717AB96371201680

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll -----c- 399360 bytes [05:16 21/12/2011] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509

C:\WINDOWS\$NtUninstallKB956572_0$\rpcss.dll -----c- 397824 bytes [04:39 21/12/2011] [04:39 26/07/2005] CE94A2BD25E3E9F4D46A7373FF455C6D

C:\WINDOWS\erdnt\cache\rpcss.dll --a---- 401408 bytes [19:04 27/01/2014] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll -----c- 399360 bytes [00:12 14/04/2008] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509

C:\WINDOWS\system32\rpcss.dll --a---- 401408 bytes [20:09 20/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

C:\WINDOWS\system32\dllcache\rpcss.dll -----c- 401408 bytes [03:56 21/12/2011] [12:10 09/02/2009] 6B27A5C03DFB94B4245739065431322C

 

-= EOF =-

Link to post
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start

Replace: c:\windows\ServicePackFiles\i386\rpcss.dll | C:\WINDOWS\system32\rpcss.dll

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Malwarebytes Anti-Rootkit

 

1.Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet access

Windows Update

Windows Firewall.

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Link to post
Share on other sites

This one might be easier to follow.

 

 

 

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the Update completes, select Next

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

 

MBAntiRKclean.png

 

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

 

MBAntiRKclean1.png

 

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

 

Image6.png

 

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log Date and time of scan will also be shown

 

Image10.png

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-01-2014 02

Ran by HP_Administrator at 2014-01-27 19:45:11 Run:3

Running from C:\Documents and Settings\HP_Administrator\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

start

Replace: c:\windows\ServicePackFiles\i386\rpcss.dll | C:\WINDOWS\system32\rpcss.dll

end

*****************

 

Could not find c:\windows\ServicePackFiles\i386\rpcss.dll |

 

==== End of Fixlog ====

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...