Multiple issues

View previous topic View next topic Go down

Multiple issues

Post by Voods on Thu 09 May 2013, 12:33 am

I have been having a number of issues with my computer. Most of all, I am unable to click in any window after opening it, browser and software. I am unable to click the start menu button, clock, volume etc..
I can press the start menu button sometimes, and type something in, but nothing will load.
Also, when I can get into windows explorer, it will not stay on the page I am on, automatically directs me to a new page. Makes it impossible to browse through folders
This also happens when I am using my internet browser, directs me to random pages or previous ones all the time, even after a second of loading a page. It also happens in Word too, comes to a point where the cursor disappears and can not click in the document.
It sometimes resolves, allbeit briefly when I load task manager and quit it again. I have had a couple of reports of rootkits when doing my usual scans, but not sure if it is a false positive.
It really feels as if somebody has hijacked my computer and they are controlling it.
I have a had couple of reports of an issue with Sdwinlogon when doing my scans also, could this be an issue?
The computer is getting slower and slower, I have done nothing different to my usual use, the most recent change I can recall is a registry clean, which I usually do with no issues.
My firewall also switches off without my command.
Any help would be most welcome


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 12:34 am

Malwarebytes Anti-Malware
[You must be registered and logged in to see this link.]

Database version: v2013.05.08.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
n :: N-PC [administrator]

08/05/2013 11:01:02
mbam-log-2013-05-08 (11-01-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 395870
Time elapsed: 1 hour(s), 30 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)



Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 12:35 am

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 6.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
Spybot - Search & Destroy
Trojan Remover 6.8.6
Malwarebytes Anti-Malware version
Wise Registry Cleaner 7.33
JavaFX 2.1.1
Java(TM) 6 Update 31
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.64
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
windows defender MpCmdRun.exe
iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 12:35 am

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 13:41:31
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : n - N-PC
# Boot Mode : Normal
# Running from : C:\Users\n\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\n\AppData\Roaming\Mozilla\Firefox\Profiles\zwe0ad8b.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


AdwCleaner[R1].txt - [13002 octets] - [07/05/2013 13:46:29]
AdwCleaner[S1].txt - [12878 octets] - [07/05/2013 13:46:59]
AdwCleaner[S2].txt - [913 octets] - [08/05/2013 13:41:31]

########## EOF - C:\AdwCleaner[S2].txt - [972 octets] ##########


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Thu 09 May 2013, 5:12 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
the most recent change I can recall is a registry clean, which I usually do with no issues.
The Registry usually doesn't require cleaning.

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 11:48 am

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by n on 09/05/2013 at 1:25:01.09

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{01E26A43-9B5C-4DCE-9787-64D90017985F}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{01FEFB48-8FBC-4069-9C8C-0BD397E74B39}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{024C8604-FF8E-41DC-A27A-20AEDE032025}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{02E548C6-BC1F-4DE2-8C89-04ACE9E4CD87}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{03C33EAB-6E60-489C-9B37-E4791BA467C1}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{040A62D4-B210-48C0-8D16-D7DA34B8A45C}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{0686D533-3FD3-44B3-A43A-2EC3017D2C65}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{09D525F5-67F3-48A0-BCB9-11DE2D23ADBB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{0C7DCD64-E00F-467F-A54F-8F2F3C47496E}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{0E1A30E8-09CB-43AE-B0F1-CFCBAA4B1756}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{15551406-CB10-43FE-8711-533EC0B7F3B9}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{17188CCC-FBD6-421F-91E2-F499958469DE}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1960D48D-0868-4E8C-A222-FCC86539E7AB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1A8B8F7E-8B42-4D25-9604-877CFFB854F4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1AC84B5C-E7D5-4AB2-8A73-07FFC57D5DCC}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1B2B15D5-06D8-46A3-A8C9-58997BD8918B}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1C8F66D1-D655-4468-A438-31FA6CB145F0}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1D3361AC-DE45-4414-B2AE-9034E4F11797}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1DA2A87A-4B26-4C78-906B-DC680CF9B794}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1DC19C4A-4759-4B12-A91D-6276DD937197}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{1FDB88F1-E084-4010-AF9D-8C3BAB7A3E56}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{21204182-1D5D-4036-95CA-97C76C06BD3D}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{21C38787-D2BD-4323-9B91-3F2063410675}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{231D9036-29A1-4CDD-B080-C86A96F664F7}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{237D2DFD-7A19-455E-88DF-327D25A1A990}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{242C2542-5A1C-4AFB-8F1F-8C9F74EBA562}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{26B7B746-0F9D-4767-BEF6-299F5BCD0646}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{27E21941-E64A-4709-9948-38DC64DA1AFC}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{29D0D099-EB10-4454-9906-8F22AE8FCDF7}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{2A7E0A07-C70F-443C-8623-7BFC88C3AA01}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{2BB7C507-2F8D-43F5-8384-69DCFD635F29}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{2D84DCC6-80FE-43DB-97B1-74CF1FBF8A38}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{2F2D6105-8F53-450F-9432-9D0414B4A666}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{2F6D9B9B-D159-45DE-941B-75E09AAE8F63}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{312173FA-29E6-4252-9F72-4BEA0286CCB6}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{313CDA95-E076-4F11-924F-2BA2F7296483}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{31525864-2BEC-47B1-9608-5538113EBADB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{32D236D4-6510-4AF4-A09A-D21EC4BFFDE5}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{32E64FEE-E9BA-4181-B69D-8750B5F8A508}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{33678256-6726-4BFA-BAFC-9CDAC49D6D33}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{343E980C-DDBF-4A29-9448-0B611E5CAB71}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{34D78E9A-1F96-4FB3-A39A-10AC28523E73}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{351ABDF5-ED76-4035-AE15-281B07EC3218}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{3757935A-5B17-4B43-94A2-296BF1DF4703}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{379BE2BE-0AE7-4CA1-9385-2F282262DBA9}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{3A8311FD-3A7B-4D23-87E9-9B253992BEB0}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{3AC862E4-1E8B-49D8-B746-DBE00DA77331}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{3BAC857B-80FE-4193-A0BD-21E7F71F9BDA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{424F71B1-6F6E-4F7A-8675-538FB4E205FA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{4355354E-5FF7-4162-B356-2F806E85C7E7}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{47CBA237-D11A-4F35-B879-1AECCE70548D}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{484D3D4B-75DD-4445-9626-E623BAAB00CA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{49926822-42EE-4886-9422-1363F7916956}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{4B9C77AB-830A-40FD-9E19-C9E10160E392}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{4CECBE86-AFFD-4BE5-A0FA-60604359ABC2}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{4DB65A05-3A2B-4AB2-AFDD-F7C01B4E7F26}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{4E674851-0759-4652-A9D3-2A598A943A95}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{4FC58892-D189-49C3-98DF-5B82A8D1293E}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{51A7E383-E0AD-4EA2-93DD-20CE4BE13A9B}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{51CA7388-CCAA-42EE-9514-5EAABE76A34C}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{52B06BBA-8A84-427C-B280-4CE06CAEC4AC}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{537A6E15-D932-41AD-9C60-7B2C20DF053A}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{55126C91-E82B-45D7-B1FA-BC337227C337}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{553220BD-4B4B-4203-A4AC-BCA85710D37B}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{55372EBD-79BD-4DE4-9B2A-1F783D76795A}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{56B97279-518B-4B85-818C-5415EEBE2DC4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{573BBB35-69AD-4744-907D-D1537293699B}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5756CC7E-7DEF-435D-BE02-3303B4A0A069}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{57F3B4A5-3F9E-4706-B6AC-9C403717290C}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5846902C-329D-408E-B98D-AE2D6F3DB3E5}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{58A94A0E-7076-4FFA-9A86-C0C0A8244BA0}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{59156762-B0FE-48E1-AA0C-A97D030770DB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{591F6509-ED0A-4A26-B6FA-CF19AD44669D}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{59538AF9-00FF-4E99-8442-90149F432AED}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{59964EB8-61CC-49F3-A208-4D8D1B642212}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{59CBFE99-FBE5-42B7-A18D-8862D5172127}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5B2B5424-919E-4500-86D2-4BC37AFB67CB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5B3AC669-A0CB-4F66-B27E-691D6B9CF900}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5C5CAC5A-C4EC-42CA-8720-84FB4296E40E}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5C9FD6D2-2B57-49DC-8D81-A8A80B78F0B4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{5E04D633-ACFE-41BB-B6A4-00758C285BA3}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{619905BF-AA1C-4F6B-8674-AB86D59788D8}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{664F2059-42BA-4260-93F0-91DCE68103AB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{678F2536-6F8D-4CD7-A90C-05145063AA91}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{68B9AB85-901C-473B-8A91-A7F6856AE604}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{6D58BEDA-A633-4B67-B171-455D765A266C}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{6DBA8F25-AC45-4E8F-9A02-741FB46B0404}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{6DBFFCF9-6AB4-40D7-920A-ADF843AD0974}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{6E9F4726-2842-4E02-9BFA-2532606B7837}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{6F769465-D747-4F1C-ACBB-154074E4129D}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{701201B5-85E2-47FD-8C05-C5C76196165C}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7071FC90-6DAB-4439-976C-578C78FFBB34}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{711C2A82-FBB7-4D40-B5CF-8E74F2BB2A8C}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{71F8FCBB-6496-4EF4-8F19-0A9F29583346}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{73AADE24-4723-445E-9A81-A1F5A6D42011}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{740D8677-8A0E-430C-B7C2-6B5051FA8150}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{775FB36A-A28F-4B27-BA55-6DFBA2EDAB3F}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7985F58D-A4DF-4CEF-A962-273E5155E6E1}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7A223015-B067-4012-B31D-ADE71BEEE5B9}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7BB1FDA5-3ADA-4F23-9C18-06213AEF3B27}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7CB77633-3F8D-49FC-B1E4-FB28E5D37E99}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7E96A5FD-1AC9-441A-B0A4-CE3E7B972C23}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{7EFDF7A6-7134-464B-A6EC-60A4CBCF5775}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{80A4541D-8513-4EAD-BE62-1967097329D4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{82D871D4-B5D4-45CB-AA05-B0A357745F5E}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8424EDA6-DD3A-4047-96DB-8B379826EBEA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8638A868-F46F-4449-B02E-CBA581B63B14}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{880FA746-7803-47D6-AF5A-5782D1475849}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{88E95ED9-400C-45D8-8BFE-124E0A1BAC22}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8944BB9D-5E51-42A2-9C3A-340FC86CEEFF}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8A79BE1C-7022-4AB2-9259-98DA2BE71568}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8B431740-5F97-4233-BACF-8B068FB6650F}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8B44B433-A190-4593-8D0A-78D2BFFFD915}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8C006F43-4914-4348-AD27-8B3CFB16D4CF}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{8F93EC5D-FB1B-478E-B991-635D48E39043}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{90964B6E-958A-40F6-8078-127B53B176DF}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{90B561B2-5B24-48F3-9892-0D05E4CFE69B}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{90E6E731-35E9-47DF-8362-99D43789AFB4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{91036639-92EC-4902-A0F3-E09AF4ACA167}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{912EF60F-5061-4440-AB27-24311C790E32}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{91349672-B174-4DE7-B691-B95BF6E6DAE3}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{93FE6A67-F97D-4B5C-A61D-4B242A8FA6F9}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{947C428E-7670-4CD4-97C9-3AD6FF6D2000}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{94AB9B3E-0605-4B0B-BC19-17E7AAF10B6D}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{95704354-82CA-49DF-8A28-697197C97328}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{9871DE58-D37A-4440-8646-C3610E59CCB3}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{99F67157-C085-4619-B7AC-F76DDDB046AC}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{9A0FCDC5-5967-4EF6-8F7E-FE59770DEE37}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{9D4F2325-8F02-4044-8B1D-31CA4416E4AC}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{9F49F602-5DA8-4A8A-BA11-971905204DC6}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{9F7C0321-5E6C-4846-87C3-1158B79F50BA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{A3C7FD71-6167-4662-B5E3-C2AED4B19EAF}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{A5A3E408-F35E-4D23-8869-B9B86274D4BE}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{A6FDBB3C-8576-446F-83E4-8D13F5480A93}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{A810C2A0-0974-4148-8A8B-B4AA4424C307}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{A8E518F1-5D97-4E58-BC8D-65365651F52F}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{AAC9BD8F-5DA7-45F0-824E-C0674DCF2B56}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{ACAA3558-B558-44EA-A443-496309AAE680}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{AF01D648-8491-4BE0-ADC9-1C0338A3C550}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{AF0B7E31-EE50-4DE7-BDDA-306AAA7FCCF7}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{B08E81CE-7446-45DE-8BE7-0CAE8751B51A}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{B7935CB7-8F9C-4A89-B970-8BE43E6DDE04}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{B7F00951-5C2C-4E27-B9C7-4060DEB7D7AE}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{B9CC0FC5-04A1-46A9-9202-566E3FE1D0F8}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{BB26FBC9-1E2B-4763-A296-2D5A0CAC23B1}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{BC7AB88B-6719-46BD-AEED-9EA81DE3B561}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{BD701EB7-DE03-429D-8CD1-548A43FBD52F}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{BF01873F-5B08-43FF-9078-424E987C3BF1}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C0CB5403-E016-48D0-AEC1-7A90C3674F26}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C1454750-D992-45B3-B555-0F948D3046A3}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C170869B-9402-4280-9494-BA974D3108D9}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C2885985-49A4-452B-BD22-6393A84AEAF8}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C337D514-7162-4307-BC5B-65C327611978}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C4633BB9-43FE-4C80-AC29-19D1528B78E8}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C501C116-8171-4A66-8ADB-44A41DE5A710}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C63FD325-E5DB-4860-AC21-B6ECA7F13517}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C856E18B-C67D-4802-BABC-A4BDFDFF12E4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{C993E325-5142-457D-B7A7-28C0862694BB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{CB41967A-06BB-47C2-BC7F-6CE7D1FD55CB}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{CCF9AC3E-37FE-49DB-8696-6F09D61FF6FC}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{CDB13F19-3553-4511-A715-AA5E3C2050E7}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{CF844250-A1D0-4B5B-A921-C762B9B2C5FA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D23BA780-1417-4A25-BB27-6E29391A5863}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D318D7B9-0F1C-499C-BC7D-A20398365638}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D3E7154F-8A38-4371-84D3-6F2A348F17A8}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D4AF0953-9AFE-48A8-B997-7E356AFA4EB0}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D606920E-D375-46B7-9C4E-6D5A9AA5EFB7}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D729CE16-D41D-4C4D-BBFD-8399268F41F1}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D97C53B8-7071-4200-A9BE-09FD581A70D3}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{D9EB5C73-402F-4F12-8020-49849DF93E78}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{DA08BF03-9719-4783-86FA-C670243D6515}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{DA49FF95-F83B-4214-852B-2D49CF05317A}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{DAFE6585-9291-4774-B5E4-5C95A07268B8}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E02DCC79-17E9-48C6-A35E-2990C5C25C95}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E1CDC48F-0019-467B-A073-58D8140DDBC6}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E2AA9285-FF13-40B8-BAD2-35333558C893}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E3E27ED2-E172-425C-BF11-BCE60055122A}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E6245A88-A6CB-4189-B80A-A1EFEAE12DE1}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E83D5F1F-4322-42F9-A67B-7E37930B17E3}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E854E0B4-5EFB-4CA1-8AE2-2C14335B7069}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{E880C339-F0C4-414F-BD48-AB5D9B06C034}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{EB55A67A-3D23-4E04-92AA-7AC321DBE715}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F085624A-D585-48D3-80DF-B2CCCE9ED74B}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F1857D90-78C6-4B6D-8F4F-4C4D50AB39BA}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F1C16EB2-ECED-49A3-9AE3-BDD539F811B4}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F2B84259-8869-4D79-A8C5-4A012CA82000}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F835EA49-781A-4D87-B913-903444F07FA9}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F8811C93-C9A3-45E9-8C06-5AFC4E0AED6E}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F8FF4E05-236F-4E6C-9BF7-F2D800C189A5}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F987033E-2607-49B7-80B2-BC3E6EC9C55E}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{F99A05E0-6D83-45F1-B186-8DC39BFF1A57}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{FABFF951-8709-4A82-8C92-9654B78DA620}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{FCDB8BCF-7690-4BA3-A451-80569A175799}
Successfully deleted: [Empty Folder] C:\Users\n\appdata\local\{FFC3B8B8-0BD2-4DEF-A4BC-7EA09DABD062}

~~~ FireFox

Emptied folder: C:\Users\n\AppData\Roaming\mozilla\firefox\profiles\zwe0ad8b.default\minidumps [14 files]

~~~ Event Viewer Logs were cleared

Scan was completed on 09/05/2013 at 1:27:21.47
End of JRT log


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 11:49 am

ComboFix 13-05-08.02 - n 09/05/2013 1:34.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3574.2586 [GMT 1:00]
Running from: c:\users\n\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))
2013-05-09 00:42 . 2013-05-09 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-09 00:42 . 2013-05-09 00:42 -------- d-----w- c:\users\black\AppData\Local\temp
2013-05-09 00:32 . 2013-05-09 00:32 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2919DCEE-9BCD-4A8C-BC94-C0039C683A58}\offreg.dll
2013-05-09 00:24 . 2013-05-09 00:24 -------- d-----w- c:\windows\ERUNT
2013-05-09 00:24 . 2013-05-09 00:24 -------- d-----w- C:\JRT
2013-05-07 22:44 . 2013-05-07 22:44 -------- d-----w- c:\users\n\AppData\Roaming\Simply Super Software
2013-05-07 22:44 . 2013-05-07 22:44 -------- d-----w- c:\program files\Trojan Remover
2013-05-07 22:44 . 2013-05-07 22:44 -------- d-----w- c:\programdata\Simply Super Software
2013-05-07 17:13 . 2013-05-07 17:13 -------- d-----w- c:\program files\UnCleaner
2013-05-07 16:28 . 2013-05-07 16:28 -------- d-----w- c:\program files\Common Files\Java
2013-05-07 16:28 . 2013-05-07 16:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-07 16:27 . 2013-05-07 16:27 -------- d-----w- c:\program files\Java
2013-05-07 11:27 . 2013-05-07 11:27 -------- d-----w- C:\Stinger_Quarantine
2013-05-07 11:26 . 2013-05-07 11:44 -------- d-----w- c:\program files\stinger
2013-05-07 10:41 . 2013-05-07 10:41 -------- d-----w- c:\programdata\Licenses
2013-05-07 10:04 . 2013-05-07 10:04 -------- d-----w- c:\program files\spotflux
2013-05-07 09:29 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2919DCEE-9BCD-4A8C-BC94-C0039C683A58}\mpengine.dll
2013-05-05 16:49 . 2013-05-05 19:04 -------- d-----w- c:\program files\Labeljoy 5
2013-05-05 16:47 . 2013-05-05 16:47 -------- d-----w- c:\users\n\AppData\Local\{62043314-B102-4874-9E29-1477B9F510E3}
2013-04-29 23:17 . 2013-04-29 23:17 -------- d-----w- c:\users\n\AppData\Local\Easy_BioSolutions_Inc
2013-04-29 23:15 . 2013-04-29 23:15 -------- d-----w- c:\program files\Easy Trinity
2013-04-24 10:23 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-15 15:26 . 2013-04-15 15:26 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-04-15 15:25 . 2013-04-15 15:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-04-15 15:25 . 2013-04-15 15:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-15 15:24 . 2013-04-15 15:24 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-04-15 15:23 . 2013-04-15 15:23 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-15 15:22 . 2013-04-15 15:22 -------- d-----w- c:\users\n\AppData\Local\Microsoft Help
2013-04-15 15:22 . 2013-04-15 16:37 -------- d-----w- c:\programdata\Microsoft Help
2013-04-15 15:22 . 2013-04-15 15:22 -------- d-----r- C:\MSOCache
2013-04-15 13:17 . 2013-04-15 13:17 -------- d-----w- c:\users\n\AppData\Roaming\Hotspot Shield
2013-04-11 00:36 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 00:36 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 00:36 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 00:36 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 00:35 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 00:35 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-11 00:35 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-11 00:35 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-11 00:35 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-05-07 16:27 . 2012-08-01 22:19 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-07 16:27 . 2012-02-24 16:38 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-05 13:14 . 2012-07-06 12:28 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-05 13:14 . 2012-02-17 11:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 01:06 . 2012-01-01 21:59 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 12:27 . 2013-02-12 17:43 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2013-04-04 13:50 . 2012-03-06 13:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-01 22:36 . 2013-04-01 22:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-01 22:36 . 2013-04-01 22:36 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-01 22:36 . 2013-04-01 22:36 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-01 22:36 . 2013-04-01 22:36 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-01 22:36 . 2013-04-01 22:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-01 22:36 . 2013-04-01 22:36 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-01 22:36 . 2013-04-01 22:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-01 22:36 . 2013-04-01 22:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-01 22:36 . 2013-04-01 22:36 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-01 22:36 . 2013-04-01 22:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-01 22:36 . 2013-04-01 22:36 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-01 22:36 . 2013-04-01 22:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-01 22:36 . 2013-04-01 22:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-01 22:36 . 2013-04-01 22:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-01 22:36 . 2013-04-01 22:36 361984 ----a-w- c:\windows\system32\html.iec
2013-04-01 22:36 . 2013-04-01 22:36 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-01 22:36 . 2013-04-01 22:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-31 13:37 . 2013-03-31 13:37 397312 ----a-w- c:\windows\iwexec.exe
2013-03-31 13:37 . 2013-03-31 13:37 83144 ----a-w- c:\windows\system32\picclp32.ocx
2013-03-31 13:37 . 2013-03-31 13:37 415504 ----a-w- c:\windows\system32\msrepl35.dll
2013-03-31 13:37 . 2013-03-31 13:37 212480 ----a-w- c:\windows\system32\Pcdlib32.dll
2013-03-31 13:37 . 2013-03-31 13:37 98304 ----a-w- c:\windows\system32\Ltfil90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 35328 ----a-w- c:\windows\system32\Lttwn90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 29184 ----a-w- c:\windows\system32\Lfpsd90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 288256 ----a-w- c:\windows\system32\Ltkrn90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 28160 ----a-w- c:\windows\system32\Lfwmf90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 28160 ----a-w- c:\windows\system32\Lftga90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 27648 ----a-w- c:\windows\system32\Lfwpg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26112 ----a-w- c:\windows\system32\Lfras90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 25600 ----a-w- c:\windows\system32\Lfwfx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 220160 ----a-w- c:\windows\system32\Ltdis90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 146432 ----a-w- c:\windows\system32\Ltefx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 142336 ----a-w- c:\windows\system32\Ltdlg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 118272 ----a-w- c:\windows\system32\Lftif90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 107008 ----a-w- c:\windows\system32\Ltimg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 88576 ----a-w- c:\windows\system32\Lffpx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 64512 ----a-w- c:\windows\system32\Lffax90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 46592 ----a-w- c:\windows\system32\Lfica90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 39936 ----a-w- c:\windows\system32\Lfgif90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 35840 ----a-w- c:\windows\system32\Lflma90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 338944 ----a-w- c:\windows\system32\Lffpx7.dll
2013-03-31 13:37 . 2013-03-31 13:37 31232 ----a-w- c:\windows\system32\Lfpct90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 31232 ----a-w- c:\windows\system32\Lflmb90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 31232 ----a-w- c:\windows\system32\Lfeps90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 30720 ----a-w- c:\windows\system32\Lfpcx90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 27136 ----a-w- c:\windows\system32\Lfimg90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26624 ----a-w- c:\windows\system32\Lfpcd90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26112 ----a-w- c:\windows\system32\Lfmsp90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 25600 ----a-w- c:\windows\system32\Lfmac90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 133632 ----a-w- c:\windows\system32\Lfpng90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 122880 ----a-w- c:\windows\system32\Lfkodak.dll
2013-03-31 13:37 . 2013-03-31 13:37 89360 ----a-w- c:\windows\system32\Vb5db.dll
2013-03-31 13:37 . 2013-03-31 13:37 557328 ----a-w- c:\windows\system32\dao360.dll
2013-03-31 13:37 . 2013-03-31 13:37 33792 ----a-w- c:\windows\system32\Lfbmp90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 28672 ----a-w- c:\windows\system32\Lfawd90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 26624 ----a-w- c:\windows\system32\Lfcal90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 24576 ----a-w- c:\windows\system32\Lfavi90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 236032 ----a-w- c:\windows\system32\Lfdic90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 235008 ----a-w- c:\windows\system32\Lfcmp90n.dll
2013-03-31 13:37 . 2013-03-31 13:37 164144 ----a-w- c:\windows\system32\comct232.ocx
2013-03-27 01:07 . 2013-03-27 01:07 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-03-18 00:31 . 2013-03-27 01:07 93254688 ----a-w- C:\SystemMechanicPro.exe
2013-03-07 11:21 . 2013-03-07 11:21 33160 ----a-w- c:\windows\system32\drivers\tapSF0901.sys
2013-02-12 17:44 . 2013-02-12 17:44 40208 ----a-w- c:\windows\system32\Partizan.exe
2013-02-12 17:31 . 2013-02-12 17:31 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2013-02-12 17:31 . 2013-02-12 17:31 2 --shatr- c:\windows\winstart.bat
2013-02-12 14:06 . 2013-02-12 17:31 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2013-02-12 04:48 . 2013-03-13 12:59 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 23:12 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 09:02 . 2013-04-12 09:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
2011-04-08 00:01 5066568 ----a-w- c:\program files\Protector Suite\farchns.dll
2011-04-08 00:01 5066568 ----a-w- c:\program files\Protector Suite\farchns.dll
"Dashlane"="c:\users\n\AppData\Roaming\Dashlane\Dashlane.exe" [2013-04-30 272056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 4431664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2013-04-26 1648400]
c:\users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-20 57344]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-04-07 23:45 101192 ----a-w- c:\program files\Protector Suite\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe\0Partizan
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2013-03-31 16:59 116648 ----atw- c:\users\n\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 19:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 15:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 13:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 13:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 13:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2009-07-08 05:41 65536 ----a-r- c:\program files\Eclipse Touch Mouse\ICO.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
2012-06-09 18:11 3225144 ----a-w- c:\program files\NetWorx\networx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-04-07 22:39 55624 ----a-w- c:\program files\Protector Suite\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-06-17 07:51 466704 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 14:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 04:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 12:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-11-11 19:42 7880664 ----a-w- c:\users\n\AppData\Roaming\Spotify\spotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-11-11 19:42 1199576 ----a-w- c:\users\n\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 06:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-28 16:28 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Safely Remove]
2012-04-25 23:49 2460504 ----a-w- c:\program files\USB Safely Remove\USBSafelyRemove.exe
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
S3 tapSF0901;Spotflux TAP Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - Partizan
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Contents of the 'Scheduled Tasks' folder
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 13:14]
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-335498470-4156246589-3525742749-1000Core.job
- c:\users\n\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 16:59]
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-335498470-4156246589-3525742749-1000UA.job
- c:\users\n\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-31 16:59]
------- Supplementary Scan -------
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{40354A83-504E-4611-ACAE-3D137F6F595E} - {40354A83-504E-4611-ACAE-3D137F6F595E} - c:\users\n\AppData\Roaming\Dashlane\ie\Dashlanei.dll
TCP: DhcpNameServer =
TCP: Interfaces\{128EE2C2-5A0A-4CA7-818A-28B243957FD2}: NameServer =,
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\244575966496: NameServer =,
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\244584F6D65684572623D2056315B4: NameServer =,
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\35B4955333332333: NameServer =,
TCP: Interfaces\{AFFB6FF8-259D-4D43-8D85-E4EA1EAF5347}\E4544574541425: NameServer =,
FF - ProfilePath - c:\users\n\AppData\Roaming\Mozilla\Firefox\Profiles\zwe0ad8b.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - ExtSQL: !HIDDEN! 2012-07-02 12:29; [You must be registered and logged in to see this link.]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
- - - - ORPHANS REMOVED - - - -
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
@Denied: (2) (LocalSystem)
@Denied: (2) (LocalSystem)
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (Full) (Everyone)
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(492)
c:\program files\Protector Suite\psqlpwd.dll
c:\program files\Protector Suite\homefus2.dll
c:\program files\Protector Suite\infql2.dll
- - - - - - - > 'Explorer.exe'(1800)
c:\program files\PowerMenu\PowerMenuHook.dll
c:\program files\Protector Suite\farchns.dll
c:\program files\Protector Suite\infql2.dll
c:\program files\Protector Suite\qlbase.dll
Completion time: 2013-05-09 01:44:42
ComboFix-quarantined-files.txt 2013-05-09 00:44
Pre-Run: 18,010,165,248 bytes free
Post-Run: 17,914,499,072 bytes free
- - End Of File - - C09B8436AC77D57DC7B9894D4AF4C84D


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Thu 09 May 2013, 12:22 pm

SysProt Antirootkit

SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.


  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or and try again

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 9:16 pm

It did say there was an error scanning SSDT hooks.

SysProt AntiRootkit v1.0.1.0
by swatkat


No Processes found

Kernel Modules:
Module Name: \??\C:\Users\n\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: AEBC1000
Module End: AEBCC000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 8300B000
Module End: 8341E000
Hidden: No

Module Name: C:\Windows\system32\halmacpi.dll
Service Name: ---
Module Base: 8341E000
Module End: 83455000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80B98000
Module End: 80BA0000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 8361C000
Module End: 836A1000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 836A1000
Module End: 836B2000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 836B2000
Module End: 836BA000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 836BA000
Module End: 836FC000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 836FC000
Module End: 837A7000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 83C00000
Module End: 83C81000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 83C81000
Module End: 83C8F000
Hidden: No

Module Name: C:\Windows\system32\drivers\Partizan.sys
Service Name: Partizan
Module Base: 83C8F000
Module End: 83C97000
Hidden: No

Module Name: C:\Windows\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: 83C97000
Module End: 83CDF000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 83CDF000
Module End: 83CE8000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 83CE8000
Module End: 83CF0000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 83CF0000
Module End: 83D1A000
Hidden: No

Module Name: C:\Windows\system32\drivers\vdrvroot.sys
Service Name: vdrvroot
Module Base: 83D1A000
Module End: 83D25000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 83D25000
Module End: 83D36000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 83D36000
Module End: 83D3E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: ---
Module Base: 83D3E000
Module End: 83D49000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 83D49000
Module End: 83D59000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 83D59000
Module End: 83DA4000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 83DA4000
Module End: 83DAB000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 83DAB000
Module End: 83DB9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pcmcia.sys
Service Name: pcmcia
Module Base: 83DB9000
Module End: 83DE7000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: mountmgr
Module Base: 83DE7000
Module End: 83DFD000
Hidden: No

Module Name: C:\Windows\system32\drivers\vmbus.sys
Service Name: vmbus
Module Base: 837A7000
Module End: 837D1000
Hidden: No

Module Name: C:\Windows\system32\drivers\winhv.sys
Service Name: ---
Module Base: 837D1000
Module End: 837E3000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 837E3000
Module End: 837EC000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 83E04000
Module End: 83E27000
Hidden: No

Module Name: C:\Windows\system32\drivers\amdxata.sys
Service Name: amdxata
Module Base: 83E27000
Module End: 83E30000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 83E30000
Module End: 83E64000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 83E64000
Module End: 83E75000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: ---
Module Base: 83E75000
Module End: 83FA4000
Hidden: No

Module Name: C:\Windows\System32\Drivers\msrpc.sys
Service Name: ---
Module Base: 83FA4000
Module End: 83FCF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 83FCF000
Module End: 83FE2000
Hidden: No

Module Name: C:\Windows\System32\Drivers\cng.sys
Service Name: CNG
Module Base: 8CA11000
Module End: 8CA6E000
Hidden: No

Module Name: C:\Windows\System32\drivers\pcw.sys
Service Name: pcw
Module Base: 8CA6E000
Module End: 8CA7C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.sys
Service Name: ---
Module Base: 8CA7C000
Module End: 8CA85000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8CA85000
Module End: 8CB3C000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8CB3C000
Module End: 8CB7A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecpkg.sys
Service Name: KSecPkg
Module Base: 8CB7A000
Module End: 8CB9F000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8CC16000
Module End: 8CD62000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8CD62000
Module End: 8CD93000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\epfwwfp.sys
Service Name: epfwwfp
Module Base: 8CD93000
Module End: 8CDA4000
Hidden: No

Module Name: C:\Windows\system32\drivers\vmstorfl.sys
Service Name: storflt
Module Base: 8CDA4000
Module End: 8CDAD000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8CDAD000
Module End: 8CDEC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: ---
Module Base: 8CDEC000
Module End: 8CDF4000
Hidden: No

Module Name: C:\Windows\system32\speedfan.sys
Service Name: speedfan
Module Base: 8CDF4000
Module End: 8CDF9000
Hidden: No

Module Name: C:\Windows\System32\drivers\rdyboost.sys
Service Name: rdyboost
Module Base: 8CB9F000
Module End: 8CBCC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8CC00000
Module End: 8CC10000
Hidden: No

Module Name: C:\Windows\System32\drivers\hwpolicy.sys
Service Name: hwpolicy
Module Base: 8CBCC000
Module End: 8CBD4000
Hidden: No

Module Name: C:\Windows\system32\giveio.sys
Service Name: giveio
Module Base: 8CC10000
Module End: 8CC11000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\fvevol.sys
Service Name: fvevol
Module Base: 8CE37000
Module End: 8CE69000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\disk.sys
Service Name: Disk
Module Base: 8CE69000
Module End: 8CE7A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: 8CE7A000
Module End: 8CE9F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8CEB9000
Module End: 8CED8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\eamonm.sys
Service Name: eamonm
Module Base: 8CED8000
Module End: 8CFA8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: ---
Module Base: 8CFA8000
Module End: 8CFAF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: ---
Module Base: 8CFAF000
Module End: 8CFB6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ehdrv.sys
Service Name: ehdrv
Module Base: 8CFB6000
Module End: 8CFD6000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8CFD6000
Module End: 8CFE2000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8CE00000
Module End: 8CE21000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8CE21000
Module End: 8CE2E000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8CE2E000
Module End: 8CE36000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8CE9F000
Module End: 8CEA7000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdprefmp.sys
Service Name: RDPREFMP
Module Base: 8CEA7000
Module End: 8CEAF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: ---
Module Base: 8CFE2000
Module End: 8CFED000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: ---
Module Base: 8CFED000
Module End: 8CFFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8CBD4000
Module End: 8CBEB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8CBEB000
Module End: 8CBF7000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 9121F000
Module End: 91279000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: 91279000
Module End: 912AB000
Hidden: No

Module Name: C:\Windows\system32\drivers\ws2ifsl.sys
Service Name: ws2ifsl
Module Base: 912AB000
Module End: 912B4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wfplwf.sys
Service Name: WfpLwf
Module Base: 912B4000
Module End: 912BB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: Psched
Module Base: 912BB000
Module End: 912DA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\EpfwLWF.sys
Service Name: EpfwLWF
Module Base: 912DA000
Module End: 912E6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hssdrv6.sys
Service Name: HssDRV6
Module Base: 912E6000
Module End: 912F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 912F5000
Module End: 91303000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: 91303000
Module End: 9131D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: WANARP
Module Base: 9131D000
Module End: 91330000
Hidden: No

Module Name: C:\Windows\System32\drivers\truecrypt.sys
Service Name: truecrypt
Module Base: 91330000
Module End: 91367000
Hidden: No

Module Name: C:\Windows\system32\drivers\termdd.sys
Service Name: TermDD
Module Base: 91367000
Module End: 91378000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Service Name: SASKUTIL
Module Base: 91378000
Module End: 9139A000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: 9139A000
Module End: 913A0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 913A0000
Module End: 913E1000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 913E1000
Module End: 913EB000
Hidden: No

Module Name: C:\Windows\system32\drivers\mssmbios.sys
Service Name: mssmbios
Module Base: 913EB000
Module End: 913F5000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\ElRawDsk.sys
Service Name: ElRawDisk
Module Base: 913F5000
Module End: 913FA000
Hidden: No

Module Name: C:\Windows\System32\drivers\discache.sys
Service Name: discache
Module Base: 91200000
Module End: 9120C000
Hidden: No

Module Name: C:\Windows\system32\drivers\csc.sys
Service Name: CSC
Module Base: 92604000
Module End: 92668000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 92668000
Module End: 92680000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\blbdrive.sys
Service Name: blbdrive
Module Base: 92680000
Module End: 9268E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 9268E000
Module End: 926AF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 926AF000
Module End: 926C1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: igfx
Module Base: 92E05000
Module End: 9330E000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 9330E000
Module End: 933C5000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgmms1.sys
Service Name: ---
Module Base: 933C5000
Module End: 933FE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 926C1000
Module End: 926CC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 926CC000
Module End: 92717000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 92717000
Module End: 92726000
Hidden: No

Module Name: C:\Windows\system32\drivers\HDAudBus.sys
Service Name: HDAudBus
Module Base: 92726000
Module End: 92745000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netw5v32.sys
Service Name: netw5v32
Module Base: 9342C000
Module End: 9383F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\b57nd60x.sys
Service Name: b57nd60x
Module Base: 9383F000
Module End: 9387B000
Hidden: No

Module Name: C:\Windows\system32\drivers\1394ohci.sys
Service Name: 1394ohci
Module Base: 9387B000
Module End: 938A8000
Hidden: No

Module Name: C:\Windows\system32\drivers\i8042prt.sys
Service Name: i8042prt
Module Base: 938A8000
Module End: 938C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 938C0000
Module End: 938CD000
Hidden: No

Module Name: C:\Windows\System32\drivers\keyscrambler.sys
Service Name: KeyScrambler
Module Base: 938CD000
Module End: 938F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 938F6000
Module End: 93903000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\serenum.sys
Service Name: Serenum
Module Base: 93903000
Module End: 9390D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 9390D000
Module End: 93911000
Hidden: No

Module Name: C:\Windows\system32\drivers\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 93911000
Module End: 9391A000
Hidden: No

Module Name: C:\Windows\system32\drivers\CompositeBus.sys
Service Name: CompositeBus
Module Base: 9391A000
Module End: 93927000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\AgileVpn.sys
Service Name: RasAgileVpn
Module Base: 93927000
Module End: 93939000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 93939000
Module End: 93951000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 93951000
Module End: 9395C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 9395C000
Module End: 9397E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 9397E000
Module End: 93996000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 93996000
Module End: 939AD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 939AD000
Module End: 939C4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\taphss6.sys
Service Name: taphss6
Module Base: 939C4000
Module End: 939D0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tapSF0901.sys
Service Name: tapSF0901
Module Base: 939D0000
Module End: 939D7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdpbus.sys
Service Name: rdpbus
Module Base: 939D7000
Module End: 939E1000
Hidden: No

Module Name: C:\Windows\system32\drivers\swenum.sys
Service Name: swenum
Module Base: 939E1000
Module End: 939E3000
Hidden: No

Module Name: C:\Windows\system32\drivers\ks.sys
Service Name: ---
Module Base: 92745000
Module End: 92779000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 939E3000
Module End: 939F1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 92779000
Module End: 927BD000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: ---
Module Base: 93400000
Module End: 93411000
Hidden: No

Module Name: C:\Windows\system32\drivers\HdAudio.sys
Service Name: HdAudAddService
Module Base: 93C12000
Module End: 93C62000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 93C62000
Module End: 93C91000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 93C91000
Module End: 93CAA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VSTAZL3.SYS
Service Name: SrvHsfHDA
Module Base: 93CAA000
Module End: 93CE7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VSTDPV3.SYS
Service Name: SrvHsfV92
Module Base: 93CE7000
Module End: 93DE9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
Service Name: SrvHsfWinac
Module Base: 93E00000
Module End: 93EB5000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 93EB5000
Module End: 93EC2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 93ECF000
Module End: 93EE6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 93EE6000
Module End: 93EE8000
Hidden: No

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 93EE8000
Module End: 93EF2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lvuvc.sys
Service Name: LVUVC
Module Base: 95631000
Module End: 95A51000
Hidden: No

Module Name: C:\Windows\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: 95A51000
Module End: 95A65000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lvrs.sys
Service Name: LVRS
Module Base: 95A65000
Module End: 95AB0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 95AB0000
Module End: 95ABB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\oz776.sys
Service Name: guardian2
Module Base: 95ABB000
Module End: 95ACB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SMCLIB.SYS
Service Name: ---
Module Base: 95ACB000
Module End: 95AD6000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\scfilter.sys
Service Name: scfilter
Module Base: 95AD6000
Module End: 95AE2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 95AE2000
Module End: 95AED000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 95AED000
Module End: 95B00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 95B00000
Module End: 95B07000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 95B07000
Module End: 95B13000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\dc3d.sys
Service Name: dc3d
Module Base: 95B13000
Module End: 95B25000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 95B25000
Module End: 95B30000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\point32.sys
Service Name: Point32
Module Base: 95B30000
Module End: 95B39000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 95B39000
Module End: 95B54000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\mbam.sys
Service Name: MBAMProtector
Module Base: 95B54000
Module End: 95B58000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\PDFsFilter.sys
Service Name: PDFsFilter
Module Base: 95B58000
Module End: 95B67000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\epfw.sys
Service Name: epfw
Module Base: 95B67000
Module End: 95B8F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 95B8F000
Module End: 95B98000
Hidden: No

Module Name: \??\C:\Program Files\Sandboxie\SbieDrv.sys
Service Name: SbieDrv
Module Base: 95B98000
Module End: 95BBB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 95BBB000
Module End: 95BCB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 93EF2000
Module End: 93F38000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 95BCB000
Module End: 95BDB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 95BDB000
Module End: 95BEE000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 93F38000
Module End: 93FBD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 95600000
Module End: 95619000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 95619000
Module End: 9562B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 93FBD000
Module End: 93FE0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 927BD000
Module End: 927F8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 93FE0000
Module End: 93FFB000
Hidden: No

Module Name: C:\Windows\system32\drivers\npf.sys
Service Name: NPF
Module Base: 95BEE000
Module End: 95BF5000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: AEA3A000
Module End: AEAD1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: ---
Module Base: AEAD1000
Module End: AEADB000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: AEADB000
Module End: AEAFC000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: AEAFC000
Module End: AEB09000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: AEB09000
Module End: AEB59000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: AEB59000
Module End: AEBAB000
Hidden: No

No SSDT Hooks found

No Kernel Hooks found

Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\Catalog
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache\{52b04cf6-6435-4d28-abc8-c0cb4f553324}
Status: Access denied

Object: C:\System Volume Information\WindowsImageBackup\SPPMetadataCache
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\namespace
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\pq
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\sm
Status: Access denied

Object: C:\Windows\CSC\v2.0.6\temp
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
Status: Access denied

Last edited by Voods on Thu 09 May 2013, 9:49 pm; edited 2 times in total (Reason for editing : Missed out info)


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Thu 09 May 2013, 9:38 pm

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : n [Admin rights]
Mode : Scan -- Date : 05/09/2013 11:21:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{128EE2C2-5A0A-4CA7-818A-28B243957FD2} : NameServer (, -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{128EE2C2-5A0A-4CA7-818A-28B243957FD2} : NameServer (, -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x80568C00)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2080BH G2 ATA Device +++++
--- User ---
[MBR] 705f5007b7f98c421fcc95eeb4195da6
[BSP] 78369d7e35d2aa9a39789a9ff1b0bd2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05092013_02d1121.txt >>


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Fri 10 May 2013, 5:07 am

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Fri 10 May 2013, 8:14 am

Hi there

I have deleted those entries. I also ran the eset online scanner, but no log file was produced and there was no option to export a logfile, it also wasn't in the default directory.

There was no threats found when the scan completed.


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Fri 10 May 2013, 9:08 am

How's your computer running now?

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Fri 10 May 2013, 9:16 am

My web browser(any) keeps changing pages on it's own. I'm having to reply on another computer as it will not stay on one page for more than a few seconds if that. Task bar and open windows are still freezing too.

It does boot quicker though. Was any infection present?


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Fri 10 May 2013, 1:07 pm

Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.
•Make your Internet Explorer more secure - This can be done by following these simple instructions:

•From within Internet Explorer click on the Tools menu and then click on Options.

•Click once on the Security tab

•Click once on the Internet icon so it becomes highlighted.

•Click once on the Custom Level button.

•Change the Download signed ActiveX controls to Prompt

•Change the Download unsigned ActiveX controls to Disable

•Change the Initialize and script ActiveX controls not marked as safe to Disable

•Change the Installation of desktop items to Prompt

•Change the Launching programs and files in an IFRAME to Prompt

•Change the Navigate sub-frames across different domains to Prompt

•When all these settings have been made, click on the OK button

•If it prompts you as to whether or not you want to save the settings, press the Yes button.

•Next press the Apply button and then the OK to exit the Internet Properties page.

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Fri 10 May 2013, 11:46 pm

I've ran the scan with no results found, but again no logfile was produced. I've looked in the usual location, in the program data folder too.
I should mention I still can't use windows explorer too.

I don't use Internet Explorer ever, do you still want me to follow those steps?


EDIT: It is also saying now that this copy of windows is not genuine, which it actually is genuine.

Could this affect this stability of the system and how can I correct this.

Last edited by Voods on Fri 10 May 2013, 11:59 pm; edited 1 time in total (Reason for editing : Missed info)


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Sat 11 May 2013, 5:28 am

I should mention I still can't use windows explorer too.
What do you mean?
I don't use Internet Explorer ever, do you still want me to follow those steps?
No, if you don't use IE, don't bother. What browser do you use?
It is also saying now that this copy of windows is not genuine, which it actually is genuine.

Could this affect this stability of the system and how can I correct this.
Where are you getting this warning? It must have something to do with validation.

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Voods on Sat 11 May 2013, 11:48 am

Hi again

Sorry for the confusion. When I try to use windows explorer, say I click on my computer, then click C: Drive, i'm lucky to be able to click on a folder, let alone a root folder before it takes me back to the libraries directory.

I can not click the start menu button or anywhere in the taskbar after opening a window or any program. I have to load Task manager and exit to gain control of clicking something else.

It took me 18 attempts to get on this page we are reviewing. Hence I took the option of using Windows Easy Transfer to send the logs to a working computer.

This computer is one from my old work. It came pre-installed with XP 5 years ago, with a corporate version of Windows. Will installing a corporate version of Windows 7 on this same machine cause any problems. Obviously a full format and fresh install has be implemented.

The warning appears in the bottom right of the screen, but sometimes it disappears and reappears. I have checked the wallpapers the are on display, incase the message is on the image itself, but it is not to be the case.

I'm happy for you to take control of my computer for you to experience the problems yourself.

Kind regards


I use Firefox and Chrome, Firefox mainly, I use no script, ad block plus, flash block in Firefox.


Senior Surfer
Senior Surfer

Posts : 229
Joined : 2008-12-07
Operating System : Windows 7 Professional

View user profile

Back to top Go down

Re: Multiple issues

Post by Superdave on Sat 11 May 2013, 12:03 pm

It would appear that there's something messed up in the OS and a reformat and fresh install would bring it back to life.

Tech Staff

Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Multiple issues

Post by Sponsored content Today at 1:14 pm

Sponsored content

Back to top Go down

View previous topic View next topic Back to top

Permissions in this forum:
You cannot reply to topics in this forum