jpaulr
-
Posts
33 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by jpaulr
-
Program_error_updating (2,0, connection refused)
jpaulr replied to jpaulr's topic in Malwarebytes for Windows Support Forum
It will not update. I did get AV to start. I keep getting the update error. The strange thing is I have been running scheduled nightly scans and updating the database every morning. All of a sudden my libs are 10 days old and I get that 2,0 connection error? I am not sure what to do next. -
Program_error_updating (2,0, connection refused)
jpaulr replied to jpaulr's topic in Malwarebytes for Windows Support Forum
Doesn't work. It will not update. -
I did follow the directions for the other topic similar to this - uninstalled, ran MBAM_Clean, rebooted, downloaded the version from major geeks and continue to get the 10-day old lib would you like to update error. I have a licensed the pro version and do have the prod id / key but did not redo it yet. AV was off. I am unable now to start my AV? Maybe something else going on?
-
So I think this means we're good. I know you guys probably hear this a lot, but THANK YOU SO MUCH for your help. I said to my daughter this just proves that there are good people out there b/c you wonder sometimes. Obviously I could not have done this without your help. You guys are great. I did buy MBAB for my laptop (FWIW) and I have you "liked" on FB - always mention MBAM to anyone that ever having a problem. Have a good weekend!!
-
I ran 2 scans. First full scan - had a reg key item hit which MBAM said it removed and required a restart. I restarted, checked for updates and ran another scan but a quick one this time. That came back clean. Results of full then quick pasted below. FULL SCAN Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6248 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/2/2011 4:57:44 PM mbam-log-2011-04-02 (16-57-44).txt Scan type: Full scan (C:\|) Objects scanned: 270545 Time elapsed: 1 hour(s), 1 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) QUICK SCAN Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6249 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/2/2011 5:19:57 PM mbam-log-2011-04-02 (17-19-57).txt Scan type: Quick scan Objects scanned: 154601 Time elapsed: 4 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Hm. I tried one of the other "randomly named" files downloaded earlier, got an error - some kind of runtime? - but it seems to be working. It updated to the most current database and I'm running a full scan now.
-
trying to download and install MBAM from download.cnet.com Continuing to get the error PROGRAM_ERROR_MISSING_FILE (2,0, mbamcore.dll) The system cannot find the file specified.
-
I waited for the txt file to pop up but it didn't. I went into c:/combofix and grabbed it there. HD seems to be being hit a lot - but otherwise seems to be working ok? I haven't tried installing MBAM or anything else until I hear back from you. ComboFix 11-04-02.01 - Kelsey Richards 04/02/2011 14:58:19.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.544 [GMT -4:00] Running from: C:\Documents and Settings\Kelsey Richards\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Kelsey Richards\Desktop\Windows Repair.lnk C:\Documents and Settings\Kelsey Richards\Start Menu\Programs\Windows Repair C:\Documents and Settings\Kelsey Richards\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk C:\Documents and Settings\Kelsey Richards\Start Menu\Programs\Windows Repair\Windows Repair.lnk C:\Program Files\HP\HPBTWD.exe C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.1.1.inf ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 ))))))))))))))))))))))))))))))) 2011-04-02 17:58:17 . 2011-04-02 18:39:27 524222 ----a-w- C:\WINDOWS\system32\PerfStringBackup.TMP 2011-04-02 15:02:17 . 2010-12-20 22:09:00 38224 ---ha-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011-03-30 01:51:32 . 2011-03-30 01:51:33 -------- d--h--w- C:\Documents and Settings\Administrator 2011-03-28 21:53:05 . 2008-04-15 12:00:00 4224 ---ha-w- C:\WINDOWS\system32\beep.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-02-09 13:53:52 . 2011-02-09 13:53:52 270848 ---ha-w- C:\WINDOWS\system32\sbe.dll 2011-02-09 13:53:52 . 2011-02-09 13:53:52 186880 ---ha-w- C:\WINDOWS\system32\encdec.dll 2011-02-02 07:58:35 . 2011-02-02 07:58:35 2067456 ---ha-w- C:\WINDOWS\system32\mstscax.dll 2011-01-27 11:57:06 . 2011-01-27 11:57:06 677888 ---ha-w- C:\WINDOWS\system32\mstsc.exe 2011-01-21 14:44:37 . 2011-01-21 14:44:37 439296 ---ha-w- C:\WINDOWS\system32\shimgvw.dll 2011-01-07 14:09:02 . 2011-01-07 14:09:02 290048 ---ha-w- C:\WINDOWS\system32\atmfd.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856] "ooVoo.exe"="C:\program files\oovoo\oovoo.exe" [2010-06-10 15:31:38 18702520] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 16:28:36 2010864] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-12-03 21:46:34 14944136] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 12:00:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 21:46:46 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 21:46:46 159744] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 21:46:18 131072] "AESTFltr"="C:\WINDOWS\system32\AESTFltr.exe" [2009-02-18 21:41:56 737280] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 02:40:16 1418536] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 09:34:24 35184] "HP Mobile Broadband"="c:\SWsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 23:15:30 455224] "Syncables"="C:\Program Files\syncables\syncables desktop\Syncables.exe" [2009-04-02 08:51:00 173360] "Microsoft Default Manager"="c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 23:03:24 224616] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 21:51:00 488752] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 09:23:12 149280] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 17:08:47 209153] C:\Documents and Settings\Kelsey Richards\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21:42 548352 ---ha-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"= "C:\\Program Files\\ooVoo\\ooVoo.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:ooVoo TCP port 443 "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 R0 SahdIa32;HDD Filter Driver;C:\WINDOWS\system32\drivers\SahdIa32.sys [6/14/2009 3:38:49 PM 21488] R0 SaibIa32;Volume Filter Driver;C:\WINDOWS\system32\drivers\SaibIa32.sys [6/14/2009 3:38:49 PM 15856] R0 SysCow;SysCow;C:\WINDOWS\system32\drivers\syscow32x.sys [9/25/2008 1:09:40 AM 103792] R1 SaibVd32;Virtual Disk Driver;C:\WINDOWS\system32\drivers\SaibVd32.sys [6/14/2009 3:38:49 PM 25584] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25:50 AM 12872] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15:58 AM 66632] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/12/2008 1:46:22 AM 125424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [9/25/2009 9:30:32 AM 108289] R2 BOTService;BOTService;C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 3:04:38 PM 203248] R3 AESTAud;AE Audio Service;C:\WINDOWS\system32\drivers\AESTAud.sys [6/14/2009 3:28:49 PM 113664] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sys [3/2/2009 5:03:48 PM 38912] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\drivers\ManyCam.sys [1/14/2008 6:06:32 AM 21632] R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15:58 AM 12872] S2 Norton Internet Security;Norton Internet Security;"C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [4/2/2011 11:02:17 AM 38224] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\WINDOWS\system32\Drivers\RTS5121.sys --> C:\WINDOWS\system32\Drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys --> C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [?] Contents of the 'Scheduled Tasks' folder 2011-04-02 C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job - C:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 19:05:10 . 2009-03-19 19:05:10] ------- Supplementary Scan ------- uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&product_name=Compaq%20Mini%20110c-1000&PROD_SERIAL_ID=CNU9351Z89&PURCH_DT_MONTH=09&PURCH_DT_DAY=25&PURCH_DT_YEAR=2009&gwCountry=US&language=EN&prodOS=011 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-Weather - C:\Program Files\AWS\WeatherBug\Weather.exe HKCU-Run-nQGlolukEsmR - C:\Documents and Settings\All Users\Application Data\nQGlolukEsmR.exe HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe HKLM-Run-HP BTW Detect Program - C:\Program Files\HP\HPBTWD.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-02 15:11:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security] "ImagePath"="\"C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(544) C:\Program Files\SUPERAntiSpyware\SASWINLO.dll C:\WINDOWS\system32\WININET.dll - - - - - - - > 'explorer.exe'(2960) C:\WINDOWS\system32\WININET.dll C:\WINDOWS\system32\webcheck.dll C:\WINDOWS\system32\IEFRAME.dll C:\WINDOWS\system32\WPDShServiceObj.dll C:\WINDOWS\system32\PortableDeviceTypes.dll C:\WINDOWS\system32\PortableDeviceApi.dll ------------------------ Other Running Processes ------------------------ c:\program files\idt\wdm\STacSV.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\syncables\syncables desktop\MigoMapi.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Java\jre6\bin\jucheck.exe ************************************************************************** Completion time: 2011-04-02 15:17:44 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-02 19:17:38 Pre-Run: 2,489,466,880 bytes free Post-Run: 2,661,879,808 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 294167AE62EE9C499F6EAFB964706154
-
DDS (Ver_09-06-26.01) - NTFSx86 Run by Kelsey Richards at 14:38:43.18 on Sat 04/02/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.400 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HPBTWD.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\syncables\syncables desktop\Syncables.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\program files\oovoo\oovoo.exe C:\Program Files\syncables\syncables desktop\MigoMapi.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kelsey Richards\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&product_name=Compaq%20Mini%20110c-1000&PROD_SERIAL_ID=CNU9351Z89&PURCH_DT_MONTH=09&PURCH_DT_DAY=25&PURCH_DT_YEAR=2009&gwCountry=US&language=EN&prodOS=011 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [nQGlolukEsmR] c:\documents and settings\all users\application data\nQGlolukEsmR.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\kelsey~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-6-14 21488] R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-6-14 15856] R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2008-9-25 103792] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-25 11608] R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-6-14 25584] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-12-12 125424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-25 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-25 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-25 56816] R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-3-19 203248] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-2 38224] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] =============== Created Last 30 ================ 2011-04-02 13:58 524,222 a------- c:\windows\system32\PerfStringBackup.TMP 2011-04-02 11:02 38,224 a---h--- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 17:53 4,224 a---h--- c:\windows\system32\beep.sys ==================== Find3M ==================== 2011-02-09 09:53 270,848 a---h--- c:\windows\system32\sbe.dll 2011-02-09 09:53 186,880 a---h--- c:\windows\system32\encdec.dll 2011-02-09 09:53 270,848 ----h--- c:\windows\system32\dllcache\sbe.dll 2011-02-09 09:53 186,880 ----h--- c:\windows\system32\dllcache\encdec.dll 2011-02-02 03:58 2,067,456 a---h--- c:\windows\system32\mstscax.dll 2011-02-02 03:58 2,067,456 ----h--- c:\windows\system32\dllcache\lhmstscx.dll 2011-01-27 07:57 677,888 a---h--- c:\windows\system32\mstsc.exe 2011-01-27 07:57 677,888 ----h--- c:\windows\system32\dllcache\lhmstsc.exe 2011-01-21 10:44 439,296 a---h--- c:\windows\system32\shimgvw.dll 2011-01-21 10:44 8,462,336 ----h--- c:\windows\system32\dllcache\shell32.dll 2011-01-21 10:44 439,296 ----h--- c:\windows\system32\dllcache\shimgvw.dll 2011-01-07 10:09 290,048 a---h--- c:\windows\system32\atmfd.dll 2011-01-07 10:09 290,048 ----h--- c:\windows\system32\dllcache\atmfd.dll 2008-06-24 21:17 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-09-25 16:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092520090926\index.dat 2010-03-10 16:05 32,768 ac-sh--- c:\windows\temp\cookies\index.dat 2010-03-10 16:05 32,768 ac-sh--- c:\windows\temp\history\history.ie5\index.dat 2010-03-10 16:05 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 14:39:30.01 ===============
-
I deleted those files and tried to run MBAM from one of the randomly named files. It said I have to reboot because the prior installation didn't complete (that was from a randomly named file). I tried MBAM.exe will not run get the FILE_NOT_FOUND thing. I rebooted the machine, browsed to MBAM and tried to run one of the randoms and got the file not found. I went to www.malwarebytes to download a new copy and I can't (I never get the prompt to download the file). I have rebooted the machine again and will operate from a clean slate here. Paul
-
I ran RKill just before this which seems to have at least stopped WR from grinding this machine to a halt (I had been posting from my laptop). I did try to install MBAM but same error. If you need me to run DDS again w/out the pregame stuff just let me know and thanks again. DDS (Ver_09-06-26.01) - NTFSx86 Run by Kelsey Richards at 14:03:29.10 on Sat 04/02/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.405 [GMT -4:00] AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\HP\HPBTWD.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\syncables\syncables desktop\Syncables.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\program files\oovoo\oovoo.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\syncables\syncables desktop\MigoMapi.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\attrib.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kelsey Richards\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&product_name=Compaq%20Mini%20110c-1000&PROD_SERIAL_ID=CNU9351Z89&PURCH_DT_MONTH=09&PURCH_DT_DAY=25&PURCH_DT_YEAR=2009&gwCountry=US&language=EN&prodOS=011 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [nQGlolukEsmR] c:\documents and settings\all users\application data\nQGlolukEsmR.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "c:\program files\malwarebytes' anti-malware\mbamext.dll" StartupFolder: c:\docume~1\kelsey~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE mPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-6-14 21488] R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-6-14 15856] R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2008-9-25 103792] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-25 11608] R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-6-14 25584] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-12-12 125424] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-25 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-25 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-25 56816] R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-3-19 203248] R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-4-2 38224] S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?] S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] =============== Created Last 30 ================ 2011-04-02 13:58 524,222 a------- c:\windows\system32\PerfStringBackup.TMP 2011-04-02 11:02 38,224 a---h--- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 18:00 467,968 a---h--- c:\docume~1\alluse~1\applic~1\19849012.exe 2011-03-28 17:53 4,224 a---h--- c:\windows\system32\beep.sys 2011-03-28 17:51 546,304 a---h--- c:\docume~1\alluse~1\applic~1\nQGlolukEsmR.exe ==================== Find3M ==================== 2011-02-09 09:53 270,848 a---h--- c:\windows\system32\sbe.dll 2011-02-09 09:53 186,880 a---h--- c:\windows\system32\encdec.dll 2011-02-09 09:53 270,848 ----h--- c:\windows\system32\dllcache\sbe.dll 2011-02-09 09:53 186,880 ----h--- c:\windows\system32\dllcache\encdec.dll 2011-02-02 03:58 2,067,456 a---h--- c:\windows\system32\mstscax.dll 2011-02-02 03:58 2,067,456 ----h--- c:\windows\system32\dllcache\lhmstscx.dll 2011-01-27 07:57 677,888 a---h--- c:\windows\system32\mstsc.exe 2011-01-27 07:57 677,888 ----h--- c:\windows\system32\dllcache\lhmstsc.exe 2011-01-21 10:44 439,296 a---h--- c:\windows\system32\shimgvw.dll 2011-01-21 10:44 8,462,336 ----h--- c:\windows\system32\dllcache\shell32.dll 2011-01-21 10:44 439,296 ----h--- c:\windows\system32\dllcache\shimgvw.dll 2011-01-07 10:09 290,048 a---h--- c:\windows\system32\atmfd.dll 2011-01-07 10:09 290,048 ----h--- c:\windows\system32\dllcache\atmfd.dll 2008-06-24 21:17 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-09-25 16:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092520090926\index.dat 2010-03-10 16:05 32,768 ac-sh--- c:\windows\temp\cookies\index.dat 2010-03-10 16:05 32,768 ac-sh--- c:\windows\temp\history\history.ie5\index.dat 2010-03-10 16:05 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 14:05:42.48 ===============
-
By user name. It's a compaq netbook. She is the only user.
-
Daughter tried to install a flash player and we got this piece of garbage. I've tried running Mbam in safe mode, downloading and installing MBAM even with random file names with no success. I tried running RKill - which did stop some processes - then installing MBAM with a random file name but I keep getting the same Progam_error_missing_file bull. Did all the self-help I could. Require expert assistance. Thanks you guys. Paul
-
I just want to mention I've tried this not only in regular mode but in safe mode with networking with no success.
-
WindowsRepair infection. I've tried safe mode w/ networking. I've tried using the random name. I've tried using explorer.exe Nothing is working. Thanks in advance for your help. Paul
-
Everything looks ok now? Do I run the un-defogger?
-
MBAM log looks clean. I was not prompted to reboot. Malwarebytes' Anti-Malware 1.44 Database version: 3811 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/2/2010 6:43:09 AM mbam-log-2010-03-02 (06-43-09).txt Scan type: Full Scan (C:\|) Objects scanned: 175460 Time elapsed: 37 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Attached are the 3 specified logs. The attach.txt log was produced but you did not ask for it? I have it if you need it. Paul OLT Log All processes killed ========== FILES ========== File\Folder C:\WINDOWS\Temp\wmpscfgs.exe not found. C:\Program Files\Adobe\6729140.old moved successfully. File\Folder C:\Program Files\Adobe\6729140.old not found. File\Folder C:\recycler not found. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. File\Folder g:\recycler not found. File\Folder h:\recycler not found. ========== COMMANDS ========== [EMPTYTEMP] User: #1Mom ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: Paul1 ->Temp folder emptied: 99186637 bytes ->Temporary Internet Files folder emptied: 17437735 bytes ->Java cache emptied: 128013 bytes ->FireFox cache emptied: 32214258 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3284 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34320 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 142.00 mb Restore point Set: OTL Restore Point (64424509440) OTL by OldTimer - Version 3.1.30.3 log created on 03012010_230207 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ROOT REPEAL LOG ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/03/01 23:14 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! DDS LOG DDS (Ver_09-12-01.01) - NTFSx86 Run by Paul1 at 23:15:52.26 on Mon 03/01/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.237 [GMT -5:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Paul1\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\paul1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\research Trusted Zone: ameritrade.com\wwws Trusted Zone: tdameritrade.com Trusted Zone: tdameritrade.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} - hxxp://mail.lycos.com/hanmail-ax/AttachMail.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\paul1\applic~1\mozilla\firefox\profiles\3x29nyyw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/ FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 56816] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-19 24652] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-11-30 577664] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-28 135664] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; [x] =============== Created Last 30 ================ 2010-02-28 23:38:27 0 d-----w- C:\DCE 2010-02-28 22:29:01 0 d-sha-r- C:\cmdcons 2010-02-28 22:28:08 98816 ----a-w- c:\windows\sed.exe 2010-02-28 22:28:08 77312 ----a-w- c:\windows\MBR.exe 2010-02-28 22:28:08 261632 ----a-w- c:\windows\PEV.exe 2010-02-28 22:28:08 161792 ----a-w- c:\windows\SWREG.exe 2010-02-28 22:10:47 0 d-----w- C:\_OTL 2010-02-28 21:17:08 0 ----a-w- c:\documents and settings\paul1\defogger_reenable 2010-02-28 17:14:30 4 ----a-w- c:\program files\2996031.dat 2010-02-28 15:55:21 4 ----a-w- c:\program files\746640.dat 2010-02-20 23:26:52 0 d-----w- c:\program files\iPod 2010-02-20 23:26:32 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe 2009-03-08 00:42:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030720090308\index.dat ============= FINISH: 23:16:01.64 ===============
-
Yah you weren't kidding... that took some patience. This is an older PC not a lot of UMPH so... here you go. It is working better for sure... am I clean? Still getting trojan warnings w/ Kaspersky in Adobe? /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2010-02-28, 18:44:35, Auto-clean mode specified. 2010-02-28, 18:44:36, Initialized Rootkit Driver version 2.2.0.1004. 2010-02-28, 18:44:36, Running scanner "C:\DCE\TSC.BIN"... 2010-02-28, 18:45:20, Scanner "C:\DCE\TSC.BIN" has finished running. 2010-02-28, 18:45:20, TSC Log:
-
I meant to mention I was able to get the Defogger to work - it was run earlier before the OLT / combo fix step. I haven't "re-enabled" yet. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\windows\system32\pegojehe.dll" not found! Deletion of file "c:\windows\system32\pegojehe.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "c:\windows\Tasks\At1.job" deleted successfully. File "c:\windows\Tasks\At2.job" deleted successfully. File "c:\windows\Tasks\At3.job" deleted successfully. File "c:\windows\Tasks\At4.job" deleted successfully. File "c:\windows\Tasks\At5.job" deleted successfully. File "c:\windows\Tasks\At6.job" deleted successfully. File "c:\windows\Tasks\At7.job" deleted successfully. File "c:\windows\Tasks\At8.job" deleted successfully. File "c:\windows\Tasks\At9.job" deleted successfully. File "c:\windows\Tasks\At10.job" deleted successfully. File "c:\windows\Tasks\At11.job" deleted successfully. File "c:\windows\Tasks\At12.job" deleted successfully. File "c:\windows\Tasks\At13.job" deleted successfully. File "c:\windows\Tasks\At14.job" deleted successfully. File "c:\windows\Tasks\At15.job" deleted successfully. File "c:\windows\Tasks\At16.job" deleted successfully. File "c:\windows\Tasks\At17.job" deleted successfully. File "c:\windows\Tasks\At18.job" deleted successfully. File "c:\windows\Tasks\At19.job" deleted successfully. File "c:\windows\Tasks\At20.job" deleted successfully. File "c:\windows\Tasks\At21.job" deleted successfully. File "c:\windows\Tasks\At22.job" deleted successfully. File "c:\windows\Tasks\At23.job" deleted successfully. File "c:\windows\Tasks\At24.job" deleted successfully. Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|mitomapuw" deleted successfully. Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|risakubiza" deleted successfully. Completed script processing. ******************* Finished! Terminate.
-
OLT log (had to reboot a 2nd time b/c the desktop would not come up.) All processes killed ========== FILES ========== File\Folder c:\windows\system32\litinika.dll not found. File\Folder c:\windows\system32\wisahiri.dll not found. c:\windows\system32\pegojehe.dll moved successfully. c:\windows\system32\app_dll.dll moved successfully. c:\windows\_VOIDrtfjwibceg folder moved successfully. c:\documents and settings\paul1\rundll32.exe moved successfully. c:\windows\system32\sshnas21.dll moved successfully. c:\windows\system32\mlfcache.dat moved successfully. C:\RECYCLER\S-1-5-21-448539723-616249376-725345543-1005 folder moved successfully. C:\RECYCLER\S-1-5-21-448539723-616249376-725345543-1004 folder moved successfully. C:\RECYCLER\S-1-5-18 folder moved successfully. C:\RECYCLER folder moved successfully. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. File\Folder g:\recycler not found. File\Folder h:\recycler not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\risakubiza deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\mitomapuw deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: #1Mom ->Temp folder emptied: 22020876 bytes ->Temporary Internet Files folder emptied: 53711027 bytes ->Java cache emptied: 31545568 bytes ->FireFox cache emptied: 40804577 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 10125536 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 73609168 bytes User: Paul1 ->Temp folder emptied: 744463194 bytes ->Temporary Internet Files folder emptied: 143805308 bytes ->Java cache emptied: 69421157 bytes ->FireFox cache emptied: 36907671 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 10156049 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5354278 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 89156 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,187.00 mb Restore point Set: OTL Restore Point (64424509440) OTL by OldTimer - Version 3.1.30.3 log created on 02282010_171047 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Combo Fix Log ComboFix 10-02-27.04 - Paul1 02/28/2010 17:31:56.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.93 [GMT -5:00] Running from: c:\documents and settings\Paul1\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Paul1\Local Settings\Application Data\av.exe c:\documents and settings\Paul1\rundll32 .exe c:\documents and settings\Paul1\rundll32.exe c:\program files\Internet Explorer\js.mui c:\program files\Internet Explorer\wmpscfgs.exe c:\windows\system32\certstore.dat c:\windows\system32\ctfmon .exe c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe c:\windows\system32\perowimi.dll c:\windows\system32\rundll32 .exe c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_SSHNAS -------\Legacy__VOIDrtfjwibceg -------\Service__VOIDrtfjwibceg -------\Service_6to4 -------\Service_SSHNAS ((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 ))))))))))))))))))))))))))))))) . 2010-02-28 22:10 . 2010-02-28 22:10 -------- d-----w- C:\_OTL 2010-02-28 21:53 . 2010-02-28 21:53 -------- d-----w- c:\program files\ERUNT 2010-02-28 18:33 . 2010-02-28 18:33 -------- d-----w- c:\documents and settings\Paul1\Local Settings\Application Data\Temp 2010-02-28 17:14 . 2010-02-28 17:14 4 ----a-w- c:\program files\2996031.dat 2010-02-28 16:33 . 2010-02-28 16:33 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-02-28 16:28 . 2010-02-28 16:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-02-28 15:59 . 2010-02-28 15:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-02-28 15:58 . 2010-02-28 15:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2010-02-28 15:58 . 2010-02-28 15:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo! 2010-02-28 15:58 . 2010-02-28 15:58 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\AIM Toolbar 2010-02-28 15:58 . 2010-02-28 17:18 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google 2010-02-28 15:55 . 2010-02-28 15:55 4 ----a-w- c:\program files\746640.dat 2010-02-20 23:26 . 2010-02-20 23:26 -------- d-----w- c:\program files\iPod 2010-02-20 23:26 . 2010-02-28 22:40 -------- d-----w- c:\program files\iTunes 1601-01-01 00:00 . 1601-01-01 00:00 0 ----a-w- c:\program files\106250.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-28 22:40 . 2010-01-20 11:33 -------- d-----w- c:\program files\QuickTime 2010-02-28 22:40 . 2009-09-06 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-28 22:40 . 2009-07-04 20:43 -------- d-----w- c:\program files\Verizon 2010-02-28 22:40 . 2009-05-02 00:13 -------- d-----w- c:\program files\Audio Deck 2010-02-28 22:40 . 2005-09-20 13:36 55808 ----a-w- c:\windows\system32\igfxpers.exe 2010-02-28 22:40 . 2007-05-15 15:08 55808 ----a-w- c:\windows\system32\hkcmd.exe 2010-02-28 22:40 . 2007-05-15 15:08 55808 ----a-w- c:\windows\system32\igfxtray.exe 2010-02-28 22:23 . 2005-09-20 13:36 55808 ----a-w- c:\windows\system32\igfxpers .exe 2010-02-28 22:23 . 2007-05-15 15:08 55808 ----a-w- c:\windows\system32\hkcmd .exe 2010-02-28 22:23 . 2007-05-15 15:08 55808 ----a-w- c:\windows\system32\igfxtray .exe 2010-02-28 22:23 . 2009-09-05 22:34 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-28 22:23 . 2009-06-19 22:47 -------- d-----w- c:\program files\AIM6 2010-02-28 17:44 . 2007-09-22 23:15 -------- d-----w- c:\documents and settings\Paul1\Application Data\U3 2010-02-28 16:28 . 2007-06-02 14:33 -------- d-----w- c:\program files\Google 2010-02-20 23:26 . 2007-10-28 23:32 -------- d-----w- c:\program files\Common Files\Apple 2010-02-20 23:19 . 2010-02-20 23:19 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-01-12 20:25 . 2010-01-14 23:07 52224 ----a-w- c:\documents and settings\Paul1\Application Data\Mozilla\Firefox\Profiles\3x29nyyw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll 2010-01-12 20:25 . 2010-01-14 23:07 101376 ----a-w- c:\documents and settings\Paul1\Application Data\Mozilla\Firefox\Profiles\3x29nyyw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll 2010-01-07 21:07 . 2009-09-06 00:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2009-09-06 00:51 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-25 03:09 . 2009-12-25 03:09 79488 ----a-w- c:\documents and settings\Paul1\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-23 13:43 . 2009-05-16 10:30 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43 . 2007-05-15 14:31 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26 . 2004-08-04 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43 . 2004-08-03 22:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-07 15:01 . 2010-02-07 15:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . <pre> c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe c:\program files\AIM6\aim6 .exe c:\program files\Analog Devices\Core\smax4pnp .exe c:\program files\Audio Deck\enmixcpl .exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifsvc .exe c:\program files\Google\Google Desktop Search\googledesktop .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\iTunes\ituneshelper .exe c:\program files\Java\jre6\bin\jusched .exe c:\program files\Malwarebytes' Anti-Malware\mbam .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\QuickTime\qttask .exe c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr .exe c:\program files\SUPERAntiSpyware\superantispyware .exe c:\program files\Verizon\mccitrayapp .exe c:\program files\Yahoo!\Messenger\yahoom~1 .exe c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe c:\windows\system32\rundll32 .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\google\googletoolbarnotifier\googletoolbarnotifier .exe" [2010-02-28 55808] "Aim6"="c:\program files\AIM6\aim6.exe" [2010-02-28 55808] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-28 55808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\quicktime\qttask .exe -atboottime" [X] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-02-28 55808] "igfxtray"="c:\windows\system32\igfxtray.exe" [2010-02-28 55808] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-02-28 55808] "igfxpers"="c:\windows\system32\igfxpers.exe" [2010-02-28 55808] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-28 55808] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2010-02-28 55808] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2010-02-28 55808] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-02-28 55808] "EnvyHFCPL"="c:\program files\Audio Deck\EnMixCPL.exe" [2010-02-28 55808] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-02-28 55808] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-28 55808] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-02-28 55808] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-28 55808] "mitomapuw"="c:\windows\system32\pegojehe.dll" [N/A] "risakubiza"="litinika.dll" [N/A] c:\documents and settings\Paul1\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 1:50 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 1:49 PM 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 5:30 AM 108289] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 3:42 PM 156968] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/19/2009 5:48 PM 24652] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [11/30/2007 9:18 PM 577664] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 1:50 PM 7408] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/28/2010 11:28 AM 135664] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\googledesktop.exe [10/2/2007 6:39 AM 55808] S3 membus;membus;c:\windows\system32\membus.sys [8/4/2004 7:00 AM 2304] . Contents of the 'Scheduled Tasks' folder 2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2010-02-28 c:\windows\Tasks\At1.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At10.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At11.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At12.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At13.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At14.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At15.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At16.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At17.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At18.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At19.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At2.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At20.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At21.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At22.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At23.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At24.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At3.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At4.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At5.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At6.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At7.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At8.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\At9.job - c:\program files\internet explorer\wmpscfgs.exe [2010-02-28 22:40] 2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 16:27] 2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 16:27] 2010-02-28 c:\windows\Tasks\User_Feed_Synchronization-{77B2C48F-EA7F-4F1E-8AB9-11D2601C15A2}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.cnn.com/ uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\research Trusted Zone: ameritrade.com\wwws Trusted Zone: tdameritrade.com Trusted Zone: tdameritrade.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB FF - ProfilePath - c:\documents and settings\Paul1\Application Data\Mozilla\Firefox\Profiles\3x29nyyw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{aaa4ca1e-6db4-4d38-a4ac-87509c3dafd5} - c:\windows\system32\pegojehe.dll SSODL-henagakam-{aaa4ca1e-6db4-4d38-a4ac-87509c3dafd5} - c:\windows\system32\pegojehe.dll AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-28 17:39 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\rundll32 .exe 33280 bytes executable c:\windows\system32\hkcmd .exe 55808 bytes executable c:\windows\system32\igfxpers .exe 55808 bytes executable c:\windows\system32\igfxtray .exe 55808 bytes executable scan completed successfully hidden files: 4 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,d2,3c,f7,e9,5f,6c,47,b8,de,9e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,d2,3c,f7,e9,5f,6c,47,b8,de,9e,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(632) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3988) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc .exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\analog devices\core\smax4pnp .exe c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc .exe c:\program files\google\google desktop search\googledesktop .exe c:\program files\seagate\seagatemanager\freeagent status\stxmenumgr .exe c:\program files\google\googletoolbarnotifier\googletoolbarnotifier .exe c:\program files\verizon\mccitrayapp .exe c:\program files\audio deck\enmixcpl .exe c:\program files\java\jre6\bin\jusched .exe c:\program files\superantispyware\superantispyware .exe c:\program files\aim6\aim6 .exe c:\program files\itunes\ituneshelper .exe c:\program files\AIM6\aolsoftware.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Mozilla Firefox\firefox.exe . ************************************************************************** . Completion time: 2010-02-28 17:46:05 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-28 22:45 Pre-Run: 126,032,044,032 bytes free Post-Run: 125,935,644,672 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 4375A0C5497B3748F8D631BEDEC1B82A
-
I am unable to click on OTL.exe or the icon in your post. I tried it on another machine and it doesn't seem to be executable. I am running on XP.
-
After 4 attempts at running GMER rootkit scanner I give up. I get the root kit warning, click NO, uncheck the proper boxes, start the scan and it gets to a certain point and reboots the machine automatically. The scan does not complete. I was able to run DDS. Log is below. Attach file has been zipped and attached as instructed. DDS (Ver_09-12-01.01) - NTFSx86 Run by Paul1 at 14:06:43.84 on Sun 02/28/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.112 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Documents and Settings\Paul1\Local Settings\Application Data\av.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\iPod\bin\iPodService.exe c:\program files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Paul1\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.cnn.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: {f0f64745-2af9-4899-b978-bd1cab84c9eb} - wisahiri.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier .exe" uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [TOY5KNQ8OC] c:\docume~1\paul1\locals~1\temp\hn1 .exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll" mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [EnvyHFCPL] c:\program files\audio deck\EnMixCPL.exe 1 mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [risakubiza] Rundll32.exe "litinika.dll",s mRun: [mitomapuw] Rundll32.exe "c:\windows\system32\pegojehe.dll",a StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE uPolicies-system: DisableRegistryTools = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll Trusted Zone: ameritrade.com Trusted Zone: ameritrade.com\research Trusted Zone: ameritrade.com\wwws Trusted Zone: tdameritrade.com Trusted Zone: tdameritrade.com\www DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} - hxxp://mail.lycos.com/hanmail-ax/AttachMail.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: app_dll.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SSODL: henagakam - {aaa4ca1e-6db4-4d38-a4ac-87509c3dafd5} - c:\windows\system32\pegojehe.dll STS: mujuzedij: {aaa4ca1e-6db4-4d38-a4ac-87509c3dafd5} - c:\windows\system32\pegojehe.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = scecli perowimi.dll IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe IFEO: MSASCui.exe - c:\windows\system32\svchost.exe IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe IFEO: msseces.exe - c:\windows\system32\svchost.exe ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\paul1\applic~1\mozilla\firefox\profiles\3x29nyyw.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/ FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-16 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-16 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-16 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-16 56816] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-19 24652] R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-11-30 577664] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-28 135664] S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\googledesktop.exe [2007-10-2 55808] S3 membus;membus;c:\windows\system32\membus.sys [2004-8-4 2304] =============== Created Last 30 ================ 2010-02-28 17:14:30 4 ----a-w- c:\program files\2996031.dat 2010-02-28 15:55:21 4 ----a-w- c:\program files\746640.dat 2010-02-28 15:42:20 94208 ----a-w- c:\windows\system32\app_dll.dll 2010-02-28 15:41:23 0 d-----w- c:\windows\_VOIDrtfjwibceg 2010-02-28 15:41:08 55808 ----a-w- c:\documents and settings\paul1\rundll32.exe 2010-02-28 15:41:08 55808 ----a-w- c:\documents and settings\paul1\rundll32 .exe 2010-02-28 15:40:24 189440 ----a-w- c:\windows\system32\sshnas21.dll 2010-02-21 15:42:10 18064 ---ha-w- c:\windows\system32\mlfcache.dat 2010-02-20 23:26:52 0 d-----w- c:\program files\iPod 2010-02-20 23:26:32 0 d-----w- c:\program files\iTunes ==================== Find3M ==================== 2010-02-28 18:53:39 55808 ----a-w- c:\windows\system32\igfxpers.exe 2010-02-28 18:53:34 55808 ----a-w- c:\windows\system32\hkcmd.exe 2010-02-28 18:53:32 55808 ----a-w- c:\windows\system32\igfxtray.exe 2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe 1601-01-01 00:03:28 95232 --sha-w- c:\windows\system32\pegojehe.dll 1601-01-01 00:03:52 64000 --sha-w- c:\windows\system32\perowimi.dll 2009-03-08 00:42:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009030720090308\index.dat ============= FINISH: 14:07:34.26 =============== Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 5/15/2007 10:36:31 AM System Uptime: 2/28/2010 1:51:05 PM (1 hours ago) Motherboard: Dell Computer Corp. | | 0TC666 Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 149 GiB total, 116.048 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP441: 12/22/2009 9:39:41 AM - System Checkpoint RP442: 12/23/2009 3:00:16 AM - Software Distribution Service 3.0 RP443: 12/24/2009 3:31:48 AM - System Checkpoint RP444: 12/25/2009 3:39:32 AM - System Checkpoint RP445: 12/26/2009 4:39:36 AM - System Checkpoint RP446: 12/27/2009 5:39:33 AM - System Checkpoint RP447: 12/28/2009 6:41:00 AM - System Checkpoint RP448: 1/14/2010 8:50:43 AM - Software Distribution Service 3.0 RP449: 1/14/2010 9:19:10 AM - Software Distribution Service 3.0 RP450: 1/15/2010 10:14:12 AM - System Checkpoint RP451: 1/16/2010 11:14:10 AM - System Checkpoint RP452: 1/17/2010 12:14:10 PM - System Checkpoint RP453: 1/18/2010 1:14:10 PM - System Checkpoint RP454: 1/19/2010 2:14:10 PM - System Checkpoint RP455: 2/6/2010 1:49:57 PM - System Checkpoint RP456: 2/7/2010 3:00:15 AM - Software Distribution Service 3.0 RP457: 2/8/2010 3:21:26 AM - System Checkpoint RP458: 2/9/2010 4:33:21 AM - System Checkpoint RP459: 2/10/2010 3:00:17 AM - Software Distribution Service 3.0 RP460: 2/11/2010 3:24:18 AM - System Checkpoint RP461: 2/12/2010 4:24:17 AM - System Checkpoint RP462: 2/17/2010 7:12:19 PM - System Checkpoint RP463: 2/18/2010 7:58:54 PM - System Checkpoint RP464: 2/20/2010 6:44:56 PM - System Checkpoint RP465: 2/21/2010 7:06:34 PM - System Checkpoint RP466: 2/28/2010 9:17:53 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.4 Adobe Shockwave Player Advanced Analyzer AIM 6 AIM Toolbar Apple Application Support Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus Bonjour Critical Update for Windows Media Player 11 (KB959772) Disney Pirates of the Caribbean Online Download Updater (AOL LLC) Google Desktop Google Toolbar for Internet Explorer Google Update Helper Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Intel® Extreme Graphics 2 Driver Intel® PRO Network Adapters and Drivers iTunes J2SE Runtime Environment 5.0 Update 11 Java 6 Update 15 LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Malwarebytes' Anti-Malware Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.5.7) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PDFCreator QuickTime Seagate Manager Installer Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) SoundMAX SUPERAntiSpyware Free Edition UnInstall Envy24 Family Audio Device Driver Uninstall MobWars Bot Update for Windows Internet Explorer 8 (KB968220) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Verizon FiOS Activation Verizon Help and Support Tool Verizon Yahoo! Applications Viewpoint Media Player Vz In Home Agent WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 Yahoo! Browser Services Yahoo! Toolbar ==== Event Viewer Messages From Past Week ======== 2/28/2010 12:15:45 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The system cannot find the file specified. 2/28/2010 12:15:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'wisahiri.dll' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 2/28/2010 11:25:37 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 2/28/2010 10:58:15 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file rundll32.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 4.2.2700.5512, the version of the system file is 5.1.2600.5512. 2/28/2010 10:57:20 AM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: Invalid access to memory location. 2/28/2010 10:57:20 AM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the file specified. 2/28/2010 10:44:23 AM, error: Service Control Manager [7034] - The LiveUpdate Notice Service service terminated unexpectedly. It has done this 1 time(s). 2/28/2010 10:41:42 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file atmarpc.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 2/28/2010 10:41:35 AM, error: Service Control Manager [7000] - The RAS Asynchronous Media Driver service failed to start due to the following error: The system cannot find the file specified. 2/28/2010 10:41:31 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file asyncmac.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512. 2/28/2010 10:41:23 AM, error: Service Control Manager [7000] - The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error: The system cannot find the file specified. 2/28/2010 10:41:00 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file aec.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2601.3142. 2/28/2010 10:41:00 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file ctfmon.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 4.2.2700.5512, the version of the system file is 5.1.2600.5512. ==== End Of File ===========================
-
I missed the capital D in Defogger - my bad. Have run Avir, DDS and GMER is running now. Waiting for GMER to finish. Will post results when it completes.
-
the requested URL /defogger.exe was not found on this server. I have verified on 2 machines - the link is bad. Please advise.