[okosijomiti]

Hello,

I'm running Windows XP Pro, Service Pack 3, with security software being an up-to-date Comodo Internet Security Premium.

A few days ago, with Firefox, I visited a page on the website tinypic.com, and later on noticed that google safe browsing diagnostic page showed tinypic to have carried a scripting exploit recently.
AVG ThreatLabs site reports Blackhole Exploit Kit as a threat on the website.
Quttera free online heuristic URL scanner reports potentially suspicious javascript code injection (full report here: http://quttera.com/d...ort/tinypic.com )
urlquery.net reported "FILEMAGIC Macromedia Flash data (compressed)" alerts with a severity level of 3.

I have not noticed strange behaviour on my pc aside from some slight slowing down which I have no idea if it's related, and I don't recall any plug-in crashing when visiting the website in question etc., but I would appreciate if someone could take a look at my OTL logs and tell me if anything looks suspicious. I would like to make sure to eliminate the possibility of having been infected.
I have ran scans with Sophos Virus Removal Tool, Norton Power Eraser, and TDSSKiller. Nothing was found.

Below are the OTL logs. And if it's of any useful information, I recall having accessed the infected website for the first time on 5th of January, between 12 am & 1 am. Perhaps it would show in the created/modified files in the log section? Thanks for any help.


Edit: Using Emisoft's HiJackFree, I can see some services running that do not even appear at all when accessing services.msc. Such services are Remote Access Auto Connection driver (rasacd.sys), Remote Access IP ARP Driver (wanarp.sys), Remote Access NDIS WAN Driver (ndiswan.sys) and Remote Access PPOE Driver (raspppoe.sys), and mrxsmb.sys, for example. Is it normal to have this appear only through Emisoft's program and not through Windows' own service management? Should they be left running? I have never had any need for remote access.


___________________________________________________________________________________________

OTL logfile created on: 9.1.2013 9:16:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Nimi1\Omat tiedostot\Lataukset
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1015,48 Mb Total Physical Memory | 533,11 Mb Available Physical Memory | 52,50% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 25,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS
Drive E: | 36,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NIMI-A498799635 | User Name: Nimi1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.09 09:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nimi1\Omat tiedostot\Lataukset\OTL.exe
PRC - [2012.12.05 20:26:10 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.11.08 01:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012.11.08 01:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012.10.19 01:08:04 | 000,655,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\ouc.exe
PRC - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
PRC - [2008.04.14 08:12:12 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.08 22:40:48 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012.12.18 16:28:36 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SUO
MOD - [2012.12.05 20:26:09 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.19 01:08:09 | 001,148,416 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QtNetwork4.dll
MOD - [2012.10.19 01:08:09 | 000,843,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QueryStrategy.dll
MOD - [2012.10.19 01:08:09 | 000,398,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QtXml4.dll
MOD - [2012.10.19 01:08:07 | 002,415,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\QtCore4.dll
MOD - [2012.10.19 01:08:05 | 000,011,362 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\mingwm10.dll
MOD - [2012.10.19 01:08:04 | 000,655,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\ouc.exe
MOD - [2012.10.19 01:08:04 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
MOD - [2012.10.05 02:33:28 | 000,070,352 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
MOD - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MOD - [2008.04.14 08:11:40 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.01.08 22:40:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 20:26:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.08 01:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.10.19 01:08:04 | 000,655,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Broadband\UpdateDog\ouc.exe -- (Mobile Broadband. RunOuc)
SRV - [2011.03.14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013.01.09 07:57:22 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR311.SYS -- (SMR311)
DRV - [2012.11.08 01:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012.11.08 01:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012.11.08 01:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012.11.08 01:38:13 | 000,018,096 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2012.10.19 01:08:10 | 000,239,488 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.10.19 01:08:10 | 000,195,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.10.19 01:08:10 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.10.19 01:08:10 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012.10.19 01:08:10 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007.05.03 17:19:32 | 000,012,112 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se32.sys -- (se32)
DRV - [2003.02.17 06:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 20:26:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012.09.16 15:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Extensions
[2012.12.28 02:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions
[2012.09.17 23:07:24 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.12.28 02:44:36 | 000,533,036 | ---- | M] () (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.23 23:10:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.05 20:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.12.05 20:26:10 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 06:49:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.05 20:26:08 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bookplus-fi.xml
[2012.12.05 20:26:08 | 000,001,185 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fi.xml
[2012.12.05 20:26:08 | 000,001,396 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fi.xml
[2012.12.05 20:26:08 | 000,001,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fi.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-haku = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004.09.15 14:00:00 | 000,000,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1347809402609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1355080331125 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CCA5C57-0C5A-4BAB-ADFD-B748EE0B9E5B}: NameServer = 8.26.56.26,8.20.247.20
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Nykyinen kotisivu) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.15 23:57:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.03.17 01:27:22 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.02 03:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{45f0610c-1978-11e2-a661-8a4fe2d1d405}\Shell - "" = AutoRun
O33 - MountPoints2\{45f0610c-1978-11e2-a661-8a4fe2d1d405}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{45f0610e-1978-11e2-a661-d1a1349ce073}\Shell - "" = AutoRun
O33 - MountPoints2\{45f0610e-1978-11e2-a661-d1a1349ce073}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{cd7711cd-22e0-11e2-a670-ab798ddc2cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{cd7711cd-22e0-11e2-a670-ab798ddc2cb2}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.17 01:27:22 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.09 07:57:22 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2013.01.09 07:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\NPE
[2013.01.09 07:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013.01.09 06:21:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.09 06:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013.01.09 06:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nimi1\Käynnistä-valikko\Ohjelmat\Sophos
[2013.01.09 06:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.01.09 05:50:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nimi1\Recent
[2013.01.01 05:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\PeerBlock
[2013.01.01 05:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012.12.10 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.12.10 19:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.09 08:40:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.09 08:07:33 | 000,000,211 | ---- | M] () -- C:\boot.ini
[2013.01.09 08:00:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.09 08:00:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.09 07:59:56 | 000,010,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013.01.09 07:57:22 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2013.01.09 06:18:06 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Nimi1\Työpöytä\Sophos Virus Removal Tool.lnk
[2013.01.09 04:26:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Malwarebytes Anti-Malware.lnk
[2013.01.07 22:52:45 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Työpöytä\Mobile Broadband.lnk
[2013.01.05 20:16:35 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.01 05:47:55 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\Nimi1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerBlock.lnk
[2013.01.01 05:47:55 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Nimi1\Työpöytä\PeerBlock.lnk
[2012.12.29 06:26:05 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Nimi1\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012.12.21 19:39:11 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.09 06:16:30 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\Sophos Virus Removal Tool.lnk
[2013.01.01 05:47:55 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\Nimi1\Application Data\Microsoft\Internet Explorer\Quick Launch\PeerBlock.lnk
[2013.01.01 05:47:55 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\PeerBlock.lnk
[2012.12.30 00:07:35 | 000,032,315 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\04092010.jpg
[2012.12.23 23:34:36 | 000,036,355 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\2vmentx.jpg
[2012.12.23 23:34:36 | 000,034,358 | ---- | C] () -- C:\Documents and Settings\Nimi1\Työpöytä\25694jk.jpg
[2012.12.09 22:31:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.12.09 22:21:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.10.13 22:10:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012.09.28 23:17:01 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Nimi1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.16 15:49:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.09.16 02:42:55 | 000,004,381 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.09.16 02:41:50 | 000,122,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.16 01:44:05 | 000,010,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012.09.15 23:59:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.09.15 23:54:16 | 000,021,672 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.06.28 23:32:18 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:54:17 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:11:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.19 01:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012.09.26 02:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6
[2012.09.26 02:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012.10.19 01:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mobile Broadband
[2013.01.09 06:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012.09.26 02:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\Guitar Pro 6
[2012.09.26 02:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\MakeMusic
[2013.01.09 03:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\QuickScan
[2012.12.09 22:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\SystemRequirementsLab
[2012.10.31 00:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nimi1\Application Data\Trillian

========== Purity Check ==========



< End of report >



--------------------------------------------------------------------------------------------

OTL Extras logfile created on: 9.1.2013 9:16:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Nimi1\Omat tiedostot\Lataukset
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy

1015,48 Mb Total Physical Memory | 533,11 Mb Available Physical Memory | 52,50% Memory free
2,39 Gb Paging File | 1,89 Gb Available in Paging File | 79,04% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 25,25 Gb Free Space | 67,78% Space Free | Partition Type: NTFS
Drive E: | 36,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: NIMI-A498799635 | User Name: Nimi1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C940b-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1035-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Suomi
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Finale NotePad 2012" = Finale NotePad 2012
"Finale Reader" = Finale Reader 2011
"Guitar Pro 5_is1" = Guitar Pro 5.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mobile Broadband" = Mobile Broadband
"Monitor Asset Manager" = Monitor Asset Manager
"Mozilla Firefox 17.0.1 (x86 fi)" = Mozilla Firefox 17.0.1 (x86 fi)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Trillian" = Trillian
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"VLC media player" = VLC media player 2.0.4
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 9.1.2013 1:44:36 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.

Error - 9.1.2013 1:46:25 | Computer Name = NIMI-A498799635 | Source = atapi | ID = 262153
Description = Laite \Device\Ide\IdePort1 ei vastannut aikakatkaisuajan kuluessa.

Error - 9.1.2013 1:46:50 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.

Error - 9.1.2013 1:46:57 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.

Error - 9.1.2013 1:47:04 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.

Error - 9.1.2013 1:47:11 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.

Error - 9.1.2013 1:47:18 | Computer Name = NIMI-A498799635 | Source = Cdrom | ID = 262151
Description = Virheellinen lohko laitteessa \Device\CdRom0.

Error - 9.1.2013 2:00:16 | Computer Name = NIMI-A498799635 | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 ms) odottaa palvelun Mobile Broadband. OUC yhdistymistä.

Error - 9.1.2013 2:00:16 | Computer Name = NIMI-A498799635 | Source = Service Control Manager | ID = 7000
Description = Palvelua Mobile Broadband. OUC ei voi käynnistää. Virhekoodi on %%1053

Error - 9.1.2013 2:00:18 | Computer Name = NIMI-A498799635 | Source = Service Control Manager | ID = 7026
Description = Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
PCIIde


< End of report >

Edited by okosijomiti, 09 January 2013 - 05:00 AM.

[Advertisements]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[gringo_pr]

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[okosijomiti]

Thanks for the reply.



Security Checkup:

------------------------------------------------

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
COMODO Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
All Users Application Data Mobile Broadband OnlineUpdate\ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

------------------------------------------------

AdwCleaner:

------------------------------------------------

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 20:23:54
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Nimi1 - NIMI-A498799635
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Nimi1\Työpöytä\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (fi)

File : C:\Documents and Settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Nimi1\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1114 octets] - [09/01/2013 20:22:56]
AdwCleaner[S2].txt - [1050 octets] - [09/01/2013 20:23:54]

########## EOF - C:\AdwCleaner[S2].txt - [1110 octets] ##########

------------------------------------------------

RogueKiller:

------------------------------------------------

RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Nimi1 [Admin rights]
Mode : Remove -- Date : 01/09/2013 20:52:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{9CCA5C57-0C5A-4BAB-ADFD-B748EE0B9E5B} : NameServer (8.26.56.26,8.20.247.20) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{9CCA5C57-0C5A-4BAB-ADFD-B748EE0B9E5B} : NameServer (8.26.56.26,8.20.247.20) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400LB-60DNA1 +++++
--- User ---
[MBR] 16ee036e6202e424051bbe6d2da01a81
[BSP] 26f1ec6b4499a353d06092679ee323a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01092013_02d2052.txt >>
RKreport[1]_S_01092013_02d2035.txt ; RKreport[2]_D_01092013_02d2052.txt

------------------------------------------------



Do you see anything alarming in the logs?

Edited by okosijomiti, 09 January 2013 - 12:54 PM.

[gringo_pr]

Hello

no I do not see anything yet

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[okosijomiti]

Hi,

I ran into a bit of a problem. Combofix did some initial loading/scanning (I could see the progress bar) for maybe a minute, but then the application seemed to shut itself. It did not prompt me to do anything, nor was there a request for Recovery Console etc. I waited for about 10 minutes, there was no HD activity and Combofix could not be seen running anywhere. I checked taskmanager and it didn't show itself as a running process. Is this normal...?

I had closed all security software. I had exited Comodo Internet Security. After waiting for about 10 - 15 minutes to see if Combofix was running, I started Comodo and it reported to me a bunch of unrecognized files, such as erunt.3xe, swreg.3xe etc. I assume these were created by Combofix?

In either case, should I try running Combofix again or will it mess something up? What did I do wrong?

[okosijomiti]

Ok, it seemed Comodo had not shut itself down entirely after all, and it seemed to be conflicting with Combofix. Instead of 'exiting' Comodo I left it running but disabled antivirus and sandbox functions. I left the firewall mode on because I needed internet connection to install the Recovery Console.

Let me know if anything seems suspicious in the logs, thank you. Also, since Combofix ran in my native language, let me know if you need me to translate anything.

--------------------------------------------------------

ComboFix 13-01-08.01 - Nimi1 09.01.2013 22:19:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1015.739 [GMT 2:00]
Sijainti: c:\documents and settings\Nimi1\Ty÷p÷ytõ\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET11F.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD9.tmp
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-12-09 to 2013-01-09 )))))))))))))))))
.
.
2013-01-09 20:13 . 2013-01-09 20:13 -------- d--h--w- c:\windows\PIF
2013-01-09 08:50 . 2013-01-09 08:50 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-09 05:57 . 2013-01-09 06:13 -------- d-----w- c:\documents and settings\Nimi1\Local Settings\Application Data\NPE
2013-01-09 05:57 . 2013-01-09 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2013-01-09 04:16 . 2013-01-09 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-01-09 04:16 . 2013-01-09 04:16 73728 ----a-r- c:\documents and settings\Nimi1\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-01-09 04:16 . 2013-01-09 04:16 73728 ----a-r- c:\documents and settings\Nimi1\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-01-09 04:16 . 2013-01-09 04:16 73728 ----a-r- c:\documents and settings\Nimi1\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-01-09 04:16 . 2013-01-09 04:16 -------- d-----w- c:\program files\Sophos
2013-01-08 20:40 . 2013-01-08 20:40 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-01 03:47 . 2013-01-05 07:49 -------- d-----w- c:\program files\PeerBlock
2012-12-29 04:26 . 2008-04-14 06:11 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:40 . 2012-09-16 18:40 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:40 . 2012-09-16 18:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23 . 2004-09-15 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 14:49 . 2012-11-24 04:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 20:28 . 2012-12-09 20:29 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-09 20:28 . 2012-12-09 20:29 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 11:55 . 2004-09-15 12:00 1866624 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2012-03-11 18:13 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-11 18:13 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2012-03-11 18:13 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2012-03-11 18:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-11 18:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-03-11 18:13 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 02:00 . 2012-09-15 23:17 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:04 . 2004-09-15 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-09-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-09-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-09-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-09-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-18 23:08 . 2012-10-18 23:09 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-18 23:08 . 2012-10-18 23:09 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-10-18 23:08 . 2012-10-18 23:09 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-18 23:08 . 2012-10-18 23:09 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-18 23:08 . 2012-10-18 23:09 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-18 23:08 . 2012-10-18 23:09 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-18 23:08 . 2012-10-18 23:09 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-18 23:08 . 2012-10-18 23:09 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-18 23:08 . 2012-10-18 23:09 239488 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-10-18 23:08 . 2012-10-18 23:09 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-18 23:08 . 2012-10-18 23:09 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-18 23:08 . 2012-10-18 23:09 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-18 23:08 . 2012-10-18 23:09 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-10-18 23:08 . 2012-10-18 23:09 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-12-05 18:26 . 2012-12-05 18:25 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11.3.2012 20:13 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 20:13 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 20:13 32640]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [19.10.2012 1:09 73984]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.3.2011 17:27 271712]
S2 Mobile Broadband. RunOuc;Mobile Broadband. OUC;c:\program files\Mobile Broadband\UpdateDog\ouc.exe [19.10.2012 1:09 655712]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [19.10.2012 1:09 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [19.10.2012 1:09 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [19.10.2012 1:09 239488]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [3.5.2007 17:19 12112]
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
'Ajoitetut tehtävät'-kansion sisältö
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 20:40]
.
.
------- Täydentävä tarkistus -------
.
TCP: Interfaces\{9CCA5C57-0C5A-4BAB-ADFD-B748EE0B9E5B}: NameServer = 8.26.56.26,8.20.247.20
FF - ProfilePath - c:\documents and settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
SafeBoot-03719327.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 22:25
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(496)
c:\windows\system32\cmdcsr.dll
.
Valmistumisajankohta: 2013-01-09 22:27:49
ComboFix-quarantined-files.txt 2013-01-09 20:27
.
Ennen ajoa: 26 852 618 240 tavua vapaana
Ajon jälkeen: 26 814 881 792 tavua vapaana
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A3E8E71F1B9439FC2768FA85AB85BD7E

Edited by okosijomiti, 09 January 2013 - 02:39 PM.

[gringo_pr]

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

[okosijomiti]

Done.

Computer is running more or less the same it was before running Combofix... Today I have started noticing some very significant slowing down of the computer. Boot time has increased from around 20 seconds to over a minute, and Windows is running quite slow. Even when I move the mouse cursor around, I can see it lagging, ie. it stops frequently and periodically.

edit: From taking a quick look, it doesn't appear to me as though this Combofix log is different from the previous... is it possible I did something wrong regarding the CFScript? I left a space in front of the script line, I wonder if that has any effect?

Also, since you said this would be a good time to see if there's anything else to address, as I've been checking port activity through Emsisoft's HiJackFree, I notice that every now and then there keeps popping up countless of open TCP ports, about 30 or so at a time. The process is always 'system'. They come and disappear periodically. I notice that it always happens in an orderly fasion; ie. first there were a bunch of open ports popping up around the 1500 range, then 1600, 1700 etc. Now when I notice them appearing, they're around the 3700 range. It's as if someone's probing my ports one by one, but the port activity never changes from 'Waiting' to anything else. Could you tell me if this is normal?

------------------------------------------------------------------------

ComboFix 13-01-08.01 - Nimi1 09.01.2013 23:18:31.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.1015.744 [GMT 2:00]
Sijainti: c:\documents and settings\Nimi1\Ty÷p÷ytõ\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\Nimi1\Ty÷p÷ytõ\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-12-09 to 2013-01-09 )))))))))))))))))
.
.
2013-01-09 20:13 . 2013-01-09 20:13 -------- d--h--w- c:\windows\PIF
2013-01-09 08:50 . 2013-01-09 08:50 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-09 05:57 . 2013-01-09 06:13 -------- d-----w- c:\documents and settings\Nimi1\Local Settings\Application Data\NPE
2013-01-09 05:57 . 2013-01-09 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2013-01-09 04:16 . 2013-01-09 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-01-09 04:16 . 2013-01-09 04:16 73728 ----a-r- c:\documents and settings\Nimi1\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-01-09 04:16 . 2013-01-09 04:16 73728 ----a-r- c:\documents and settings\Nimi1\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-01-09 04:16 . 2013-01-09 04:16 73728 ----a-r- c:\documents and settings\Nimi1\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-01-09 04:16 . 2013-01-09 04:16 -------- d-----w- c:\program files\Sophos
2013-01-08 20:40 . 2013-01-08 20:40 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-01 03:47 . 2013-01-05 07:49 -------- d-----w- c:\program files\PeerBlock
2012-12-29 04:26 . 2008-04-14 06:11 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:40 . 2012-09-16 18:40 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 20:40 . 2012-09-16 18:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23 . 2004-09-15 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 14:49 . 2012-11-24 04:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 20:28 . 2012-12-09 20:29 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-09 20:28 . 2012-12-09 20:29 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-13 11:55 . 2004-09-15 12:00 1866624 ----a-w- c:\windows\system32\win32k.sys
2012-11-07 23:38 . 2012-03-11 18:13 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-11 18:13 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2012-03-11 18:13 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2012-03-11 18:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-11 18:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-03-11 18:13 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 02:00 . 2012-09-15 23:17 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:04 . 2004-09-15 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-09-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-09-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-09-15 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-09-15 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-18 23:08 . 2012-10-18 23:09 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-18 23:08 . 2012-10-18 23:09 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-10-18 23:08 . 2012-10-18 23:09 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-18 23:08 . 2012-10-18 23:09 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-18 23:08 . 2012-10-18 23:09 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-18 23:08 . 2012-10-18 23:09 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-18 23:08 . 2012-10-18 23:09 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-10-18 23:08 . 2012-10-18 23:09 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-18 23:08 . 2012-10-18 23:09 239488 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-10-18 23:08 . 2012-10-18 23:09 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-18 23:08 . 2012-10-18 23:09 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-18 23:08 . 2012-10-18 23:09 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-18 23:08 . 2012-10-18 23:09 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-10-18 23:08 . 2012-10-18 23:09 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-12-05 18:26 . 2012-12-05 18:25 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [11.3.2012 20:13 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11.3.2012 20:13 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11.3.2012 20:13 32640]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [19.10.2012 1:09 73984]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14.3.2011 17:27 271712]
S2 Mobile Broadband. RunOuc;Mobile Broadband. OUC;c:\program files\Mobile Broadband\UpdateDog\ouc.exe [19.10.2012 1:09 655712]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2.6.2011 11:08 11336]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [19.10.2012 1:09 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [19.10.2012 1:09 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [19.10.2012 1:09 239488]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [3.5.2007 17:19 12112]
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - WS2IFSL
.
'Ajoitetut tehtävät'-kansion sisältö
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 20:40]
.
.
------- Täydentävä tarkistus -------
.
TCP: Interfaces\{9CCA5C57-0C5A-4BAB-ADFD-B748EE0B9E5B}: NameServer = 8.26.56.26,8.20.247.20
FF - ProfilePath - c:\documents and settings\Nimi1\Application Data\Mozilla\Firefox\Profiles\rr5k65fa.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 23:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\�•€|ÿÿÿÿ"•€|þ»Ów*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
--------------------- Prosesseihin ladatut DLLt ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(4032)
c:\windows\system32\guard32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(488)
c:\windows\system32\cmdcsr.dll
.
Valmistumisajankohta: 2013-01-09 23:26:44
ComboFix-quarantined-files.txt 2013-01-09 21:26
ComboFix2.txt 2013-01-09 20:27
.
Ennen ajoa: 26 797 903 872 tavua vapaana
Ajon jälkeen: 26 797 674 496 tavua vapaana
.
- - End Of File - - 94AA8EB7A9F5E56DA15A2DBB78D9438D

Edited by okosijomiti, 09 January 2013 - 09:33 PM.

[gringo_pr]

Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo

[okosijomiti]

Ah, my computer runs much faster now. My master drive's current transfer mode was set as PIO before I resetted it now. Why would it ever be set as PIO?
From looking at events manager I can see a bunch of atapi related error messages: "The device, \Ide\IdePort0, did not respond within the timeout period." Curiously enough, they seem to have appeared when disconnecting from the internet.
Also a few cases of a "PCIIde could not be loaded" (event ID: 7026, source: Service Control Manager) errors at boot-up.

In either case, thanks very much! What's the next step?

Edited by okosijomiti, 10 January 2013 - 12:36 AM.

[gringo_pr]

Hello


I have seen XP do that after a blue screen

I would like to see a report that combofix makes.

extra combofix report

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

• click ok

copy and paste the report into this topic for me to review

Gringo

[okosijomiti]

Hi.

I will be doing that in a moment, but I'd like to report first that Comodo antivirus scanner found a Rootkit.HiddenValue@0 at "HKEY_CURRENT_USER\Software\Microsoft\Windows\NT\CurrentVersion\Windows\load" but fails to remove it.

Will post ComboFix logs soon.

Edited by okosijomiti, 10 January 2013 - 12:18 PM.

[gringo_pr]

that is in the registry and is not active

[okosijomiti]

Noticed from the extra ComboFix report that there's something called "WebFldrs XP" in it. However, I can't see it if I access Windows' own Add/Remove Programs function. Can't see it through CCleaner's Uninstall tool either. Normal? Also a few other programs, including Microsoft Choice Guard, which seems to come with Microsoft Security Essentials, but I've never had that software on my PC.

Also, I just realized that I didn't run OTL from my desktop, but instead from a Downloads folder. Comodo might have also limited some of OTL's permissions... let me know if I should run a new OTL scan from desktop and post you the results.

Combofix logs below.

------------------------------------------------------

Adobe Flash Player 11 Plugin
Adobe Reader XI - Suomi
CCleaner
COMODO Internet Security
Finale NotePad 2012
Finale Reader 2011
Guitar Pro 5.0
Guitar Pro 6
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows XP:lle (KB2633952)
Hotfix-päivitys Windows XP:lle (KB2756822)
Hotfix-päivitys Windows XP:lle (KB2779562)
Hotfix-päivitys Windows XP:lle (KB952287)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB976002-v5)
Intel® Extreme Graphics 2 Driver
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windowsin Tietoturvapäivitys (KB2564958)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobile Broadband
Monitor Asset Manager
Mozilla Firefox 17.0.1 (x86 fi)
Mozilla Maintenance Service
MSVCRT
PeerBlock 1.1 (r518)
Päivitys Windows XP:lle (KB2345886)
Päivitys Windows XP:lle (KB2467659)
Päivitys Windows XP:lle (KB2661254-v2)
Päivitys Windows XP:lle (KB2718704)
Päivitys Windows XP:lle (KB2736233)
Päivitys Windows XP:lle (KB2749655)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955759)
Päivitys Windows XP:lle (KB961503)
Päivitys Windows XP:lle (KB968389)
Päivitys Windows XP:lle (KB971029)
Päivitys Windows XP:lle (KB973815)
Segoe UI
Sophos Virus Removal Tool
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2510531)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2544521)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2722913)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2744842)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2761465)
Suojauspäivitys Windows Media Player 11:lle (KB954154)
Suojauspäivitys Windows Media Playerille (KB2378111)
Suojauspäivitys Windows Media Playerille (KB952069)
Suojauspäivitys Windows Media Playerille (KB954155)
Suojauspäivitys Windows Media Playerille (KB973540)
Suojauspäivitys Windows Media Playerille (KB975558)
Suojauspäivitys Windows Media Playerille (KB978695)
Suojauspäivitys Windows XP:lle (KB2115168)
Suojauspäivitys Windows XP:lle (KB2229593)
Suojauspäivitys Windows XP:lle (KB2296011)
Suojauspäivitys Windows XP:lle (KB2347290)
Suojauspäivitys Windows XP:lle (KB2360937)
Suojauspäivitys Windows XP:lle (KB2387149)
Suojauspäivitys Windows XP:lle (KB2393802)
Suojauspäivitys Windows XP:lle (KB2419632)
Suojauspäivitys Windows XP:lle (KB2423089)
Suojauspäivitys Windows XP:lle (KB2440591)
Suojauspäivitys Windows XP:lle (KB2443105)
Suojauspäivitys Windows XP:lle (KB2476490)
Suojauspäivitys Windows XP:lle (KB2478960)
Suojauspäivitys Windows XP:lle (KB2478971)
Suojauspäivitys Windows XP:lle (KB2479943)
Suojauspäivitys Windows XP:lle (KB2481109)
Suojauspäivitys Windows XP:lle (KB2483185)
Suojauspäivitys Windows XP:lle (KB2485663)
Suojauspäivitys Windows XP:lle (KB2506212)
Suojauspäivitys Windows XP:lle (KB2507618)
Suojauspäivitys Windows XP:lle (KB2507938)
Suojauspäivitys Windows XP:lle (KB2508429)
Suojauspäivitys Windows XP:lle (KB2509553)
Suojauspäivitys Windows XP:lle (KB2510581)
Suojauspäivitys Windows XP:lle (KB2535512)
Suojauspäivitys Windows XP:lle (KB2536276-v2)
Suojauspäivitys Windows XP:lle (KB2544521)
Suojauspäivitys Windows XP:lle (KB2544893-v2)
Suojauspäivitys Windows XP:lle (KB2566454)
Suojauspäivitys Windows XP:lle (KB2570947)
Suojauspäivitys Windows XP:lle (KB2584146)
Suojauspäivitys Windows XP:lle (KB2585542)
Suojauspäivitys Windows XP:lle (KB2592799)
Suojauspäivitys Windows XP:lle (KB2598479)
Suojauspäivitys Windows XP:lle (KB2603381)
Suojauspäivitys Windows XP:lle (KB2618451)
Suojauspäivitys Windows XP:lle (KB2619339)
Suojauspäivitys Windows XP:lle (KB2620712)
Suojauspäivitys Windows XP:lle (KB2624667)
Suojauspäivitys Windows XP:lle (KB2631813)
Suojauspäivitys Windows XP:lle (KB2646524)
Suojauspäivitys Windows XP:lle (KB2653956)
Suojauspäivitys Windows XP:lle (KB2655992)
Suojauspäivitys Windows XP:lle (KB2659262)
Suojauspäivitys Windows XP:lle (KB2661637)
Suojauspäivitys Windows XP:lle (KB2676562)
Suojauspäivitys Windows XP:lle (KB2686509)
Suojauspäivitys Windows XP:lle (KB2691442)
Suojauspäivitys Windows XP:lle (KB2698365)
Suojauspäivitys Windows XP:lle (KB2705219)
Suojauspäivitys Windows XP:lle (KB2707511)
Suojauspäivitys Windows XP:lle (KB2712808)
Suojauspäivitys Windows XP:lle (KB2719985)
Suojauspäivitys Windows XP:lle (KB2722913)
Suojauspäivitys Windows XP:lle (KB2723135)
Suojauspäivitys Windows XP:lle (KB2724197)
Suojauspäivitys Windows XP:lle (KB2727528)
Suojauspäivitys Windows XP:lle (KB2731847)
Suojauspäivitys Windows XP:lle (KB2753842-v2)
Suojauspäivitys Windows XP:lle (KB2753842)
Suojauspäivitys Windows XP:lle (KB2757638)
Suojauspäivitys Windows XP:lle (KB2758857)
Suojauspäivitys Windows XP:lle (KB2761226)
Suojauspäivitys Windows XP:lle (KB2770660)
Suojauspäivitys Windows XP:lle (KB2779030)
Suojauspäivitys Windows XP:lle (KB923561)
Suojauspäivitys Windows XP:lle (KB923789)
Suojauspäivitys Windows XP:lle (KB946648)
Suojauspäivitys Windows XP:lle (KB950762)
Suojauspäivitys Windows XP:lle (KB950974)
Suojauspäivitys Windows XP:lle (KB951376-v2)
Suojauspäivitys Windows XP:lle (KB952004)
Suojauspäivitys Windows XP:lle (KB952954)
Suojauspäivitys Windows XP:lle (KB956572)
Suojauspäivitys Windows XP:lle (KB956744)
Suojauspäivitys Windows XP:lle (KB956802)
Suojauspäivitys Windows XP:lle (KB956844)
Suojauspäivitys Windows XP:lle (KB959426)
Suojauspäivitys Windows XP:lle (KB960803)
Suojauspäivitys Windows XP:lle (KB960859)
Suojauspäivitys Windows XP:lle (KB969059)
Suojauspäivitys Windows XP:lle (KB970430)
Suojauspäivitys Windows XP:lle (KB971657)
Suojauspäivitys Windows XP:lle (KB972270)
Suojauspäivitys Windows XP:lle (KB973507)
Suojauspäivitys Windows XP:lle (KB973869)
Suojauspäivitys Windows XP:lle (KB973904)
Suojauspäivitys Windows XP:lle (KB974112)
Suojauspäivitys Windows XP:lle (KB974318)
Suojauspäivitys Windows XP:lle (KB974392)
Suojauspäivitys Windows XP:lle (KB974571)
Suojauspäivitys Windows XP:lle (KB975025)
Suojauspäivitys Windows XP:lle (KB975467)
Suojauspäivitys Windows XP:lle (KB975560)
Suojauspäivitys Windows XP:lle (KB975713)
Suojauspäivitys Windows XP:lle (KB977816)
Suojauspäivitys Windows XP:lle (KB977914)
Suojauspäivitys Windows XP:lle (KB978338)
Suojauspäivitys Windows XP:lle (KB978542)
Suojauspäivitys Windows XP:lle (KB978706)
Suojauspäivitys Windows XP:lle (KB979309)
Suojauspäivitys Windows XP:lle (KB979482)
Suojauspäivitys Windows XP:lle (KB979687)
Suojauspäivitys Windows XP:lle (KB981322)
Suojauspäivitys Windows XP:lle (KB981997)
Suojauspäivitys Windows XP:lle (KB982132)
Suojauspäivitys Windows XP:lle (KB982665)
System Requirements Lab for Intel
Trillian
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.20 (32-bit)
VLC media player 2.0.4

------------------------------------------------------

Edited by okosijomiti, 10 January 2013 - 07:37 PM.

[okosijomiti]

I should mention that Comodo's software (Comodo Cleaning Essentials) reported an abnormal system settings: "Disabled MsConfig." So I have two questions: 1) is this an alarming sign or could it be due to using ComboFix and various other security softwares? And 2) Can I safely allow Comodo to repair the system setting or will it interfere with our progress here?

Edited by okosijomiti, 10 January 2013 - 07:40 PM.