Jump to content

hoopdaddy

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Can log in to Windows 7. When I start Internet Explorer the moneypak window takes over full screen.
  2. Did what you asked. Machine is running great. No sign of Security 2012 pop-ups or browser redirects. Here it OTL output: OTL logfile created on: 1/16/2012 6:45:47 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.42 Mb Total Physical Memory | 567.96 Mb Available Physical Memory | 59.26% Memory free 1.51 Gb Paging File | 1.22 Gb Available in Paging File | 80.56% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 57.25 Gb Total Space | 10.59 Gb Free Space | 18.50% Space Free | Partition Type: NTFS Computer Name: FAMILY_ROOM | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/07 12:03:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/03/17 12:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV - [2012/01/16 18:19:41 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F950AAE-3A2B-4B7A-B51B-2D2D7D3C0C74}\MpKsl16c3a846.sys -- (MpKsl16c3a846) DRV - [2012/01/16 10:52:32 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6F950AAE-3A2B-4B7A-B51B-2D2D7D3C0C74}\MpKsl9896c9b1.sys -- (MpKsl9896c9b1) DRV - [2010/05/07 10:53:30 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2010/05/07 10:53:14 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C210(UVC) DRV - [2010/05/07 10:51:32 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010/05/07 10:51:20 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2010/03/17 12:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2010/03/17 12:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp) DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport) DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2005/07/29 01:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005/07/29 01:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005/07/26 01:03:22 | 003,644,032 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/10/27 23:09:00 | 000,006,016 | ---- | M] (Genesys Logic) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (fixustor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Radialpoint Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011/06/05 12:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2012/01/07 19:29:59 | 000,439,191 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. ) O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found. O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. ) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent) O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append to existing PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert link target to Adobe PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert link target to existing PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert selected links to Adobe PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert selected links to existing PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert selection to Adobe PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert selection to existing PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Convert to Adobe PDF - Reg Error: Value error. File not found O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - C:\Program Files\Microsoft Office\Office\1033\PHDINTL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: chinovalleynjb.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: edjoin.org ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: njbl.org ([www] https in Trusted sites) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221803374671 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7112AC4-205D-4CFD-B335-DFCF6E1803C1}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/16 01:27:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/16 18:12:42 | 001,832,544 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\user\Desktop\MCPR.exe [2012/01/16 18:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2012/01/13 09:45:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/01/10 20:40:10 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\user\Desktop\StartUpLite.exe [2012/01/10 19:56:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Administrative Tools [2012/01/10 19:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Startup [2012/01/10 19:54:03 | 004,377,322 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe [2012/01/07 17:09:55 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/07 17:08:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2012/01/07 16:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/01/07 16:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/01/07 16:53:01 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\user\Desktop\erunt-setup.exe [2012/01/07 11:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Uniblue [2012/01/07 11:37:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012/01/07 11:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PackageAware [2012/01/06 20:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\PCHealth [2012/01/05 21:25:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr [2012/01/05 01:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2012/01/04 21:07:51 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/01/04 21:02:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/01/04 21:02:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/01/04 21:02:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/01/04 21:02:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/01/04 20:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/01/04 20:27:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/01/04 20:12:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe [2012/01/04 20:10:29 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe [2012/01/03 02:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2012/01/03 02:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/01/02 22:41:01 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012/01/02 10:47:26 | 009,023,040 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\user\Desktop\stinger.exe [2011/12/27 00:16:35 | 000,096,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\cleanautorun.exe [2011/12/26 19:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Zeorcag [2011/12/26 18:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer [2011/12/25 00:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/12/24 15:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/12/24 13:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/12/24 13:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/12/22 21:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\desktop photos [2011/12/21 09:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Christmas 2011 ========== Files - Modified Within 30 Days ========== [2012/01/16 18:24:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/16 18:20:11 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2012/01/16 18:18:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/16 18:18:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/16 18:12:44 | 001,832,544 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\user\Desktop\MCPR.exe [2012/01/16 18:06:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012/01/16 07:36:14 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4506B2E0-C6BB-44CF-B27B-B1DFB4CDD5B4}.job [2012/01/14 11:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/01/11 10:50:58 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SecurityCheck.exe [2012/01/11 03:26:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 03:09:43 | 000,442,816 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/01/11 03:09:43 | 000,071,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/01/10 19:55:15 | 000,000,210 | ---- | M] () -- C:\Documents and Settings\user\Desktop\combofix for rootkit.zeroaccess leaves no internet - Malwarebytes Forum.url [2012/01/10 19:54:05 | 004,377,322 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\Combo-Fix.exe [2012/01/10 09:52:46 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\user\Desktop\StartUpLite.exe [2012/01/09 22:39:30 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Welcome Bronco Bookstore.url [2012/01/08 18:02:47 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat [2012/01/08 18:02:46 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs [2012/01/08 10:21:16 | 008,619,989 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ED-9999_REV16.pdf [2012/01/07 19:29:59 | 000,439,191 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012/01/07 17:09:57 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120107-192959.backup [2012/01/07 16:55:14 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk [2012/01/07 12:03:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2012/01/07 11:54:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\user\Desktop\erunt-setup.exe [2012/01/06 22:00:53 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/05 10:41:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr [2012/01/04 21:11:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/01/04 21:08:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/01/04 20:26:10 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBR.dat [2012/01/04 20:12:37 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe [2012/01/04 20:10:37 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe [2012/01/03 21:48:56 | 000,007,966 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Scorekeepers1-8-2012.pdf [2012/01/03 02:24:05 | 000,000,221 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Computing.Net Search Results.url [2012/01/03 01:59:05 | 000,000,021 | RH-- | M] () -- C:\Documents and Settings\user\Desktop\stinger.opt [2012/01/03 01:58:41 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\user\Desktop\How do I uninstall Java on my Windows computer .url [2012/01/03 01:35:34 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to fd6d3846844ed625494d2500855e.lnk [2012/01/03 01:35:12 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to System Volume Information.lnk [2012/01/03 01:34:22 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to 6.0.lnk [2012/01/02 22:41:01 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012/01/02 12:58:12 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat [2012/01/02 12:28:56 | 000,009,830 | ---- | M] () -- C:\Documents and Settings\user\Desktop\exefix.reg [2012/01/02 02:33:11 | 000,013,110 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6vl63r1ks4 [2012/01/02 02:23:01 | 009,023,040 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\user\Desktop\stinger.exe [2012/01/02 01:57:58 | 000,013,244 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\6vl63r1ks4 [2011/12/31 19:57:28 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2011/12/27 00:16:36 | 000,096,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\cleanautorun.exe [2011/12/25 13:50:44 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\user\Desktop\virus .exe file association - Yahoo! Search Results.url [2011/12/24 22:01:04 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ien023iv.dat [2011/12/24 13:35:15 | 000,013,672 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\574186u5m502o865y631m1mui7y2 [2011/12/24 13:35:15 | 000,013,672 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\574186u5m502o865y631m1mui7y2 ========== Files Created - No Company Name ========== [2012/01/16 18:06:43 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk [2012/01/16 18:06:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2012/01/11 21:48:15 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SecurityCheck.exe [2012/01/10 19:55:15 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\user\Desktop\combofix for rootkit.zeroaccess leaves no internet - Malwarebytes Forum.url [2012/01/09 22:39:30 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Welcome Bronco Bookstore.url [2012/01/08 10:21:16 | 008,619,989 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ED-9999_REV16.pdf [2012/01/07 16:55:14 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk [2012/01/06 22:00:53 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/04 21:07:58 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012/01/04 21:02:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/01/04 21:02:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/01/04 21:02:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/01/04 21:02:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/01/04 21:02:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/01/04 20:26:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBR.dat [2012/01/03 21:48:56 | 000,007,966 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Scorekeepers1-8-2012.pdf [2012/01/03 02:24:05 | 000,000,221 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Computing.Net Search Results.url [2012/01/03 01:59:05 | 000,000,021 | RH-- | C] () -- C:\Documents and Settings\user\Desktop\stinger.opt [2012/01/03 01:56:27 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\user\Desktop\How do I uninstall Java on my Windows computer .url [2012/01/03 01:35:34 | 000,000,483 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to fd6d3846844ed625494d2500855e.lnk [2012/01/03 01:35:12 | 000,000,372 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to System Volume Information.lnk [2012/01/03 01:34:22 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to 6.0.lnk [2012/01/02 12:58:12 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat [2012/01/02 12:28:56 | 000,009,830 | ---- | C] () -- C:\Documents and Settings\user\Desktop\exefix.reg [2012/01/01 19:48:33 | 000,013,244 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\6vl63r1ks4 [2012/01/01 19:48:33 | 000,013,110 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6vl63r1ks4 [2011/12/31 19:57:28 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2011/12/25 13:50:34 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\user\Desktop\virus .exe file association - Yahoo! Search Results.url [2011/12/24 13:21:34 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ien023iv.dat [2011/12/24 13:09:48 | 000,013,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\574186u5m502o865y631m1mui7y2 [2011/12/24 13:09:47 | 000,013,672 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\574186u5m502o865y631m1mui7y2 [2011/12/23 17:51:49 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat [2011/12/23 17:51:48 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs [2011/06/04 16:32:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/05/29 00:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011/03/03 16:59:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/02/16 16:54:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini [2010/10/29 19:30:22 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Settings.cfg [2010/05/09 18:44:49 | 000,002,939 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini [2010/05/07 10:44:36 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2010/05/07 10:44:16 | 005,496,152 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2010/05/07 10:44:16 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2010/05/07 10:24:46 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010/05/05 20:30:49 | 000,077,375 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2010/03/21 20:10:05 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini [2010/02/06 22:16:12 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010/02/06 18:26:48 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2009/11/07 17:56:03 | 000,055,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/09/24 18:53:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2009/08/07 16:23:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/04/05 11:34:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2009/03/13 21:33:48 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/02/07 15:23:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini [2009/02/07 14:56:32 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini [2008/10/01 19:09:34 | 000,164,644 | ---- | C] () -- C:\WINDOWS\hpoins33.dat [2008/10/01 19:09:34 | 000,001,526 | ---- | C] () -- C:\WINDOWS\hpomdl33.dat [2008/09/28 16:03:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll [2008/09/28 16:02:59 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll [2008/09/28 16:02:59 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll [2008/09/28 16:02:59 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll [2008/09/28 16:02:58 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2008/09/28 16:02:58 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2008/09/21 19:25:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/09/20 23:43:59 | 000,019,483 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2008/09/16 20:30:33 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2008/09/16 01:44:20 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2008/09/16 01:44:10 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2008/09/16 01:44:10 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/09/16 01:29:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/09/16 01:23:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/09/15 18:16:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/09/15 18:14:44 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/09/15 16:41:18 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2008/09/15 12:13:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI [2007/12/06 21:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 04:00:00 | 000,442,816 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 04:00:00 | 000,071,400 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011/02/28 17:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD [2010/12/17 18:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier [2010/03/31 19:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2008/09/16 20:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates [2010/05/08 19:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/11/02 09:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2012/01/07 11:37:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2009/04/12 08:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/04/20 20:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Blitware [2011/02/28 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BSD [2009/11/16 18:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DisplayTune [2010/10/29 19:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dynamic [2010/10/29 19:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EmailNotifier [2009/08/02 21:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GARMIN [2011/04/12 14:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Home Designer Suite 8.0 [2008/11/15 12:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\InterVideo [2011/03/03 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iPodtoComputer [2011/05/27 22:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech [2011/03/01 20:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Macroplant, LLC [2010/10/29 19:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SiteClasses [2010/10/29 19:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sites [2012/01/07 11:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue [2011/12/26 19:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Zeorcag [2012/01/16 18:24:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012/01/16 07:36:14 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4506B2E0-C6BB-44CF-B27B-B1DFB4CDD5B4}.job ========== Purity Check ========== < End of report >
  3. Maurice are you there? I am in a holding pattern awaiting your response....
  4. Had mcafee some time ago but thought it was deleted when I installed MSE a year ago. Here is security check output: Results of screen317's Security Check version 0.99.30 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Virtual Technician Microsoft Security Essentials ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Java 6 Update 30 Adobe Reader 9 Adobe Reader out of date! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log````````````
  5. Please note that the files afd-prior.sys are the old version of the files I retained when bringing in clean versions from my other computer while battling no internet access. Maybe those are infected and I need to delete them.
  6. Ran ComboFix as directed. Pop-up windows stated it found rootkit.zeroaccess. Upon conclusion of program I still have internet access. Here is the data: ComboFix 12-01-10.02 - user 01/10/2012 20:12:05.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.382 [GMT -8:00] Running from: c:\documents and settings\user\Desktop\Combo-Fix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2012-01-11 04:08 . 2012-01-11 04:08 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{282D3C47-2224-4DC2-A074-420F9932CA41}\offreg.dll 2012-01-11 02:48 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{282D3C47-2224-4DC2-A074-420F9932CA41}\mpengine.dll 2012-01-08 01:09 . 2012-01-08 01:09 -------- d-----w- C:\_OTL 2012-01-08 00:55 . 2012-01-08 00:55 -------- d-----w- c:\program files\ERUNT 2012-01-07 19:37 . 2012-01-07 19:37 -------- d-----w- c:\documents and settings\user\Application Data\Uniblue 2012-01-07 19:37 . 2012-01-07 19:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} 2012-01-07 19:36 . 2012-01-07 19:36 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PackageAware 2012-01-07 04:30 . 2012-01-07 04:30 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\PCHealth 2012-01-05 19:41 . 2012-01-05 19:41 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-05 09:41 . 2012-01-05 09:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2012-01-03 10:18 . 2012-01-03 10:18 -------- d-----w- c:\program files\Common Files\Java 2012-01-03 10:18 . 2012-01-03 10:17 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-03 10:18 . 2012-01-03 10:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-03 06:41 . 2012-01-03 06:41 14664 ----a-w- c:\windows\stinger.sys 2011-12-27 07:30 . 2011-12-27 07:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2011-12-27 03:21 . 2011-12-27 03:21 204 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3B93301C-7169-B4B2-E07C-444CF1F37A25}-tmp60220f69.bat 2011-12-27 03:20 . 2011-12-27 03:20 -------- d-----w- c:\documents and settings\user\Application Data\Zeorcag 2011-12-27 02:26 . 2011-12-27 02:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-12-25 08:06 . 2011-12-27 06:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-12-24 21:49 . 2011-12-24 21:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-12-24 01:51 . 2012-01-09 02:02 256 ----a-w- c:\windows\system32\MSIevent.bat 2011-12-24 01:51 . 2012-01-09 02:02 260 ----a-w- c:\windows\system32\cmdVBS.vbs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-29 04:50 . 2011-08-26 19:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 23:24 . 2009-03-13 19:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-21 10:47 . 2011-03-11 22:10 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-11-15 22:29 . 2011-03-11 22:07 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-05_05.52.52 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-11 04:08 . 2012-01-11 04:08 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat + 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\drivers\afd-prior.sys - 2008-06-20 11:40 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys + 2004-08-04 12:00 . 2011-08-17 13:49 138496 c:\windows\system32\dllcache\afd.sys - 2008-09-16 01:37 . 2008-04-13 19:19 138112 c:\windows\ServicePackFiles\i386\afd.sys + 2008-09-16 01:37 . 2008-04-13 19:19 138112 c:\windows\ServicePackFiles\i386\afd.sys + 2008-09-16 01:37 . 2008-04-13 19:19 138112 c:\windows\ServicePackFiles\i386\afd-prior.sys + 2012-01-08 00:55 . 2012-01-08 00:55 278528 c:\windows\ERDNT\1-7-2012\Users\00000002\UsrClass.dat + 2012-01-08 00:55 . 2005-10-20 20:02 163328 c:\windows\ERDNT\1-7-2012\ERDNT.EXE + 2012-01-05 10:54 . 2012-01-05 19:42 1261516 c:\windows\system32\Restore\rstrlog.dat + 2012-01-08 00:55 . 2012-01-08 00:55 11419648 c:\windows\ERDNT\1-7-2012\Users\00000001\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-02-13 2303216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ _uninst_.lnk - c:\documents and settings\Administrator\Local Settings\Temp\_uninst_.bat [N/A] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2008-08-20 17:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2008-06-10 19:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 13:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-07-22 07:00 81920 ----a-r- c:\windows\SOUNDMAN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "MDM"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "BMUService"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\explorer.exe"= %windir%\explorer.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1095:UDP"= 1095:UDP:Windows Media Format SDK (ping.exe) "1094:UDP"= 1094:UDP:Windows Media Format SDK (ping.exe) . R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [5/9/2010 6:44 PM 6016] S1 MpKsl1d2df685;MpKsl1d2df685;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3849B135-24E7-4901-B907-8DCE2BF4B988}\MpKsl1d2df685.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3849B135-24E7-4901-B907-8DCE2BF4B988}\MpKsl1d2df685.sys [?] S1 MpKsl2c3714f0;MpKsl2c3714f0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FAEDF0D-112D-4DDD-B0D1-A2930925E591}\MpKsl2c3714f0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FAEDF0D-112D-4DDD-B0D1-A2930925E591}\MpKsl2c3714f0.sys [?] S1 MpKsl41008c5b;MpKsl41008c5b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFD8E6D9-B9A9-46E1-BD71-4B3B602B6F36}\MpKsl41008c5b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BFD8E6D9-B9A9-46E1-BD71-4B3B602B6F36}\MpKsl41008c5b.sys [?] S1 MpKsl5e2283fc;MpKsl5e2283fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4719127-D921-4AC4-9B13-85FD4B05CDBA}\MpKsl5e2283fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4719127-D921-4AC4-9B13-85FD4B05CDBA}\MpKsl5e2283fc.sys [?] S1 MpKsl6e05e560;MpKsl6e05e560;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61BE21D9-F607-4952-83E5-73E7C726E384}\MpKsl6e05e560.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{61BE21D9-F607-4952-83E5-73E7C726E384}\MpKsl6e05e560.sys [?] S1 MpKsl71b58d5a;MpKsl71b58d5a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4719127-D921-4AC4-9B13-85FD4B05CDBA}\MpKsl71b58d5a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4719127-D921-4AC4-9B13-85FD4B05CDBA}\MpKsl71b58d5a.sys [?] S1 MpKsl9a0040e2;MpKsl9a0040e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C7C540-0726-4CFA-B56E-F1336338797C}\MpKsl9a0040e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3C7C540-0726-4CFA-B56E-F1336338797C}\MpKsl9a0040e2.sys [?] S1 MpKslb52ae151;MpKslb52ae151;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E23286C-A90B-4636-8BD9-D69141C14F9D}\MpKslb52ae151.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E23286C-A90B-4636-8BD9-D69141C14F9D}\MpKslb52ae151.sys [?] S1 MpKslc3465fb5;MpKslc3465fb5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA1FA3BA-4377-4FCC-AAFA-3C6726BDCCD1}\MpKslc3465fb5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA1FA3BA-4377-4FCC-AAFA-3C6726BDCCD1}\MpKslc3465fb5.sys [?] S1 MpKslcf079d03;MpKslcf079d03;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79F0D45F-CD73-4DF6-BA9D-1ED5AA47B74A}\MpKslcf079d03.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{79F0D45F-CD73-4DF6-BA9D-1ED5AA47B74A}\MpKslcf079d03.sys [?] S1 MpKsld7edca2f;MpKsld7edca2f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501D5796-FE84-47F6-B23B-072C44308030}\MpKsld7edca2f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{501D5796-FE84-47F6-B23B-072C44308030}\MpKsld7edca2f.sys [?] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}] 2003-08-13 09:03 710 ----a-r- c:\program files\Microsoft Office\Office10\OfficeXPFirstRun.vbs . Contents of the 'Scheduled Tasks' folder . 2012-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-01-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39] . 2012-01-10 c:\windows\Tasks\User_Feed_Synchronization-{4506B2E0-C6BB-44CF-B27B-B1DFB4CDD5B4}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s IE: Append to existing PDF IE: Convert link target to Adobe PDF IE: Convert link target to existing PDF IE: Convert selected links to Adobe PDF IE: Convert selected links to existing PDF IE: Convert selection to Adobe PDF IE: Convert selection to existing PDF IE: Convert to Adobe PDF IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm Trusted Zone: chinovalleynjb.com\www Trusted Zone: edjoin.org\www Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: njbl.org\www TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB . - - - - ORPHANS REMOVED - - - - . WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file) HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe MSConfigStartUp-StxTrayMenu - c:\program files\Seagate\SystemTray\StxMenuMgr.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-10 20:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-01-10 20:28:29 ComboFix-quarantined-files.txt 2012-01-11 04:28 ComboFix2.txt 2012-01-05 06:44 ComboFix3.txt 2012-01-05 06:02 . Pre-Run: 11,992,305,664 bytes free Post-Run: 11,992,363,008 bytes free . - - End Of File - - 8B2A963A33CC5B6AC3B702C2ADC3DCCC
  7. I replaced the two afd.sys files stated as unsigned and suspicious by TDSSkiller with clean versions from another computer. Internet is working and no signs of any viruses.
  8. 17:03:01.0687 2548 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 17:03:01.0703 2548 ============================================================ 17:03:01.0703 2548 Current date / time: 2012/01/07 17:03:01.0703 17:03:01.0703 2548 SystemInfo: 17:03:01.0703 2548 17:03:01.0703 2548 OS Version: 5.1.2600 ServicePack: 3.0 17:03:01.0703 2548 Product type: Workstation 17:03:01.0703 2548 ComputerName: FAMILY_ROOM 17:03:01.0703 2548 UserName: user 17:03:01.0703 2548 Windows directory: C:\WINDOWS 17:03:01.0703 2548 System windows directory: C:\WINDOWS 17:03:01.0703 2548 Processor architecture: Intel x86 17:03:01.0703 2548 Number of processors: 1 17:03:01.0703 2548 Page size: 0x1000 17:03:01.0703 2548 Boot type: Normal boot 17:03:01.0703 2548 ============================================================ 17:03:04.0281 2548 Initialize success 17:03:18.0125 3704 ============================================================ 17:03:18.0125 3704 Scan started 17:03:18.0125 3704 Mode: Manual; SigCheck; TDLFS; 17:03:18.0125 3704 ============================================================ 17:03:18.0515 3704 Abiosdsk - ok 17:03:18.0578 3704 abp480n5 - ok 17:03:18.0734 3704 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:03:20.0359 3704 ACPI - ok 17:03:20.0531 3704 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 17:03:20.0703 3704 ACPIEC - ok 17:03:20.0796 3704 adpu160m - ok 17:03:20.0937 3704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 17:03:21.0156 3704 aec - ok 17:03:21.0312 3704 AFD (8e1525b090d8cb5427042ab21202196c) C:\WINDOWS\System32\drivers\afd.sys 17:03:21.0390 3704 AFD ( UnsignedFile.Multi.Generic ) - warning 17:03:21.0390 3704 AFD - detected UnsignedFile.Multi.Generic (1) 17:03:21.0453 3704 Aha154x - ok 17:03:21.0562 3704 aic78u2 - ok 17:03:21.0703 3704 aic78xx - ok 17:03:22.0109 3704 ALCXWDM (2c6322e8ff56f624033e7642c49044f3) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 17:03:22.0578 3704 ALCXWDM - ok 17:03:22.0703 3704 AliIde - ok 17:03:22.0765 3704 amsint - ok 17:03:22.0921 3704 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 17:03:23.0125 3704 Arp1394 - ok 17:03:23.0187 3704 asc - ok 17:03:23.0265 3704 asc3350p - ok 17:03:23.0328 3704 asc3550 - ok 17:03:23.0453 3704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:03:23.0593 3704 AsyncMac - ok 17:03:23.0703 3704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 17:03:23.0921 3704 atapi - ok 17:03:23.0984 3704 Atdisk - ok 17:03:24.0109 3704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:03:24.0281 3704 Atmarpc - ok 17:03:24.0437 3704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 17:03:24.0593 3704 audstub - ok 17:03:24.0734 3704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 17:03:24.0937 3704 Beep - ok 17:03:25.0187 3704 catchme - ok 17:03:25.0328 3704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 17:03:25.0546 3704 cbidf2k - ok 17:03:25.0671 3704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 17:03:25.0812 3704 CCDECODE - ok 17:03:25.0906 3704 cd20xrnt - ok 17:03:26.0031 3704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 17:03:26.0218 3704 Cdaudio - ok 17:03:26.0375 3704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 17:03:26.0531 3704 Cdfs - ok 17:03:26.0625 3704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:03:26.0843 3704 Cdrom - ok 17:03:26.0921 3704 Changer - ok 17:03:27.0000 3704 CmdIde - ok 17:03:27.0078 3704 Cpqarray - ok 17:03:27.0140 3704 dac2w2k - ok 17:03:27.0218 3704 dac960nt - ok 17:03:27.0343 3704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 17:03:27.0500 3704 Disk - ok 17:03:27.0656 3704 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 17:03:27.0906 3704 dmboot - ok 17:03:28.0062 3704 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 17:03:28.0203 3704 dmio - ok 17:03:28.0328 3704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 17:03:28.0500 3704 dmload - ok 17:03:28.0656 3704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 17:03:28.0812 3704 DMusic - ok 17:03:28.0890 3704 dpti2o - ok 17:03:28.0968 3704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 17:03:29.0093 3704 drmkaud - ok 17:03:29.0250 3704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 17:03:29.0421 3704 Fastfat - ok 17:03:29.0515 3704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 17:03:29.0718 3704 Fdc - ok 17:03:29.0843 3704 FilterService (f9183d35ad38f093d5e1aa8ba072d51b) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 17:03:29.0906 3704 FilterService - ok 17:03:30.0062 3704 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 17:03:30.0218 3704 Fips - ok 17:03:30.0375 3704 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys 17:03:30.0421 3704 fixustor ( UnsignedFile.Multi.Generic ) - warning 17:03:30.0421 3704 fixustor - detected UnsignedFile.Multi.Generic (1) 17:03:30.0562 3704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 17:03:30.0718 3704 Flpydisk - ok 17:03:30.0875 3704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 17:03:31.0015 3704 FltMgr - ok 17:03:31.0140 3704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:03:31.0312 3704 Fs_Rec - ok 17:03:31.0468 3704 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:03:31.0656 3704 Ftdisk - ok 17:03:31.0671 3704 FXDRV - ok 17:03:31.0812 3704 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 17:03:31.0843 3704 GEARAspiWDM - ok 17:03:31.0984 3704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:03:32.0140 3704 Gpc - ok 17:03:32.0218 3704 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:03:32.0375 3704 HidUsb - ok 17:03:32.0437 3704 hpn - ok 17:03:32.0562 3704 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 17:03:32.0812 3704 HPZid412 - ok 17:03:33.0000 3704 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 17:03:33.0093 3704 HPZipr12 - ok 17:03:33.0234 3704 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 17:03:33.0312 3704 HPZius12 - ok 17:03:33.0484 3704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 17:03:33.0625 3704 HTTP - ok 17:03:33.0750 3704 i2omgmt - ok 17:03:33.0812 3704 i2omp - ok 17:03:33.0984 3704 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:03:34.0187 3704 i8042prt - ok 17:03:34.0281 3704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 17:03:34.0468 3704 Imapi - ok 17:03:34.0546 3704 ini910u - ok 17:03:34.0609 3704 IntelIde - ok 17:03:34.0734 3704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 17:03:34.0875 3704 Ip6Fw - ok 17:03:35.0000 3704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:03:35.0203 3704 IpFilterDriver - ok 17:03:35.0328 3704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:03:35.0484 3704 IpInIp - ok 17:03:35.0625 3704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:03:35.0796 3704 IpNat - ok 17:03:35.0953 3704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:03:36.0156 3704 IPSec - ok 17:03:36.0265 3704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 17:03:36.0406 3704 IRENUM - ok 17:03:36.0593 3704 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:03:36.0750 3704 isapnp - ok 17:03:36.0921 3704 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:03:37.0062 3704 Kbdclass - ok 17:03:37.0203 3704 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 17:03:37.0328 3704 kbdhid - ok 17:03:37.0406 3704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 17:03:37.0625 3704 kmixer - ok 17:03:37.0781 3704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 17:03:37.0906 3704 KSecDD - ok 17:03:38.0031 3704 lbrtfdc - ok 17:03:38.0156 3704 lvpopflt (f61a8ff029614e403e9d001a6741981f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 17:03:38.0203 3704 lvpopflt - ok 17:03:38.0328 3704 LVRS (f01fc94eb8f39f7d6e5f5b367473381e) C:\WINDOWS\system32\DRIVERS\lvrs.sys 17:03:38.0406 3704 LVRS - ok 17:03:38.0875 3704 LVUVC (caffd79278b3d8fe75fdfe1b66c2565f) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 17:03:39.0546 3704 LVUVC - ok 17:03:39.0718 3704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 17:03:39.0906 3704 mnmdd - ok 17:03:40.0031 3704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 17:03:40.0187 3704 Modem - ok 17:03:40.0312 3704 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys 17:03:40.0468 3704 motccgp - ok 17:03:40.0625 3704 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 17:03:40.0703 3704 motccgpfl - ok 17:03:40.0828 3704 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 17:03:40.0859 3704 motmodem - ok 17:03:40.0984 3704 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys 17:03:41.0031 3704 motport - ok 17:03:41.0171 3704 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:03:41.0328 3704 Mouclass - ok 17:03:41.0453 3704 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:03:41.0687 3704 mouhid - ok 17:03:41.0828 3704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 17:03:41.0984 3704 MountMgr - ok 17:03:42.0140 3704 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 17:03:42.0218 3704 MpFilter - ok 17:03:42.0500 3704 MpKsl1843e8d7 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAE27190-876B-4635-9627-94C04BBED3C1}\MpKsl1843e8d7.sys 17:03:42.0531 3704 MpKsl1843e8d7 - ok 17:03:42.0546 3704 MpKsl1d2df685 - ok 17:03:42.0593 3704 MpKsl2c3714f0 - ok 17:03:42.0593 3704 MpKsl41008c5b - ok 17:03:42.0609 3704 MpKsl5e2283fc - ok 17:03:42.0625 3704 MpKsl6e05e560 - ok 17:03:42.0640 3704 MpKsl71b58d5a - ok 17:03:42.0656 3704 MpKsl9a0040e2 - ok 17:03:42.0656 3704 MpKslb52ae151 - ok 17:03:42.0671 3704 MpKslc3465fb5 - ok 17:03:42.0687 3704 MpKslcf079d03 - ok 17:03:42.0687 3704 MpKsld7edca2f - ok 17:03:42.0828 3704 mraid35x - ok 17:03:43.0015 3704 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 17:03:43.0093 3704 MREMP50 ( UnsignedFile.Multi.Generic ) - warning 17:03:43.0093 3704 MREMP50 - detected UnsignedFile.Multi.Generic (1) 17:03:43.0109 3704 MREMP50a64 - ok 17:03:43.0125 3704 MREMPR5 - ok 17:03:43.0125 3704 MRENDIS5 - ok 17:03:43.0171 3704 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 17:03:43.0250 3704 MRESP50 ( UnsignedFile.Multi.Generic ) - warning 17:03:43.0250 3704 MRESP50 - detected UnsignedFile.Multi.Generic (1) 17:03:43.0265 3704 MRESP50a64 - ok 17:03:43.0453 3704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:03:43.0671 3704 MRxDAV - ok 17:03:43.0843 3704 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:03:44.0078 3704 MRxSmb - ok 17:03:44.0234 3704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 17:03:44.0390 3704 Msfs - ok 17:03:44.0531 3704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:03:44.0640 3704 MSKSSRV - ok 17:03:44.0765 3704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:03:44.0906 3704 MSPCLOCK - ok 17:03:45.0015 3704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 17:03:45.0156 3704 MSPQM - ok 17:03:45.0250 3704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:03:45.0390 3704 mssmbios - ok 17:03:45.0500 3704 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 17:03:45.0640 3704 MSTEE - ok 17:03:45.0796 3704 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 17:03:45.0937 3704 Mup - ok 17:03:46.0109 3704 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 17:03:46.0265 3704 NABTSFEC - ok 17:03:46.0437 3704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 17:03:46.0656 3704 NDIS - ok 17:03:46.0812 3704 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 17:03:46.0953 3704 NdisIP - ok 17:03:47.0156 3704 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:03:47.0234 3704 NdisTapi - ok 17:03:47.0406 3704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:03:47.0546 3704 Ndisuio - ok 17:03:47.0656 3704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:03:47.0828 3704 NdisWan - ok 17:03:47.0984 3704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 17:03:48.0109 3704 NDProxy - ok 17:03:48.0265 3704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 17:03:48.0421 3704 NetBIOS - ok 17:03:48.0515 3704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 17:03:48.0765 3704 NetBT - ok 17:03:48.0921 3704 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 17:03:49.0078 3704 NIC1394 - ok 17:03:49.0250 3704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 17:03:49.0390 3704 Npfs - ok 17:03:49.0531 3704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 17:03:49.0828 3704 Ntfs - ok 17:03:50.0015 3704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 17:03:50.0187 3704 Null - ok 17:03:51.0000 3704 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 17:03:52.0328 3704 nv - ok 17:03:52.0484 3704 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 17:03:52.0562 3704 NVENETFD - ok 17:03:52.0718 3704 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 17:03:52.0796 3704 nvnetbus - ok 17:03:52.0953 3704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:03:53.0140 3704 NwlnkFlt - ok 17:03:53.0281 3704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:03:53.0468 3704 NwlnkFwd - ok 17:03:53.0609 3704 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 17:03:53.0781 3704 ohci1394 - ok 17:03:53.0953 3704 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 17:03:54.0125 3704 Parport - ok 17:03:54.0218 3704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 17:03:54.0359 3704 PartMgr - ok 17:03:54.0500 3704 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 17:03:54.0671 3704 ParVdm - ok 17:03:54.0828 3704 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 17:03:55.0000 3704 PCI - ok 17:03:55.0062 3704 PCIDump - ok 17:03:55.0187 3704 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 17:03:55.0343 3704 PCIIde - ok 17:03:55.0468 3704 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 17:03:55.0671 3704 Pcmcia - ok 17:03:55.0765 3704 PDCOMP - ok 17:03:55.0890 3704 PDFRAME - ok 17:03:55.0953 3704 PDRELI - ok 17:03:56.0015 3704 PDRFRAME - ok 17:03:56.0093 3704 perc2 - ok 17:03:56.0156 3704 perc2hib - ok 17:03:56.0312 3704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:03:56.0468 3704 PptpMiniport - ok 17:03:56.0562 3704 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 17:03:56.0718 3704 Processor - ok 17:03:56.0812 3704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 17:03:56.0968 3704 PSched - ok 17:03:57.0078 3704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:03:57.0250 3704 Ptilink - ok 17:03:57.0328 3704 ql1080 - ok 17:03:57.0406 3704 Ql10wnt - ok 17:03:57.0453 3704 ql12160 - ok 17:03:57.0515 3704 ql1240 - ok 17:03:57.0593 3704 ql1280 - ok 17:03:57.0687 3704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:03:57.0906 3704 RasAcd - ok 17:03:58.0031 3704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:03:58.0187 3704 Rasl2tp - ok 17:03:58.0265 3704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:03:58.0421 3704 RasPppoe - ok 17:03:58.0562 3704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 17:03:58.0734 3704 Raspti - ok 17:03:58.0921 3704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:03:59.0093 3704 Rdbss - ok 17:03:59.0218 3704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:03:59.0406 3704 RDPCDD - ok 17:03:59.0546 3704 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 17:03:59.0671 3704 RDPWD - ok 17:03:59.0828 3704 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 17:04:00.0015 3704 redbook - ok 17:04:00.0125 3704 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys 17:04:00.0281 3704 sbp2port - ok 17:04:00.0421 3704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:04:00.0562 3704 Secdrv - ok 17:04:00.0671 3704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 17:04:00.0812 3704 serenum - ok 17:04:00.0906 3704 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 17:04:01.0140 3704 Serial - ok 17:04:01.0312 3704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 17:04:01.0500 3704 Sfloppy - ok 17:04:01.0625 3704 Simbad - ok 17:04:01.0734 3704 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 17:04:01.0890 3704 SLIP - ok 17:04:01.0968 3704 Sparrow - ok 17:04:02.0109 3704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 17:04:02.0234 3704 splitter - ok 17:04:02.0328 3704 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 17:04:02.0500 3704 sr - ok 17:04:02.0671 3704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 17:04:02.0796 3704 Srv - ok 17:04:02.0968 3704 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 17:04:03.0109 3704 streamip - ok 17:04:03.0250 3704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 17:04:03.0390 3704 swenum - ok 17:04:03.0484 3704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 17:04:03.0640 3704 swmidi - ok 17:04:03.0750 3704 symc810 - ok 17:04:03.0859 3704 symc8xx - ok 17:04:03.0921 3704 sym_hi - ok 17:04:03.0968 3704 sym_u3 - ok 17:04:04.0109 3704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 17:04:04.0265 3704 sysaudio - ok 17:04:04.0453 3704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:04:04.0718 3704 Tcpip - ok 17:04:04.0859 3704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 17:04:05.0000 3704 TDPIPE - ok 17:04:05.0093 3704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 17:04:05.0250 3704 TDTCP - ok 17:04:05.0343 3704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 17:04:05.0500 3704 TermDD - ok 17:04:05.0593 3704 TosIde - ok 17:04:05.0703 3704 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 17:04:05.0859 3704 tunmp - ok 17:04:05.0984 3704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 17:04:06.0171 3704 Udfs - ok 17:04:06.0265 3704 ultra - ok 17:04:06.0421 3704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 17:04:06.0609 3704 Update - ok 17:04:06.0796 3704 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 17:04:06.0875 3704 USBAAPL - ok 17:04:07.0000 3704 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 17:04:07.0156 3704 usbaudio - ok 17:04:07.0296 3704 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys 17:04:07.0375 3704 usbbus - ok 17:04:07.0515 3704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:04:07.0671 3704 usbccgp - ok 17:04:07.0843 3704 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys 17:04:07.0906 3704 UsbDiag - ok 17:04:08.0062 3704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:04:08.0187 3704 usbehci - ok 17:04:08.0328 3704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:04:08.0453 3704 usbhub - ok 17:04:08.0562 3704 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys 17:04:08.0609 3704 USBModem - ok 17:04:08.0750 3704 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:04:08.0906 3704 usbohci - ok 17:04:09.0062 3704 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:04:09.0203 3704 usbprint - ok 17:04:09.0343 3704 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:04:09.0484 3704 usbscan - ok 17:04:09.0640 3704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:04:09.0796 3704 USBSTOR - ok 17:04:09.0890 3704 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 17:04:10.0046 3704 usbvideo - ok 17:04:10.0140 3704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 17:04:10.0281 3704 VgaSave - ok 17:04:10.0359 3704 ViaIde - ok 17:04:10.0437 3704 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 17:04:10.0593 3704 VolSnap - ok 17:04:10.0765 3704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:04:10.0921 3704 Wanarp - ok 17:04:11.0109 3704 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 17:04:11.0265 3704 Wdf01000 - ok 17:04:11.0328 3704 WDICA - ok 17:04:11.0468 3704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 17:04:11.0640 3704 wdmaud - ok 17:04:11.0843 3704 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 17:04:11.0953 3704 WpdUsb - ok 17:04:12.0125 3704 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 17:04:12.0296 3704 WS2IFSL - ok 17:04:12.0421 3704 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 17:04:12.0531 3704 WSTCODEC - ok 17:04:12.0671 3704 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:04:12.0828 3704 WudfPf - ok 17:04:13.0000 3704 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:04:13.0046 3704 WudfRd - ok 17:04:13.0109 3704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 17:04:13.0421 3704 \Device\Harddisk0\DR0 - ok 17:04:13.0421 3704 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR10 17:04:13.0546 3704 \Device\Harddisk3\DR10 - ok 17:04:13.0546 3704 Boot (0x1200) (0cc9a6f2e37a9b6881415ae1b0dc5d36) \Device\Harddisk0\DR0\Partition0 17:04:13.0546 3704 \Device\Harddisk0\DR0\Partition0 - ok 17:04:13.0562 3704 Boot (0x1200) (795b2d0e4dc68815b1e13dd581b12168) \Device\Harddisk3\DR10\Partition0 17:04:13.0562 3704 \Device\Harddisk3\DR10\Partition0 - ok 17:04:13.0562 3704 ============================================================ 17:04:13.0562 3704 Scan finished 17:04:13.0562 3704 ============================================================ 17:04:13.0703 3568 Detected object count: 4 17:04:13.0703 3568 Actual detected object count: 4 17:06:21.0375 3568 AFD ( UnsignedFile.Multi.Generic ) - skipped by user 17:06:21.0375 3568 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:06:21.0375 3568 fixustor ( UnsignedFile.Multi.Generic ) - skipped by user 17:06:21.0375 3568 fixustor ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:06:21.0375 3568 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user 17:06:21.0375 3568 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:06:21.0375 3568 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by userAll processes killed ========== PROCESSES ========== ========== FILES ========== C:\RECYCLER\S-1-5-21-1844237615-725345543-1363816085-1004 folder moved successfully. C:\RECYCLER folder moved successfully. recycler not found in H:\ C:\RECYCLER(2)\S-1-5-21-1844237615-725345543-1363816085-1004(2) folder moved successfully. C:\RECYCLER(2) folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 26639 bytes ->Flash cache emptied: 434 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41044 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 13205 bytes ->Flash cache emptied: 86531 bytes User: user ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 740765 bytes ->Java cache emptied: 340 bytes ->Apple Safari cache emptied: 2383872 bytes ->Flash cache emptied: 48302 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2390 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 57095 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 3.00 mb Restore point Set: OTL Restore Point (0) [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes User: user ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator ->Java cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: NetworkService ->Java cache emptied: 0 bytes User: user ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01072012_170955 Files\Folders moved on Reboot... Registry entries deleted on Reboot... 17:06:21.0375 3568 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  9. As requested: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by user at 21:30:15 on 2012-01-05 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.535 [GMT -8:00] . AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Append to existing PDF IE: Convert link target to Adobe PDF IE: Convert link target to existing PDF IE: Convert selected links to Adobe PDF IE: Convert selected links to existing PDF IE: Convert selection to Adobe PDF IE: Convert selection to existing PDF IE: Convert to Adobe PDF IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: chinovalleynjb.com\www Trusted Zone: edjoin.org\www Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: njbl.org\www DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221803374671 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2010-5-9 6016] S1 MpKsl1d2df685;MpKsl1d2df685;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3849b135-24e7-4901-b907-8dce2bf4b988}\mpksl1d2df685.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3849b135-24e7-4901-b907-8dce2bf4b988}\MpKsl1d2df685.sys [?] S1 MpKsl2c3714f0;MpKsl2c3714f0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0faedf0d-112d-4ddd-b0d1-a2930925e591}\mpksl2c3714f0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0faedf0d-112d-4ddd-b0d1-a2930925e591}\MpKsl2c3714f0.sys [?] S1 MpKsl41008c5b;MpKsl41008c5b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e6d9-b9a9-46e1-bd71-4b3b602b6f36}\mpksl41008c5b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bfd8e6d9-b9a9-46e1-bd71-4b3b602b6f36}\MpKsl41008c5b.sys [?] S1 MpKsl5e2283fc;MpKsl5e2283fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4719127-d921-4ac4-9b13-85fd4b05cdba}\mpksl5e2283fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4719127-d921-4ac4-9b13-85fd4b05cdba}\MpKsl5e2283fc.sys [?] S1 MpKsl6e05e560;MpKsl6e05e560;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61be21d9-f607-4952-83e5-73e7c726e384}\mpksl6e05e560.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{61be21d9-f607-4952-83e5-73e7c726e384}\MpKsl6e05e560.sys [?] S1 MpKsl71b58d5a;MpKsl71b58d5a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4719127-d921-4ac4-9b13-85fd4b05cdba}\mpksl71b58d5a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4719127-d921-4ac4-9b13-85fd4b05cdba}\MpKsl71b58d5a.sys [?] S1 MpKsl9a0040e2;MpKsl9a0040e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3c7c540-0726-4cfa-b56e-f1336338797c}\mpksl9a0040e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3c7c540-0726-4cfa-b56e-f1336338797c}\MpKsl9a0040e2.sys [?] S1 MpKslb52ae151;MpKslb52ae151;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e23286c-a90b-4636-8bd9-d69141c14f9d}\mpkslb52ae151.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e23286c-a90b-4636-8bd9-d69141c14f9d}\MpKslb52ae151.sys [?] S1 MpKslc3465fb5;MpKslc3465fb5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba1fa3ba-4377-4fcc-aafa-3c6726bdccd1}\mpkslc3465fb5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ba1fa3ba-4377-4fcc-aafa-3c6726bdccd1}\MpKslc3465fb5.sys [?] S1 MpKslcf079d03;MpKslcf079d03;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79f0d45f-cd73-4df6-ba9d-1ed5aa47b74a}\mpkslcf079d03.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{79f0d45f-cd73-4df6-ba9d-1ed5aa47b74a}\MpKslcf079d03.sys [?] S1 MpKsld7edca2f;MpKsld7edca2f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{501d5796-fe84-47f6-b23b-072c44308030}\mpksld7edca2f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{501d5796-fe84-47f6-b23b-072c44308030}\MpKsld7edca2f.sys [?] S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680] . =============== Created Last 30 ================ . 2012-01-05 19:44:00 6881616 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{39338730-af56-4f67-8a67-c999336a79b1}\mpengine.dll 2012-01-05 19:41:21 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-01-05 19:41:21 -------- d-----w- c:\windows\system32\wbem\Repository 2012-01-05 10:55:20 -------- d-sh--w- C:\RECYCLER(2) 2012-01-05 05:07:51 -------- d-sha-r- C:\cmdcons 2012-01-05 05:02:59 98816 ----a-w- c:\windows\sed.exe 2012-01-05 05:02:59 518144 ----a-w- c:\windows\SWREG.exe 2012-01-05 05:02:59 256000 ----a-w- c:\windows\PEV.exe 2012-01-05 05:02:59 208896 ----a-w- c:\windows\MBR.exe 2012-01-03 10:18:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-03 10:18:09 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-03 06:41:01 14664 ----a-w- c:\windows\stinger.sys 2011-12-27 03:21:10 204 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\localcopy\{3B93301C-7169-B4B2-E07C-444CF1F37A25}-tmp60220f69.bat 2011-12-27 03:20:04 -------- d-----w- c:\documents and settings\user\application data\Zeorcag 2011-12-24 01:51:49 256 ----a-w- c:\windows\system32\MSIevent.bat 2011-12-24 01:51:48 260 ----a-w- c:\windows\system32\cmdVBS.vbs . ==================== Find3M ==================== . 2011-12-29 04:50:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-15 22:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 21:30:34.03 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 9/16/2008 2:29:42 AM System Uptime: 1/5/2012 11:42:48 AM (10 hours ago) . Motherboard: Winfast | | 6100K8MB Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2210/201mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 57 GiB total, 11.491 GiB free. D: is CDROM () E: is CDROM () F: is Removable G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP588: 1/3/2012 2:16:24 AM - Installed Java 6 Update 30 RP589: 1/3/2012 10:38:08 PM - Removed Home Designer Tutorial Training Videos RP590: 1/3/2012 11:09:53 PM - Removed Home Designer Suite 8 RP591: 1/5/2012 2:54:19 AM - Restore Operation RP592: 1/5/2012 11:37:45 AM - Restore Operation . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Acrobat.com Adobe Acrobat 4.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.4.7 Adobe Shockwave Player 11.5 Ahead Nero Burning ROM Apple Application Support Apple Mobile Device Support Apple Software Update AutoBackup BufferChm C5500 C5500_Help Cards_Calendar_OrderGift_DoMorePlugout Compatibility Pack for the 2007 Office system Copy Coupon Printer for Windows CreataCard Gold 2 Destination Component DeviceDiscovery DocProc DocProcQFolder eSupportQFolder EvilLyrics FreeAgent Pro Tools FTP Explorer GPBaseService GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) HP Imaging Device Functions 11.0 HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4 HP Photosmart Essential 3.5 HP Solution Center 13.0 HP Update HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPPhotoSmartPhotobookWebPack1 HPProductAssistant InterVideo WinDVD 4 iTunes Java Auto Updater Java 6 Update 30 LG USB Modem driver Malwarebytes Anti-Malware version 1.60.0.1800 McAfee Virtual Technician Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft IntelliType Pro 6.3 Microsoft Office Converter Pack Microsoft Office FrontPage 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Professional Edition 2003 Microsoft Organization Chart 2.0 Microsoft PhotoDraw 2000 V2 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works 6-9 Converter MSVCSetup MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers NVIDIA nView Desktop Manager NVIDIA PhysX OCR Software by I.R.I.S. 10.0 PanoStandAlone PS_AIO_04_C5500_ProductContext PS_AIO_04_C5500_Software PS_AIO_04_C5500_Software_Min PSSWCORE QuickTime Realtek AC'97 Audio SanDisk ImageMate Reader/Writer Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB975558) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982802) SolutionCenter Spybot - Search & Destroy Status System Requirements Lab TaxACT 2010 TaxACT 2010 California Toolbox TrayApp Tweak UI UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB971029) Verizon Broadband Toolbar (IE only) Verizon Help and Support Tool Verizon Servicepoint 1.5.24 VideoToolkit01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VMN Toolbar Vz In Home Agent WebFldrs XP WebReg Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 1/5/2012 3:03:58 AM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742). 1/5/2012 1:41:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2261.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80080005 Error description: Server execution failed 1/4/2012 9:24:32 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network. 1/4/2012 9:24:32 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network. 1/4/2012 9:24:32 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450 1/4/2012 9:09:21 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 1/4/2012 9:04:50 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 1/4/2012 8:54:00 AM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402 1/4/2012 7:54:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402 1/4/2012 7:02:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1952.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 1/4/2012 6:54:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1952.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 1/4/2012 6:54:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402 1/4/2012 6:46:12 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 1/4/2012 6:22:23 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1952.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 1/4/2012 6:17:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1952.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 1/4/2012 5:54:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402 1/4/2012 4:54:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 1/4/2012 3:54:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402 1/4/2012 2:54:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402 1/4/2012 2:28:48 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1952.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 1/4/2012 12:54:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 1/4/2012 1:54:01 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402 1/3/2012 9:54:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 1/3/2012 9:54:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 1/3/2012 8:54:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402 1/3/2012 7:54:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402 1/3/2012 6:54:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 1/3/2012 6:22:07 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1952.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 1/3/2012 5:54:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 1/3/2012 4:54:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 1/3/2012 3:54:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402 1/3/2012 2:54:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402 1/3/2012 12:54:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 1/3/2012 11:54:01 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 1/3/2012 11:54:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 1/3/2012 10:54:02 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 1/3/2012 10:54:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 1/3/2012 1:54:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402 . ==== End Of File ===========================
  10. Very similar to other posts regarding this topic.... Windows XP SP3 machine battled XP Security 2012 pop-ups for a few days with MalwareByte's, SpyBot S&D, and MS Security Essentials. Seemed to have stopped except for constant browser redirects. Hastily ran a few other scanners and then ComboFix which stated deep cleaning for rootkit.zeroaccess with final run leaving no internet access. Reran ComboFix with same results. After reading your forum posts I see I jumped the gun with Combofix. Please advise.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.