Jump to content

EDFL

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. EDFL
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=756bc664e41d244e8357559b39e44110 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-10 10:24:54 # local_time=2012-07-10 06:24:54 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=3073 16777213 80 71 0 19358704 0 0 # compatibility_mode=5891 16776533 42 92 0 9070024 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=50871 # found=0 # cleaned=0 # scan_time=7007 Results of screen317's Security Check version 0.99.42 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ESET Online Scanner v3 COMODO Internet Security Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.61.0.1400 CCleaner Java 6 Update 11 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 2% ````````````````````End of Log``````````````````````
  2. EDFL
    ComboFix 12-07-10.01 - Edward 07/10/2012 15:33:28.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.600 [GMT -4:00] Running from: c:\documents and settings\Edward\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Edward\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 19:29 . 2012-07-10 19:29 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{537EE861-3EA6-443E-8814-F8BE0FD4F3DE}\MpKslbc638402.sys 2012-07-10 19:28 . 2012-07-10 19:28 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{537EE861-3EA6-443E-8814-F8BE0FD4F3DE}\offreg.dll 2012-07-10 17:51 . 2012-05-31 00:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{537EE861-3EA6-443E-8814-F8BE0FD4F3DE}\mpengine.dll 2012-07-09 15:46 . 2012-07-09 15:46 -------- d-----w- c:\program files\CCleaner 2012-07-09 15:06 . 2012-05-31 00:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 18:10 . 2012-07-08 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2012-07-08 18:10 . 2012-07-08 18:10 -------- d-----w- c:\documents and settings\Edward\Application Data\Canneverbe Limited 2012-07-08 18:09 . 2012-07-08 18:09 -------- d-----w- c:\program files\CDBurnerXP 2012-07-08 15:21 . 2012-07-08 17:25 -------- d-----w- c:\program files\nLite 2012-07-07 20:27 . 2012-07-07 20:30 -------- d-----w- c:\windows\SxsCaPendDel 2012-07-07 19:22 . 2012-07-07 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2012-07-07 19:22 . 2012-07-07 19:22 -------- d-----w- c:\program files\COMODO 2012-07-07 16:13 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-07 16:10 . 2012-06-04 21:35 222448 ----a-w- c:\windows\system32\muweb.dll 2012-07-07 16:10 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-07-07 16:09 . 2012-07-07 16:10 -------- d-----w- c:\program files\Microsoft Security Client 2012-07-07 15:04 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-07 15:01 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-07-06 13:56 . 2012-07-06 13:57 -------- d-----w- c:\documents and settings\Administrator 2012-07-05 22:00 . 2012-07-05 22:00 -------- d-----w- c:\documents and settings\Edward\Application Data\Malwarebytes 2012-07-05 22:00 . 2012-07-05 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-07-05 22:00 . 2012-07-05 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-05 22:00 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-19 16:40 . 2012-07-09 23:05 -------- d-----w- c:\documents and settings\Edward\Local Settings\Application Data\Deployment 2012-06-15 06:30 . 2012-07-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-06-15 06:30 . 2012-06-15 06:30 -------- d-----w- c:\program files\Spybot - Search & Destroy . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-08 03:14 . 2012-06-08 02:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-08 03:14 . 2012-06-08 02:52 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 21:35 . 2009-08-07 00:23 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2007-07-31 18:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2010-01-22 18:18 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2010-01-22 18:18 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2007-07-31 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2010-01-22 18:18 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2010-01-22 18:18 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2008-04-15 12:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2007-07-31 18:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2007-07-31 18:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2007-07-31 18:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2010-01-22 18:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2008-04-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2010-03-16 01:07 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2009-08-14 13:21 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2010-03-16 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 14:42 . 2009-03-08 08:34 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 11:38 . 2009-03-08 08:35 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2010-02-11 19:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2010-02-11 19:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2008-04-15 12:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-10_17.47.41 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-10 19:18 . 2012-07-10 19:18 16384 c:\windows\temp\Perflib_Perfdata_7c8.dat + 2008-06-25 01:26 . 2012-07-10 19:23 72582 c:\windows\system32\perfc009.dat - 2008-06-25 01:26 . 2012-07-10 17:07 72582 c:\windows\system32\perfc009.dat + 2008-06-25 01:26 . 2012-07-10 19:23 443482 c:\windows\system32\perfh009.dat - 2008-06-25 01:26 . 2012-07-10 17:07 443482 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Edward\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536] "Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808] . c:\documents and settings\Edward\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Edward^Start Menu^Programs^Startup^Microsoft Find Fast.lnk] path=c:\documents and settings\Edward\Start Menu\Programs\Startup\Microsoft Find Fast.lnk backup=c:\windows\pss\Microsoft Find Fast.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-12-03 09:34 35184 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-15 21:46 135168 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-15 21:46 131072 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-06-15 00:58 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2009-03-30 20:47 483428 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Edward\\Application Data\\mjusbsp\\magicJack.exe"= . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/19/2011 6:59 PM 494816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/19/2011 6:59 PM 31704] R1 MpKslbc638402;MpKslbc638402;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{537EE861-3EA6-443E-8814-F8BE0FD4F3DE}\MpKslbc638402.sys [7/10/2012 3:29 PM 29904] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/14/2009 8:47 PM 113664] S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [5/31/2011 10:35 AM 81920] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 5:03 PM 38912] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/14/2009 8:48 PM 160256] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLBC638402 . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 15:40 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(488) c:\windows\system32\guard32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\guard32.dll . - - - - - - - > 'explorer.exe'(1280) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-07-10 15:42:30 ComboFix-quarantined-files.txt 2012-07-10 19:42 ComboFix2.txt 2012-07-10 17:50 . Pre-Run: 146,923,122,688 bytes free Post-Run: 146,908,569,600 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 74E87C8C7AC80BAB7CB727BEBE4C529B
  3. EDFL
    Chris, MBAM full scan log (safe mode) folllows. Then ran ComboFix (Windows XP Recovery Console could not be installed and run when prompted) and log follows. Note that when I opened IE after that, default browser had changed. Ran DDS log next which follows. Ed Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.09 Windows XP Service Pack 3 x86 NTFS (Safe Mode) Internet Explorer 8.0.6001.18702 Edward :: EDHPMINI [administrator] 7/10/2012 11:52:51 AM mbam-log-2012-07-10 (11-52-51).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 255794 Time elapsed: 1 hour(s), 5 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ComboFix 12-07-10.01 - Edward 07/10/2012 13:40:55.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.609 [GMT -4:00] Running from: c:\documents and settings\Edward\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\HP\HPBTWD.exe c:\windows\offitems.log . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 00:39 . 2012-05-31 00:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{07A4CB85-D57C-44E8-9CAE-2AAADDC4008E}\mpengine.dll 2012-07-09 15:46 . 2012-07-09 15:46 -------- d-----w- c:\program files\CCleaner 2012-07-09 15:06 . 2012-05-31 00:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-08 18:10 . 2012-07-08 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2012-07-08 18:10 . 2012-07-08 18:10 -------- d-----w- c:\documents and settings\Edward\Application Data\Canneverbe Limited 2012-07-08 18:09 . 2012-07-08 18:09 -------- d-----w- c:\program files\CDBurnerXP 2012-07-08 15:21 . 2012-07-08 17:25 -------- d-----w- c:\program files\nLite 2012-07-07 20:27 . 2012-07-07 20:30 -------- d-----w- c:\windows\SxsCaPendDel 2012-07-07 19:22 . 2012-07-07 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2012-07-07 19:22 . 2012-07-07 19:22 -------- d-----w- c:\program files\COMODO 2012-07-07 16:13 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-07 16:10 . 2012-06-04 21:35 222448 ----a-w- c:\windows\system32\muweb.dll 2012-07-07 16:10 . 2012-06-02 19:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-07-07 16:09 . 2012-07-07 16:10 -------- d-----w- c:\program files\Microsoft Security Client 2012-07-07 15:04 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-07 15:01 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-07-06 13:56 . 2012-07-06 13:57 -------- d-----w- c:\documents and settings\Administrator 2012-07-05 22:00 . 2012-07-05 22:00 -------- d-----w- c:\documents and settings\Edward\Application Data\Malwarebytes 2012-07-05 22:00 . 2012-07-05 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-07-05 22:00 . 2012-07-05 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-05 22:00 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-19 16:40 . 2012-07-09 23:05 -------- d-----w- c:\documents and settings\Edward\Local Settings\Application Data\Deployment 2012-06-15 06:30 . 2012-07-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-06-15 06:30 . 2012-06-15 06:30 -------- d-----w- c:\program files\Spybot - Search & Destroy . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-08 03:14 . 2012-06-08 02:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-08 03:14 . 2012-06-08 02:52 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 21:35 . 2009-08-07 00:23 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2007-07-31 18:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2010-01-22 18:18 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2010-01-22 18:18 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2007-07-31 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2010-01-22 18:18 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2010-01-22 18:18 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2008-04-15 12:00 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2007-07-31 18:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2007-07-31 18:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2007-07-31 18:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2010-01-22 18:18 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-05-31 13:22 . 2008-04-15 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2010-03-16 01:07 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2009-08-14 13:21 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2010-03-16 01:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 14:42 . 2009-03-08 08:34 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 11:38 . 2009-03-08 08:35 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16 . 2010-02-11 19:12 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2010-02-11 19:12 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2008-04-15 12:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Edward\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536] "Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 6676808] . c:\documents and settings\Edward\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Edward^Start Menu^Programs^Startup^Microsoft Find Fast.lnk] path=c:\documents and settings\Edward\Start Menu\Programs\Startup\Microsoft Find Fast.lnk backup=c:\windows\pss\Microsoft Find Fast.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-12-03 09:34 35184 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-15 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-15 21:46 135168 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-02-17 06:30 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-15 21:46 131072 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-06-15 00:58 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp] 2009-03-30 20:47 483428 ----a-w- c:\program files\IDT\WDM\sttray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Edward\\Application Data\\mjusbsp\\magicJack.exe"= . R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [12/19/2011 6:59 PM 494816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/19/2011 6:59 PM 31704] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/14/2009 8:47 PM 113664] S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [5/31/2011 10:35 AM 81920] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 5:03 PM 38912] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [6/14/2009 8:48 PM 160256] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.10.1 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 13:47 Windows 5.1.2600 Service Pack 3 NTFS . detected NTDLL code modification: ZwClose . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(488) c:\windows\system32\guard32.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(544) c:\windows\system32\guard32.dll . Completion time: 2012-07-10 13:50:06 ComboFix-quarantined-files.txt 2012-07-10 17:50 . Pre-Run: 146,951,643,136 bytes free Post-Run: 146,939,707,392 bytes free . - - End Of File - - 90EF68717F0629F2D4E544E8A680749B . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Edward at 14:11:13 on 2012-07-10 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.515 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: COMODO Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs c:\Program Files\Microsoft Security Client\MsMpEng.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\syncables\syncables desktop\Syncables.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\syncables\syncables desktop\MigoMapi.exe svchost.exe C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll uRun: [cdloader] "c:\documents and settings\edward\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h StartupFolder: c:\docume~1\edward\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341673129609 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341692565031 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{7A4E10C4-B481-4152-AFB4-4DC65DD78684} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494816] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 31704] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2011-5-31 81920] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-12-19 1960584] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-14 160256] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] . =============== Created Last 30 ================ . 2012-07-10 17:51:25 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{537ee861-3ea6-443e-8814-f8be0fd4f3de}\mpengine.dll 2012-07-10 17:35:56 98816 ----a-w- c:\windows\sed.exe 2012-07-10 17:35:56 518144 ----a-w- c:\windows\SWREG.exe 2012-07-10 17:35:56 256000 ----a-w- c:\windows\PEV.exe 2012-07-10 17:35:56 208896 ----a-w- c:\windows\MBR.exe 2012-07-09 15:46:27 -------- d-----w- c:\program files\CCleaner 2012-07-09 15:06:07 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-08 18:10:06 -------- d-----w- c:\documents and settings\all users\application data\Canneverbe Limited 2012-07-08 18:10:05 -------- d-----w- c:\documents and settings\edward\application data\Canneverbe Limited 2012-07-08 15:21:47 -------- d-----w- c:\program files\nLite 2012-07-07 20:27:45 -------- d-----w- c:\windows\SxsCaPendDel 2012-07-07 19:22:39 -------- d-----w- c:\documents and settings\all users\application data\Comodo 2012-07-07 19:22:31 -------- d-----w- c:\program files\COMODO 2012-07-07 16:13:58 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-07 16:10:39 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-07-07 16:10:39 222448 ----a-w- c:\windows\system32\muweb.dll 2012-07-07 16:10:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-07-07 16:09:56 -------- d-----w- c:\program files\Microsoft Security Client 2012-07-07 15:04:11 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-07-07 15:01:09 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-07-05 22:00:43 -------- d-----w- c:\documents and settings\edward\application data\Malwarebytes 2012-07-05 22:00:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-05 22:00:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-05 22:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-19 16:40:11 -------- d-----w- c:\documents and settings\edward\local settings\application data\Deployment 2012-06-15 06:30:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-15 06:30:17 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy . ==================== Find3M ==================== . 2012-06-08 03:14:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-08 03:14:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec 2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 14:12:30.92 ===============
  4. EDFL
    Yes, I will try to reinstall with the slipstream disk. Right now I'm copying data from my hard drive and should be ready to install later Monday morning.
  5. EDFL
    I've been reading more and just burned a slipstream XP disk with SP3 using nLite on my netbook (another post issue). I was worried about having no firewall protection upon installing XP SP1 from the origninal disk from Dell. Hopefully, this will work. I had to buy more flash drives to get ready. Thank you for you continued help. Ed
  6. EDFL
    Not yet. I've been working on my desktop problems (another post topic) and using the netbook for research. Since my original post, I have restarted XP many times in safe mode and scanned with MBAM, MSE, SuperAntispyware and Spybot - always clean. I installed Comodo firewall, also. I'm a little hesitant to running ComboFix for fear of having 2 machines down - at least not until I have my desktop clean. What do you think? Ed
  7. EDFL
    Should I download Flash_Disinfector.exe on the infected computer before transferring files to the usb drives or on the clean computer when reinstalling files? Shoud the transfers from the infected computed to flash drives and back to the clean computer be done in safe mode? I'm still working on the courage to reformat and reinstall on my infected computer.
  8. EDFL
    Thank you. MBAM Quick Scan log folllows. Will do ComboFix and DDS log next. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.05.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Edward :: EDHPMINI [administrator] 7/6/2012 1:55:55 PM mbam-log-2012-07-06 (13-55-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212365 Time elapsed: 8 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. EDFL
    Ran Malwarebytes yesterday in safe mode on my netbook - found and removed PUM.Hijack.StartMenu. Ran again in safe mode this morning with same result. Thanks in advance for your advice. Ed dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Edward at 10:48:26 on 2012-07-06 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.598 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\STacSV.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HP\HPBTWD.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\syncables\syncables desktop\Syncables.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\syncables\syncables desktop\MigoMapi.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/intl/en uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [cdloader] "c:\documents and settings\edward\application data\mjusbsp\cdloader2.exe" MAGICJACK mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [syncables] c:\program files\syncables\syncables desktop\Syncables.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe StartupFolder: c:\docume~1\edward\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\edward\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264184234343 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{7A4E10C4-B481-4152-AFB4-4DC65DD78684} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2011-5-31 81920] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-14 113664] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-6-14 160256] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?] . =============== Created Last 30 ================ . 2012-07-05 22:00:43 -------- d-----w- c:\documents and settings\edward\application data\Malwarebytes 2012-07-05 22:00:12 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-07-05 22:00:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-05 22:00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-19 16:40:11 -------- d-----w- c:\documents and settings\edward\local settings\application data\Deployment 2012-06-15 06:30:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-06-15 06:30:17 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-06-08 02:52:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-08 02:52:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 10:49:14.81 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 9/21/2009 7:36:40 AM System Uptime: 7/6/2012 10:11:02 AM (0 hours ago) . Motherboard: Hewlett-Packard | | 308F Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 138.365 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Atheros AR8132 PCI-E Fast Ethernet Controller Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1 Manufacturer: Atheros Name: Atheros AR8132 PCI-E Fast Ethernet Controller PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_308F103C&REV_C0\4&23C6FC68&0&00E1 Service: L1c . ==== System Restore Points =================== . RP124: 4/16/2012 6:33:55 PM - System Checkpoint RP125: 4/17/2012 7:29:38 PM - System Checkpoint RP126: 4/18/2012 8:25:17 PM - System Checkpoint RP127: 4/21/2012 12:32:35 PM - Software Distribution Service 3.0 RP128: 6/6/2012 2:54:30 AM - Software Distribution Service 3.0 RP129: 6/8/2012 1:19:12 AM - Software Distribution Service 3.0 RP130: 6/10/2012 1:24:11 AM - System Checkpoint RP131: 6/15/2012 12:52:16 AM - System Checkpoint RP132: 6/18/2012 11:49:32 AM - System Checkpoint RP133: 6/19/2012 8:11:08 PM - System Checkpoint RP134: 6/22/2012 10:58:56 AM - System Checkpoint RP135: 6/24/2012 7:56:38 PM - System Checkpoint RP136: 7/4/2012 9:39:35 PM - System Checkpoint . ==== Installed Programs ====================== . 3ivx MPEG-4 5.0.3 (remove only) Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.0.1 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Broadcom 802.11 Wireless LAN Adapter Default Manager FlipShare Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP BatteryCheck 2.10 A2 HP Doc Viewer HP Help and Support HP Mobile Broadband Setup Utility HP User Guides 0139 HP Wireless Assistant HpSdpAppCoreApp IDT Audio Intel® Graphics Media Accelerator Driver Java 6 Update 11 magicJack Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Live Search Toolbar Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSXML 6.0 Parser Picasa 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Skype Toolbars Skype™ 5.3 SMART BRO Spybot - Search & Destroy SUPERAntiSpyware Synaptics Pointing Device Driver syncables desktop Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB2.0 Card Reader Software Viewpoint Media Player WebFldrs XP Windows Backup Utility Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 7/5/2012 6:11:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 7/5/2012 6:06:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL 7/5/2012 6:05:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  10. EDFL
    Thanks for your reply. I'm a novice, but will reformat and reinstall per your recommendation. I ran Malwarebytes again just now in safe mode (I'm not connected to the internet - cable unplugged) with 4 hits - Trojan.FakeAlert.RO, Trojan.Small, Trojan.Sirefef, Rootkit.OAccess. I've been reading all day the links provided, plus much more online. I'm concerned about my files (Excel, Word, PDFs, photos, etc.) and worry about the risk of copying them to USB drives and then from there to the clean computer. Some have confidential/financial information, and I am following the advice concerning financial institutions. Ed
  11. EDFL
    Clicked on bad Google result website today - no live protection running. Malwarebytes found and removed Trojan.Dropper.PE4. Ran SuperAntispyware and Spybot - no scan hits. Installed Microsoft Security Essentials - no scan hits. Now, "Due to an unidentified problem, Windows cannot display firewall settings". View settings in Windows Explorer and Control Panel have changed. Ran Malwarebytes again - this time found and removed Trojan.ZAccess and Rootkit.0Access. Thank you in advance. dds.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Ed Lang at 23:33:05 on 2012-07-04 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.526 [GMT -4:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\ed lang\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Omnipage] c:\program files\scansoft\omnipagese\opware32.exe mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE mRun: [nwiz] nwiz.exe /install mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE StartupFolder: c:\docume~1\edlang~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: intuit.com\ttlc DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{264DDFCB-BA6F-47E7-9C4E-0AF636FFAE68} : DhcpNameServer = 192.168.10.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] UnknownUnknown sqfirwgc;sqfirwgc; [x] . =============== Created Last 30 ================ . 2012-07-04 23:48:24 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{52bf68b2-bc89-4a42-89c3-c2519f802afb}\mpengine.dll 2012-07-04 23:42:48 -------- d-----w- c:\program files\Microsoft Security Client . ==================== Find3M ==================== . 2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 23:34:35.65 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 12/30/2009 5:46:14 PM System Uptime: 7/4/2012 10:14:46 PM (1 hours ago) . Motherboard: Dell Computer Corp. | | 0J0592 Processor: Intel® Pentium® 4 CPU 2.53GHz | Microprocessor | 2524/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 56 GiB total, 28.704 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP703: 4/6/2012 10:10:51 AM - System Checkpoint RP704: 4/7/2012 1:04:48 PM - System Checkpoint RP705: 4/8/2012 2:17:03 PM - System Checkpoint RP706: 4/9/2012 3:37:12 PM - System Checkpoint RP707: 4/11/2012 12:04:55 AM - System Checkpoint RP708: 4/12/2012 10:51:43 AM - System Checkpoint RP709: 4/12/2012 11:22:31 PM - Software Distribution Service 3.0 RP710: 4/13/2012 12:18:03 AM - Installed TurboTax 2011 wrapper RP711: 4/15/2012 12:08:38 PM - System Checkpoint RP712: 4/16/2012 4:37:07 PM - System Checkpoint RP713: 4/18/2012 1:01:33 AM - System Checkpoint RP714: 4/19/2012 10:24:27 AM - System Checkpoint RP715: 4/20/2012 10:27:12 AM - System Checkpoint RP716: 4/21/2012 12:07:18 PM - System Checkpoint RP717: 4/22/2012 12:44:50 PM - System Checkpoint RP718: 4/23/2012 1:08:05 PM - System Checkpoint RP719: 4/24/2012 2:29:35 PM - System Checkpoint RP720: 4/25/2012 6:31:32 PM - System Checkpoint RP721: 4/26/2012 11:43:42 PM - System Checkpoint RP722: 4/27/2012 11:49:27 PM - System Checkpoint RP723: 4/29/2012 2:39:45 PM - System Checkpoint RP724: 4/30/2012 3:29:43 PM - System Checkpoint RP725: 5/1/2012 10:12:34 PM - System Checkpoint RP726: 5/2/2012 10:53:08 PM - System Checkpoint RP727: 5/4/2012 4:19:02 PM - System Checkpoint RP728: 5/6/2012 1:42:44 PM - System Checkpoint RP729: 5/7/2012 2:28:13 PM - System Checkpoint RP730: 5/9/2012 12:54:10 AM - System Checkpoint RP731: 5/10/2012 10:49:43 AM - System Checkpoint RP732: 5/11/2012 12:25:45 PM - System Checkpoint RP733: 5/12/2012 12:57:56 PM - System Checkpoint RP734: 5/13/2012 5:00:06 PM - System Checkpoint RP735: 5/14/2012 5:02:52 PM - System Checkpoint RP736: 5/15/2012 8:30:36 PM - System Checkpoint RP737: 5/16/2012 8:37:07 PM - System Checkpoint RP738: 5/17/2012 11:28:12 PM - System Checkpoint RP739: 5/19/2012 12:21:19 AM - System Checkpoint RP740: 5/20/2012 12:35:46 AM - System Checkpoint RP741: 5/21/2012 3:03:47 PM - System Checkpoint RP742: 5/22/2012 5:15:52 PM - System Checkpoint RP743: 5/23/2012 8:43:29 PM - System Checkpoint RP744: 5/24/2012 9:05:28 PM - System Checkpoint RP745: 5/25/2012 9:07:22 PM - System Checkpoint RP746: 5/27/2012 12:21:48 PM - System Checkpoint RP747: 5/28/2012 10:44:01 PM - System Checkpoint RP748: 5/29/2012 11:23:15 PM - System Checkpoint RP749: 5/31/2012 1:37:44 PM - System Checkpoint RP750: 6/1/2012 9:43:53 PM - System Checkpoint RP751: 6/2/2012 9:55:01 PM - System Checkpoint RP752: 6/3/2012 10:34:20 PM - System Checkpoint RP753: 6/4/2012 12:53:26 PM - Software Distribution Service 3.0 RP754: 6/5/2012 4:55:00 PM - System Checkpoint RP755: 6/27/2012 7:40:01 PM - System Checkpoint RP756: 6/29/2012 9:28:56 AM - System Checkpoint RP757: 6/30/2012 10:14:33 AM - System Checkpoint RP758: 7/1/2012 10:26:53 AM - System Checkpoint RP759: 7/2/2012 11:24:22 AM - System Checkpoint RP760: 7/3/2012 1:17:28 PM - System Checkpoint RP761: 7/4/2012 1:26:25 PM - System Checkpoint . ==== Installed Programs ====================== . . 3ivx MPEG-4 5.0.3 (remove only) 7-Zip 9.20 Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.4.3 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoBase 3 ArcSoft PhotoStudio 5 Avidemux 2.5 (32-bit) BCM V.92 56K Modem Bonjour Brother 1440 Brownie Canon CanoScan Toolbox 4.0 CanoScan LiDE20,30 Manual Coupon Printer for Windows Dell ResourceCD DING! FileZilla Client 3.3.3 FlipShare Google Chrome Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® PRO Ethernet Adapter and Software iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java™ 6 Update 24 Logitech® Camera Driver Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 97, Professional Edition Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Display Driver NVIDIA Windows 2000/XP Display Drivers OmniPage SE QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Segoe UI Skype Click to Call Skype™ 5.5 SoundMAX Spybot - Search & Destroy SUPERAntiSpyware TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper UMPlayer 0.98 [P3] Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Internet Explorer 8 Multilingual User Interface (MUI) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows XP Service Pack 3 WyldFyre 7 Installed in: C:\PROGRAM FILES\WYLDFYRE\WYLDFYRE 7 Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 7/4/2012 7:44:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 7/4/2012 11:33:08 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0. 7/4/2012 10:15:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde 7/1/2012 9:22:25 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/27/2012 5:55:20 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.