kstmommy

Honorary Members

View Profile See their activity

Posts
143
Joined
March 28, 2013
Last visited
April 12, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by kstmommy

Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Morning. Ok on step 1, under Program Files properties, the read only box isn't technically checkmarked, but it seems to be selected with a green square in the selection. If I de-select it, and hit apply, I get the warning message attached... I cancelled out and did not make any changes until you advise.. Also, as you can see by the image, I have no "security" tab to check. changes.bmp
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Thanks again. Talk to you tomorrow... Vino's Event Viewer v01c run on Windows XP in English Report run at 03/04/2013 10:27:22 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 29/03/2013 12:02:06 AM Type: error Category: 0 Event: 5000 Source: MPSampleSubmission EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL. Log: 'Application' Date/Time: 27/03/2013 11:25:04 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application i4gxdtvj.exe, version 2.1.19155.0, faulting module i4gxdtvj.exe, version 2.1.19155.0, fault address 0x00012288. Log: 'Application' Date/Time: 17/03/2013 10:26:06 PM Type: error Category: 0 Event: 5000 Source: Microsoft Security Client The event description cannot be found. Log: 'Application' Date/Time: 22/02/2013 11:03:25 AM Type: error Category: 0 Event: 1000 Source: Microsoft Office 12 Faulting application winword.exe, version 12.0.6661.5000, stamp 4f7cd9da, faulting module mso.dll, version 12.0.6662.5000, stamp 4fd67dd1, debug? 0, fault address 0x00208953. Log: 'Application' Date/Time: 06/01/2013 10:04:43 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 30/12/2012 6:18:44 PM Type: error Category: 100 Event: 1000 Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Log: 'Application' Date/Time: 30/12/2012 6:18:34 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689. Log: 'Application' Date/Time: 16/11/2012 8:59:04 AM Type: error Category: 0 Event: 5000 Source: MPSampleSubmission EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL. Log: 'Application' Date/Time: 24/10/2012 9:55:05 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 24/10/2012 9:36:34 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 24/10/2012 9:33:33 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application lxdulscn.exe, version 0.0.0.0, faulting module lxdudrs.dll, version 0.1.25.0, fault address 0x0006735a. Log: 'Application' Date/Time: 24/10/2012 9:27:59 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 01/10/2012 1:28:42 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application realplay.exe, version 12.0.1.652, faulting module nevideohd.ax, version 4.6.15.0, fault address 0x00008b89. Log: 'Application' Date/Time: 23/09/2012 1:19:05 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application smsystemanalyzer.exe, version 11.0.5.2, faulting module smsystemanalyzer.exe, version 11.0.5.2, fault address 0x000e0c23. Log: 'Application' Date/Time: 17/09/2012 10:07:36 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application b3vviewer.exe, version 1.0.0.1, faulting module wdmaud.drv, version 5.1.2600.5512, fault address 0x0000461f. Log: 'Application' Date/Time: 14/09/2012 7:11:49 AM Type: error Category: 0 Event: 1103 Source: .NET Runtime Optimization Service .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - information Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 03/04/2013 10:12:29 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 10:12:19 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 9:12:29 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 9:12:19 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 8:12:29 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 8:12:19 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:58:05 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:57:54 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:57:48 PM Type: information Category: 0 Event: 1800 Source: SecurityCenter The Windows Security Center Service has started. Log: 'Application' Date/Time: 03/04/2013 7:57:48 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:57:47 PM Type: information Category: 0 Event: 105 Source: ATI Smart The service was started. Log: 'Application' Date/Time: 03/04/2013 7:53:42 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:53:24 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:53:00 PM Type: information Category: 0 Event: 1800 Source: SecurityCenter The Windows Security Center Service has started. Log: 'Application' Date/Time: 03/04/2013 7:53:00 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:52:59 PM Type: information Category: 0 Event: 105 Source: ATI Smart The service was started. Log: 'Application' Date/Time: 03/04/2013 7:45:25 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 7:45:15 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 6:45:27 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 03/04/2013 6:45:16 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 03/04/2013 10:26:44 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 03/04/2013 10:10:12 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 03/04/2013 9:46:59 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 03/04/2013 9:46:55 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\Setup.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 03/04/2013 9:46:25 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 03/04/2013 3:22:29 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 02/04/2013 6:10:34 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 02/04/2013 6:10:19 PM Type: warning Category: 0 Event: 1524 Source: Userenv Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Log: 'Application' Date/Time: 02/04/2013 11:40:24 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 02/04/2013 6:38:24 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 01/04/2013 10:07:24 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 01/04/2013 5:52:54 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 01/04/2013 5:48:11 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 01/04/2013 5:47:41 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 01/04/2013 10:13:17 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 10:13:49 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user D563PSC1\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 29/03/2013 8:05:38 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 8:01:52 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user D563PSC1\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 29/03/2013 3:08:27 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 9:59:11 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 03/04/2013 8:07:56 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Log: 'System' Date/Time: 03/04/2013 8:07:56 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Log: 'System' Date/Time: 03/04/2013 8:07:56 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Log: 'System' Date/Time: 03/04/2013 7:57:50 PM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 03/04/2013 7:57:48 PM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 03/04/2013 7:57:48 PM Type: error Category: 0 Event: 7023 Source: Service Control Manager The 6to4 service terminated with the following error: The system cannot find the file specified. Log: 'System' Date/Time: 03/04/2013 7:55:50 PM Type: error Category: 0 Event: 7031 Source: Service Control Manager The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Log: 'System' Date/Time: 03/04/2013 7:55:50 PM Type: error Category: 0 Event: 7031 Source: Service Control Manager The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Log: 'System' Date/Time: 03/04/2013 7:55:50 PM Type: error Category: 0 Event: 7034 Source: Service Control Manager The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s). Log: 'System' Date/Time: 03/04/2013 7:55:50 PM Type: error Category: 0 Event: 7031 Source: Service Control Manager The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Log: 'System' Date/Time: 03/04/2013 7:55:50 PM Type: error Category: 0 Event: 7034 Source: Service Control Manager The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s). Log: 'System' Date/Time: 03/04/2013 7:53:03 PM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 03/04/2013 7:53:00 PM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 03/04/2013 7:53:00 PM Type: error Category: 0 Event: 7023 Source: Service Control Manager The 6to4 service terminated with the following error: The system cannot find the file specified. Log: 'System' Date/Time: 03/04/2013 4:46:25 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Log: 'System' Date/Time: 03/04/2013 4:46:25 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9302.0&avdelta=1.147.662.0&asdelta=1.147.662.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved Log: 'System' Date/Time: 03/04/2013 4:46:24 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Log: 'System' Date/Time: 03/04/2013 4:36:23 PM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 03/04/2013 4:36:11 PM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 03/04/2013 4:36:11 PM Type: error Category: 0 Event: 7023 Source: Service Control Manager The 6to4 service terminated with the following error: The system cannot find the file specified. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - information Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 03/04/2013 10:12:29 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the stopped state. Log: 'System' Date/Time: 03/04/2013 10:12:19 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the running state. Log: 'System' Date/Time: 03/04/2013 10:12:19 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Google Update Service (gupdate) service was successfully sent a start control. Log: 'System' Date/Time: 03/04/2013 9:12:29 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the stopped state. Log: 'System' Date/Time: 03/04/2013 9:12:19 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the running state. Log: 'System' Date/Time: 03/04/2013 9:12:19 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Google Update Service (gupdate) service was successfully sent a start control. Log: 'System' Date/Time: 03/04/2013 8:12:29 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the stopped state. Log: 'System' Date/Time: 03/04/2013 8:12:19 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the running state. Log: 'System' Date/Time: 03/04/2013 8:12:19 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Google Update Service (gupdate) service was successfully sent a start control. Log: 'System' Date/Time: 03/04/2013 7:58:43 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The IMAPI CD-Burning COM Service service entered the stopped state. Log: 'System' Date/Time: 03/04/2013 7:58:39 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Remote Access Connection Manager service entered the running state. Log: 'System' Date/Time: 03/04/2013 7:58:29 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The IMAPI CD-Burning COM Service service entered the running state. Log: 'System' Date/Time: 03/04/2013 7:58:29 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The IMAPI CD-Burning COM Service service was successfully sent a start control. Log: 'System' Date/Time: 03/04/2013 7:58:27 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Remote Access Connection Manager service was successfully sent a start control. Log: 'System' Date/Time: 03/04/2013 7:58:27 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Telephony service entered the running state. Log: 'System' Date/Time: 03/04/2013 7:58:26 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The SSDP Discovery Service service entered the running state. Log: 'System' Date/Time: 03/04/2013 7:58:25 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The SSDP Discovery Service service was successfully sent a start control. Log: 'System' Date/Time: 03/04/2013 7:58:05 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the stopped state. Log: 'System' Date/Time: 03/04/2013 7:58:04 PM Type: information Category: 0 Event: 2 Source: nvata Device identified. Log: 'System' Date/Time: 03/04/2013 7:58:04 PM Type: information Category: 0 Event: 2 Source: nvata Device identified. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 03/04/2013 7:51:06 AM Type: warning Category: 0 Event: 36 Source: W32Time The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Log: 'System' Date/Time: 01/04/2013 11:35:15 AM Type: warning Category: 0 Event: 4 Source: bcm4sbxp Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected. Log: 'System' Date/Time: 01/04/2013 11:29:43 AM Type: warning Category: 0 Event: 1007 Source: Dhcp Your computer has automatically configured the IP address for the Network Card with network address 00188B6FB993. The IP address being used is 169.254.13.98. Log: 'System' Date/Time: 29/03/2013 1:31:14 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 29/03/2013 1:06:54 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 28/03/2013 2:12:29 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 27/03/2013 7:19:36 PM Type: warning Category: 0 Event: 1073 Source: USER32 The attempt to power off D563PSC1 failed Log: 'System' Date/Time: 27/03/2013 7:19:15 PM Type: warning Category: 0 Event: 1073 Source: USER32 The attempt to reboot D563PSC1 failed Log: 'System' Date/Time: 27/03/2013 6:07:30 PM Type: warning Category: 0 Event: 1116 Source: Microsoft Antimalware Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentBypass.gen!K&threatid=2147599269 Name: Trojan:Win32/AgentBypass.gen!K ID: 2147599269 Severity: Severe Category: Trojan Path: file:_C:\Documents and Settings\All Users\Application Data\izihyh.dat;regkey:_HKCU@S-1-5-21-706684962-979399936-124493050-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\izihyh;runkey:_HKCU@S-1-5-21-706684962-979399936-124493050-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\izihyh Detection Origin: Local machine Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.147.594.0, AS: 1.147.594.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9302.0, NIS: 0.0.0.0 Log: 'System' Date/Time: 27/03/2013 6:04:39 PM Type: warning Category: 0 Event: 1116 Source: Microsoft Antimalware Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentBypass.gen!K&threatid=2147599269 Name: Trojan:Win32/AgentBypass.gen!K ID: 2147599269 Severity: Severe Category: Trojan Path: file:_C:\Documents and Settings\All Users\Application Data\izihyh.dat Detection Origin: Local machine Detection Type: Heuristics Detection Source: Real-Time Protection User: D563PSC1\Mom Process Name: C:\WINDOWS\system32\regsvr32.exe Signature Version: AV: 1.147.594.0, AS: 1.147.594.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9302.0, NIS: 0.0.0.0 Log: 'System' Date/Time: 18/03/2013 7:01:19 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 18/03/2013 6:29:33 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 17/03/2013 2:59:41 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Uninstalled MBAM, reinstalled in the correct path, got error message. I've attached it since I'm not sure you've seen this one. Will wait for beefing up info.. Won't touch regedit, not even confident enough without instruction. Won't touch MSE files again, I just was trying to see if I got the same software errors. I wasn't going to run any scans or anything, just see if anything would open. Edited to clarify above.. error2.bmp
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Oops forgot to mention... I tried running a few MSE files, like setup, the main exe, and am still getting the software policy error...
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Results of screen317's Security Check version 0.99.61 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Free Antivirus ESET Online Scanner v3 OPSWAT AntiVirus and Firewall Integration Libraries iolo technologies' System Mechanic `````````Anti-malware/Other Utilities Check:````````` Deal Spy SUPERAntiSpyware Windows Defender Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Adobe Flash Player 11.6.602.180 Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

I hope we're close too! I'm so annoyed with this machine! Since I installed MBAM in the downloads directory, I can open it just fine right now. When it's in the correct location (Program Files) is when I wasn't able to run it. Should I uninstall this one, and install a new one in the correct directory, and THEN try to open it normally? I can't do updates yet until I get either a new networking card or USB wireless or something, as it has no internet. I'm downloading whatever I need, saving it to the flash drive, then to the pc. Another concern is the malingering presence of Microsoft Security Essentials. I can't get rid of it, or use it. I tried that Fix it for me thing you had me do, but it's still there as far as I know. There's still a directory for it and files, so IDK. Should I go in the regedit and delete stuff manually (with instruction ONLY) or what? What beefing up do you suggest? I was always told that a good free Antivirus like MSE or Avast along with Windows Firewall was efficient enough? Scan results are below... please advise of next steps.
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Did Change Services thing sucessfully... Both scans completed... All processes killed ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers\\C:\WINDOWS\explorer.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers\\C:\WINDOWS\system32\rundll32.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Mom ->Temp folder emptied: 90059 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 25992 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Owner ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser.D563PSC1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 28310 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: Mom ->Flash cache emptied: 0 bytes User: NetworkService ->Flash cache emptied: 0 bytes User: Owner User: UpdatusUser ->Flash cache emptied: 0 bytes User: UpdatusUser.D563PSC1 ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User User: LocalService User: Mom ->Java cache emptied: 0 bytes User: NetworkService User: Owner User: UpdatusUser User: UpdatusUser.D563PSC1 Total Java Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04032013_195549 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.70.0.1100 Date Log Created: 04/03/13 Time Log Created: 19:59:39 User Account type: Administrator 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Home Edition Proxy Status: No proxy is Set LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (State is stopped) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Service and Driver Status: ========================== <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAMScheduler Registry Values: ============================== MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 1 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 startipdisabled REG_DWORD 0 silentipmode REG_DWORD 0 autoquarantine REG_DWORD 1 notifyinstallprogram REG_DWORD 1 trialpromptshown REG_DWORD 0 autoquarantinenotify REG_DWORD 1 InstallPath REG_SZ C:\downloads\Malwarebytes' Anti-Malware dbdate REG_SZ Fri, 14 Dec 2012 20:56:34 GMT dbversion REG_SZ v2012.12.14.11 programversion REG_SZ 1.70.0.1100 programbuild REG_SZ consumer HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 1 terminateie REG_DWORD 0 Language REG_SZ English.lng selectedrives REG_SZ C:\| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.5.3-dev (a) Inno Setup: App Path REG_SZ C:\downloads\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Mom Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100 DisplayIcon REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.70.0.1100 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20130401 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 70 Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Scheduler Queue: ================ Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ MBAM Drivers: ============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 21104 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 1 ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 C:\WINDOWS\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34 C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= C:\downloads\Malwarebytes' Anti-Malware changes.txt File Size: 2128 BYTES license.rtf File Size: 17916 BYTES mbam.chm File Size: 469873 BYTES mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0 mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9 mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0 mbamext.dll File Size: 79208 BYTES FileVersion: 1.70.0.0 mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0 mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0 mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0 mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0 mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 15036 BYTES unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 11277 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\downloads\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 216424 BYTES firefox.exe File Size: 216424 BYTES firefox.pif File Size: 216424 BYTES firefox.scr File Size: 216424 BYTES iexplore.exe File Size: 216424 BYTES mbam-chameleon.com File Size: 216424 BYTES mbam-chameleon.exe File Size: 216424 BYTES mbam-chameleon.pif File Size: 216424 BYTES mbam-chameleon.scr File Size: 216424 BYTES mbam-killer.exe File Size: 894312 BYTES rundll32.exe File Size: 216424 BYTES svchost.exe File Size: 216424 BYTES winlogon.exe File Size: 216424 BYTES C:\downloads\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21728 BYTES belarusian.lng File Size: 26766 BYTES bosnian.lng File Size: 26988 BYTES bulgarian.lng File Size: 27400 BYTES catalan.lng File Size: 28114 BYTES chineseSI.lng File Size: 10970 BYTES chineseTR.lng File Size: 11894 BYTES croatian.lng File Size: 26576 BYTES czech.lng File Size: 24682 BYTES danish.lng File Size: 26434 BYTES dutch.lng File Size: 28142 BYTES english.lng File Size: 24418 BYTES estonian.lng File Size: 25014 BYTES finnish.lng File Size: 25770 BYTES french.lng File Size: 29674 BYTES german.lng File Size: 29698 BYTES greek.lng File Size: 29116 BYTES hebrew.lng File Size: 19202 BYTES hungarian.lng File Size: 28430 BYTES italian.lng File Size: 28022 BYTES japanese.lng File Size: 16140 BYTES korean.lng File Size: 14096 BYTES latvian.lng File Size: 26916 BYTES lithuanian.lng File Size: 27664 BYTES macedonian.lng File Size: 28864 BYTES norwegian.lng File Size: 24978 BYTES polish.lng File Size: 26484 BYTES portugueseBR.lng File Size: 28544 BYTES portuguesePT.lng File Size: 28904 BYTES romanian.lng File Size: 28090 BYTES russian.lng File Size: 27134 BYTES serbian.lng File Size: 26662 BYTES slovak.lng File Size: 25486 BYTES slovenian.lng File Size: 24696 BYTES spanish.lng File Size: 29902 BYTES swedish.lng File Size: 25800 BYTES thai.lng File Size: 25884 BYTES turkish.lng File Size: 25800 BYTES vietnamese.lng File Size: 29400 BYTES C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2013-04-01 (23-21-38).txt File Size: 1886 BYTES mbam-log-2013-04-03 (16-52-38).txt File Size: 1842 BYTES mbam-log-2013-04-03 (16-58-19).txt File Size: 1878 BYTES C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE
- April 4, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Sorry it took so long. Almost 2.5 hours. Here's the log. One other thing I wanted to mention was that I have not done the "change services config" thing yet. Let me know if you still want that done. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.14.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 :: FAMILY [administrator] 4/3/2013 4:58:19 PM mbam-log-2013-04-03 (16-58-19).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 475067 Time elapsed: 2 hour(s), 20 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Another quick update... Chameleon is proceeding and started MBAM and started a quick scan on it's own, it's currently running. I will do a full scan upon completion. ETA - Quick scan found nothing. Now running full scan. I'm assuming when I close MBAM, that Chameleon will continue or close? Will post logs when done.
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

No Group Policy Folder in that location... No options for Additional Protection or anything Sandbox anywhere on my version of Avast. I disabled shields until reboot, via right click. I also checked Task Mgr and Avast is still running and it will not let me terminate the process. I am currently running Chameleon, however I get an error right away on the 2nd step (Updating) because I have no internet connection on the pc. I click OK on the error and Chameleon is continuing to run the next step. Do you want me to uninstall Avast for now? I don't know how else to completely disable it. I don't know if it running (even disabled) is interfering with these scans...
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Ok, so before I saw your new instructions, disabled Avast shields, tried the scan again but this time removed flash drive (forgot it was in there), scanned with last 3 additions only, scan completeted, but no log popped up. All but 3 desktop icons disappeared and got new error message. "DW20.EXE - Application Error" The application failed to initialize properly (0xc000012d). Click on OK to terminate Rebooted.... Following new instructions.... be right back...
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

It didn't finish. I've attached a pic of where it got stuck in case it helps. Also, all the sudden my monitor settings keep popping up and disappearing on its own. The same screen that pops up when you hit the settings button on the front where you can adjust contrast etc. You can't get rid of it. It just comes and goes on it's own. This is a new thing... mbam-check result log version: 1.10.0.1000 Malwarebytes Version: REG_SZ 1.70.0.1100 Date Log Created: 04/03/13 Time Log Created: 10:40:41 32 bit Operating System Product Name: REG_SZ Microsoft Windows XP Current Build Number: 2600 Current Version Number: 5.1 Current CSDVersion: Service Pack 3 OS Product Info: Home Edition Proxy Status: No proxy is Set LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE : 1077 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 4 (Disabled) <-- TERMSERVICE SHOULD NOT BE DISABLED Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\WINDOWS\explorer.exe REG_SZ EnableNXShowUI C:\WINDOWS\system32\rundll32.exeREG_SZ EnableNXShowUI HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: ===================== Service and Driver Status: ========================== Can not open SC_HANDLE, Service not running for MBAMProtector Can not open SC_HANDLE, Service not running for MBAMService MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAM DLL's and Runtime Files: ============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid (Default): REG_SZ vbAccelerator Grid Control HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid (Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid (Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid (Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid (Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.ISubclass HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.GSubclass HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID (Default): REG_SZ SSubTimer6.CTimer HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION (Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A} HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1 (Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\vbalsgrid6.ocx HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS (Default): REG_SZ 2 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0 (Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix) HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ssubtmr6.dll HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ ISubclass HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A} (Default): REG_SZ CTimer HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib (Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB} (Default): REG_SZ vbalGrid HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32 (Default): REG_SZ {00020420-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib (Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A} Version REG_SZ 1.1 MBAM Registry Settings and License Info: ======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware advancedheuristics REG_DWORD 1 downloadprogram REG_DWORD 1 hidereg REG_DWORD 0 detectp2p REG_DWORD 1 detectpum REG_DWORD 1 detectpup REG_DWORD 2 updatewarn REG_DWORD 1 updatewarndays REG_DWORD 7 useproxy REG_DWORD 0 useauthentication REG_DWORD 0 contextmenu REG_DWORD 1 reportthreats REG_DWORD 1 startwithwindows REG_DWORD 1 startfsdisabled REG_DWORD 0 startipdisabled REG_DWORD 0 silentipmode REG_DWORD 0 autoquarantine REG_DWORD 1 notifyinstallprogram REG_DWORD 1 trialpromptshown REG_DWORD 0 autoquarantinenotify REG_DWORD 1 InstallPath REG_SZ C:\downloads\Malwarebytes' Anti-Malware dbdate REG_SZ Fri, 14 Dec 2012 20:56:34 GMT dbversion REG_SZ v2012.12.14.11 programversion REG_SZ 1.70.0.1100 programbuild REG_SZ consumer HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware alwaysscanfiles REG_DWORD 1 alwaysscanheuristics REG_DWORD 1 alwaysscanmemory REG_DWORD 1 alwaysscanregistry REG_DWORD 1 alwaysscanstartups REG_DWORD 1 autosavelog REG_DWORD 1 openlog REG_DWORD 1 defaultscan REG_DWORD 1 terminateie REG_DWORD 0 Language REG_SZ English.lng selectedrives REG_SZ C:\| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 Inno Setup: Setup Version REG_SZ 5.5.3-dev (a) Inno Setup: App Path REG_SZ C:\downloads\Malwarebytes' Anti-Malware InstallLocation REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware Inno Setup: User REG_SZ Mom Inno Setup: Selected Tasks REG_SZ desktopicon Inno Setup: Deselected Tasks REG_SZ quicklaunchicon Inno Setup: Language REG_SZ English DisplayName REG_SZ Malwarebytes Anti-Malware version 1.70.0.1100 DisplayIcon REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbam.exe UninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe" QuietUninstallString REG_SZ "C:\downloads\Malwarebytes' Anti-Malware\unins000.exe" /SILENT DisplayVersion REG_SZ 1.70.0.1100 Publisher REG_SZ Malwarebytes Corporation URLInfoAbout REG_SZ http://www.malwarebytes.org NoModify REG_DWORD 1 NoRepair REG_DWORD 1 InstallDate REG_SZ 20130401 MajorVersion REG_DWORD 1 MinorVersion REG_DWORD 70 Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\downloads\Malwarebytes' Anti-Malware\ MBAM Drivers: ============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 21104 BYTES FileVersion: 1.60.2.0 Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr Type REG_DWORD 2 Start REG_DWORD 0 ErrorControl REG_DWORD 1 Tag REG_DWORD 1 ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure Description REG_SZ File System Filter Manager Driver AttachWhenLoaded REG_DWORD 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security Security REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512 C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 C:\WINDOWS\system32\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34 C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512 List of MBAM Related Directories: ================================= C:\downloads\Malwarebytes' Anti-Malware changes.txt File Size: 2128 BYTES license.rtf File Size: 17916 BYTES mbam.chm File Size: 469873 BYTES mbam.dll File Size: 508264 BYTES FileVersion: 1.70.0.0 mbam.exe File Size: 824232 BYTES FileVersion: 1.70.0.9 mbamcore.dll File Size: 1091432 BYTES FileVersion: 1.70.0.0 mbamext.dll File Size: 79208 BYTES FileVersion: 1.70.0.0 mbamgui.exe File Size: 512360 BYTES FileVersion: 1.70.0.0 mbamnet.dll File Size: 2171240 BYTES FileVersion: 1.70.0.0 mbampt.exe File Size: 38248 BYTES FileVersion: 1.70.0.0 mbamscheduler.exe File Size: 398184 BYTES FileVersion: 1.70.0.0 mbamservice.exe File Size: 682344 BYTES FileVersion: 1.70.0.0 ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3 unins000.dat File Size: 15036 BYTES unins000.exe File Size: 710504 BYTES FileVersion: 51.52.0.0 unins000.msg File Size: 11277 BYTES vbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\downloads\Malwarebytes' Anti-Malware\Chameleon chameleon.chm File Size: 186068 BYTES firefox.com File Size: 216424 BYTES firefox.exe File Size: 216424 BYTES firefox.pif File Size: 216424 BYTES firefox.scr File Size: 216424 BYTES iexplore.exe File Size: 216424 BYTES mbam-chameleon.com File Size: 216424 BYTES mbam-chameleon.exe File Size: 216424 BYTES mbam-chameleon.pif File Size: 216424 BYTES mbam-chameleon.scr File Size: 216424 BYTES mbam-killer.exe File Size: 894312 BYTES rundll32.exe File Size: 216424 BYTES svchost.exe File Size: 216424 BYTES winlogon.exe File Size: 216424 BYTES C:\downloads\Malwarebytes' Anti-Malware\Languages arabic.lng File Size: 21728 BYTES belarusian.lng File Size: 26766 BYTES bosnian.lng File Size: 26988 BYTES bulgarian.lng File Size: 27400 BYTES catalan.lng File Size: 28114 BYTES chineseSI.lng File Size: 10970 BYTES chineseTR.lng File Size: 11894 BYTES croatian.lng File Size: 26576 BYTES czech.lng File Size: 24682 BYTES danish.lng File Size: 26434 BYTES dutch.lng File Size: 28142 BYTES english.lng File Size: 24418 BYTES estonian.lng File Size: 25014 BYTES finnish.lng File Size: 25770 BYTES french.lng File Size: 29674 BYTES german.lng File Size: 29698 BYTES greek.lng File Size: 29116 BYTES hebrew.lng File Size: 19202 BYTES hungarian.lng File Size: 28430 BYTES italian.lng File Size: 28022 BYTES japanese.lng File Size: 16140 BYTES korean.lng File Size: 14096 BYTES latvian.lng File Size: 26916 BYTES lithuanian.lng File Size: 27664 BYTES macedonian.lng File Size: 28864 BYTES norwegian.lng File Size: 24978 BYTES polish.lng File Size: 26484 BYTES portugueseBR.lng File Size: 28544 BYTES portuguesePT.lng File Size: 28904 BYTES romanian.lng File Size: 28090 BYTES russian.lng File Size: 27134 BYTES serbian.lng File Size: 26662 BYTES slovak.lng File Size: 25486 BYTES slovenian.lng File Size: 24696 BYTES spanish.lng File Size: 29902 BYTES swedish.lng File Size: 25800 BYTES thai.lng File Size: 25884 BYTES turkish.lng File Size: 25800 BYTES vietnamese.lng File Size: 29400 BYTES C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs mbam-log-2013-04-01 (23-21-38).txt File Size: 1886 BYTES C:\Documents and Settings\Mom\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine =============================================================== END OF FILE freeze.bmp
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

I'm trying lol.... it's still going...
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Just a quick update. That second scan, the newest OTL with the additional lines, is taking forever. It was well over an hour, and I thought it may have frozen up, so I restarted it. It's running now...
- April 3, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Just wanted to say thanks again. Haven't said it in a while. OTS1.txt
- April 2, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

OTL logfile created on: 4/2/2013 4:11:04 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mom\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 82.02% Memory free 4.25 Gb Paging File | 3.90 Gb Available in Paging File | 91.93% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.96 Gb Total Space | 24.40 Gb Free Space | 16.72% Space Free | Partition Type: NTFS Computer Name: FAMILY | User Name: Mom | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/29 12:18:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 06:23:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe ========== Modules (No Company Name) ========== MOD - [2013/03/29 18:47:33 | 002,084,864 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13032901\algo.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2008/03/18 20:37:00 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdudrpp.dll MOD - [2008/03/04 01:54:54 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXDUPMON.DLL MOD - [2008/03/04 01:53:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll MOD - [2007/11/17 08:01:32 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\lxduoem.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/09/12 06:23:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/08/03 16:15:16 | 001,027,792 | ---- | M] (iolo technologies, LLC) [On_Demand | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/05/18 04:28:12 | 000,043,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Barracuda\Network Connector\bin\network-connectorserv.exe -- (Network ConnectorService) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/02/14 08:33:30 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper) SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SRV - [2008/03/20 07:25:27 | 000,594,600 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\lxducoms.exe -- (lxdu_device) SRV - [2008/03/20 07:25:17 | 000,098,984 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS) SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4FF1D7E2-9E7B-48DC-9094-627BA69C21A9}\MpKsl1736767e.sys -- (MpKsl1736767e) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp) DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio) DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/08/03 15:59:46 | 000,068,464 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PDFsFilter.sys -- (PDFsFilter) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/06/21 22:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2010/06/21 18:07:39 | 000,091,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010/05/18 04:28:30 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901) DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2009/09/19 16:36:07 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009/09/08 19:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2008/10/27 15:47:10 | 000,034,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2007/10/03 16:20:32 | 000,063,008 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_550_12129.sys -- (NEOFLTR_550_12129) DRV - [2007/06/20 14:57:46 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2007/05/15 17:25:00 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006/08/05 07:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2006/07/27 15:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006/06/18 21:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/05/12 10:44:56 | 000,647,498 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN) DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.aol.com/?ncid=aolmas00050000000002 [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=customie7 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://my.aol.com/?ncid=aolmas00050000000002 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://portal.arise.com/Login.aspx IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C9E9AB05-CB63-449A-B01F-B7E86DEA44F0}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/05/11 13:02:03 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/03 21:11:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/04/12 08:12:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2012/04/05 08:15:37 | 000,000,000 | ---D | M] [2012/09/06 10:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions [2009/12/31 20:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2009/05/18 14:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2012/04/05 08:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\SeaMonkey\Profiles\jamcjcz4.default\extensions [2012/04/05 08:31:56 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Mom\Application Data\Mozilla\SeaMonkey\Profiles\jamcjcz4.default\extensions\inspector@mozilla.org [2012/09/06 10:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/05 08:44:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/04/05 08:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2) [2012/04/05 08:19:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2) [2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011/08/15 17:13:21 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012/04/05 08:44:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2007/10/27 13:44:58 | 000,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml [2010/11/11 11:11:35 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml ========== Chrome ========== CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dieckmbeafcedhihaiadnaanclccfihd\1.23.8_0\crossrider CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dieckmbeafcedhihaiadnaanclccfihd\1.23.8_0\ CHR - Extension: No name found = C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\ O1 HOSTS File: ([2013/03/29 16:58:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1176508629\ee\aolsoftware.exe (AOL Inc.) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: arise.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: carnival.com ([citrix] http in Local intranet) O15 - HKCU\..Trusted Domains: intuit.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (Reg Error: Key error.) O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://asp23.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (Reg Error: Key error.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner) O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab (Reg Error: Key error.) O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (CTAdjust Class) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228867869953 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class) O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control) O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan) O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab (InetDownload Class) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://ns.arise.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/04/02 11:33:05 | 000,000,000 | ---D | C] -- C:\_OTL [2013/04/01 23:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes [2013/04/01 23:19:42 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mbam-setup-1.70.0.1100.exe [2013/04/01 17:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/01 17:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/04/01 17:52:32 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/04/01 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/04/01 10:02:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/04/01 10:02:18 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\TFC.exe [2013/03/29 17:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Doctor Web [2013/03/29 17:12:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013/03/29 17:12:17 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/29 17:11:42 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Mom\Desktop\JRT.exe [2013/03/29 17:08:05 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Mom\Desktop\rkill.com [2013/03/29 16:55:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2013/03/29 10:41:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe [2013/03/29 10:28:33 | 003,795,288 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Mom\Desktop\SecurityScan_Release.exe [2013/03/29 09:50:30 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Mom\Desktop\esetsmartinstaller_enu.exe [2013/03/29 09:49:15 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\amwmb.exe [2013/03/29 08:55:22 | 005,044,813 | R--- | C] (Swearware) -- C:\ComboFix.exe [2013/03/29 08:46:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mom\Recent [2013/03/29 08:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/03/29 08:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Local Settings\Application Data\Updater26276 [2013/03/29 08:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Deal Spy [2013/03/28 23:18:18 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin [2013/03/28 17:32:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.com [2013/03/28 11:43:55 | 000,000,000 | ---D | C] -- C:\MGtools [2013/03/28 10:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\RK_Quarantine [2013/03/28 10:52:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe [2013/03/28 10:51:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mb.exe [2013/03/28 06:41:52 | 000,368,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013/03/28 06:41:52 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013/03/28 06:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus [2013/03/28 06:41:51 | 000,765,736 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013/03/28 06:41:51 | 000,062,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013/03/28 06:41:51 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013/03/28 06:41:50 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013/03/28 06:41:50 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/03/28 06:41:29 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013/03/28 06:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/28 06:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/03/27 21:01:28 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/03/27 19:28:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/03/27 19:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/03/27 19:28:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/03/27 19:28:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/03/27 19:09:37 | 000,000,000 | ---D | C] -- C:\8f60095d261204a9c8041a453db3610c [2013/03/27 17:47:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome [2013/03/27 17:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2013/03/17 22:39:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/17 22:38:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/03/17 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET ========== Files - Modified Within 30 Days ========== [2013/04/02 13:36:33 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/04/02 13:26:36 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/04/02 13:26:36 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/04/02 13:26:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/02 13:26:27 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys [2013/04/01 23:20:19 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/01 22:10:30 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/01 17:54:39 | 000,753,254 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\111error.bmp [2013/04/01 14:46:52 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mbam-setup-1.70.0.1100.exe [2013/04/01 11:32:46 | 000,504,452 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/04/01 11:32:46 | 000,089,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/01 09:17:58 | 114,620,752 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\drweb-cureit.exe [2013/04/01 09:10:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/01 07:00:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\TFC.exe [2013/04/01 06:59:14 | 000,004,560 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RpcSs.reg [2013/03/29 20:43:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013/03/29 17:11:42 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Mom\Desktop\JRT.exe [2013/03/29 17:08:05 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Mom\Desktop\rkill.com [2013/03/29 16:58:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/03/29 12:18:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe [2013/03/29 11:39:02 | 000,015,048 | ---- | M] () -- C:\FixitRegBackup.reg [2013/03/29 11:38:17 | 000,806,400 | ---- | M] () -- C:\MicrosoftFixit50692.msi [2013/03/29 10:53:51 | 000,890,798 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe [2013/03/29 10:42:52 | 000,843,908 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe.part [2013/03/29 10:29:25 | 003,795,288 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Mom\Desktop\SecurityScan_Release.exe [2013/03/29 10:26:33 | 013,786,977 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\mbar-1.01.0.1021.zip [2013/03/29 09:58:43 | 161,545,632 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\setup_11.0.0.1245.x01_2013_03_29_16_35.exe [2013/03/29 09:50:39 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Mom\Desktop\esetsmartinstaller_enu.exe [2013/03/29 09:49:18 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\amwmb.exe [2013/03/29 09:07:21 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/03/29 08:55:32 | 005,044,813 | R--- | M] (Swearware) -- C:\ComboFix.exe [2013/03/29 08:43:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013/03/29 08:17:04 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk [2013/03/28 23:19:34 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\store-pp.jbs [2013/03/28 23:17:38 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite [2013/03/28 23:14:03 | 000,585,064 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\cbsidlm-tr1_12-HitmanPro_3_32bit-ORG-10895604.exe [2013/03/28 17:32:30 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Mom\Desktop\dds.com [2013/03/28 17:15:36 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\adwcleaner.exe [2013/03/28 17:13:58 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\HiJackThis.lnk [2013/03/28 12:05:47 | 000,000,395 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to MGlogs.zip.lnk [2013/03/28 11:58:39 | 000,388,084 | ---- | M] () -- C:\MGlogs.zip [2013/03/28 11:58:39 | 000,388,084 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\MGlogs.zip [2013/03/28 10:54:27 | 001,898,001 | ---- | M] () -- C:\MGtools.exe [2013/03/28 10:52:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\tdsskiller.exe [2013/03/28 10:51:35 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mom\Desktop\mb.exe [2013/03/28 10:48:13 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe [2013/03/28 09:44:44 | 003,730,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/03/28 09:39:23 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2013/03/28 08:02:49 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-706684962-979399936-124493050-1006.job [2013/03/28 08:02:46 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-706684962-979399936-124493050-1006.job [2013/03/28 06:41:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2013/03/28 06:41:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/03/27 21:01:52 | 000,000,339 | RHS- | M] () -- C:\boot.ini [2013/03/27 19:31:04 | 000,000,339 | ---- | M] () -- C:\Boot.bak [2013/03/13 06:56:52 | 000,081,806 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\156038_10200602886892871_1580318341_n.jpg [2013/03/13 06:54:14 | 000,076,413 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\644343_10200622507183366_1314037004_n.jpg [2013/03/09 17:17:41 | 000,042,182 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\81_508227616203_2157_n.jpg [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe ========== Files Created - No Company Name ========== [2013/04/01 22:29:30 | 008,348,527 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\03 Thrift Shop (feat. Wanz).m4a [2013/04/01 17:54:39 | 000,753,254 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\111error.bmp [2013/04/01 17:52:47 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/01 11:26:18 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys [2013/04/01 10:01:56 | 000,004,560 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RpcSs.reg [2013/03/29 17:20:42 | 114,620,752 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\drweb-cureit.exe [2013/03/29 11:50:37 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/03/29 11:39:01 | 000,015,048 | ---- | C] () -- C:\FixitRegBackup.reg [2013/03/29 11:38:17 | 000,806,400 | ---- | C] () -- C:\MicrosoftFixit50692.msi [2013/03/29 10:53:47 | 000,890,798 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe [2013/03/29 10:42:43 | 000,843,908 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SecurityCheck.exe.part [2013/03/29 10:26:14 | 013,786,977 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\mbar-1.01.0.1021.zip [2013/03/29 09:57:27 | 161,545,632 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\setup_11.0.0.1245.x01_2013_03_29_16_35.exe [2013/03/29 08:17:04 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk [2013/03/28 23:19:34 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\store-pp.jbs [2013/03/28 23:17:38 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite [2013/03/28 23:13:57 | 000,585,064 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\cbsidlm-tr1_12-HitmanPro_3_32bit-ORG-10895604.exe [2013/03/28 17:14:27 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\adwcleaner.exe [2013/03/28 12:05:47 | 000,000,395 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to MGlogs.zip.lnk [2013/03/28 11:58:39 | 000,388,084 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\MGlogs.zip [2013/03/28 11:44:19 | 000,388,084 | ---- | C] () -- C:\MGlogs.zip [2013/03/28 10:54:26 | 001,898,001 | ---- | C] () -- C:\MGtools.exe [2013/03/28 10:47:43 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\RogueKiller.exe [2013/03/28 06:41:52 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk [2013/03/28 06:41:51 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys [2013/03/28 06:41:51 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys [2013/03/28 06:41:51 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013/03/27 19:28:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/03/27 19:28:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/03/27 19:28:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/03/27 19:28:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/03/27 19:28:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/03/17 22:41:25 | 000,000,339 | ---- | C] () -- C:\Boot.bak [2013/03/17 22:41:19 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/03/17 21:12:18 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/03/16 05:24:37 | 000,275,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2013/03/13 06:54:13 | 000,076,413 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\644343_10200622507183366_1314037004_n.jpg [2013/03/09 23:49:17 | 000,081,806 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\156038_10200602886892871_1580318341_n.jpg [2013/03/09 17:17:40 | 000,042,182 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\81_508227616203_2157_n.jpg [2012/09/12 18:16:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/09/12 14:13:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat [2012/09/12 13:39:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll [2012/09/05 16:23:22 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\d3d9caps.dat [2012/01/07 06:30:00 | 003,216,605 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-706684962-979399936-124493050-1006-0.dat [2012/01/07 06:29:59 | 000,440,558 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012/01/06 12:00:01 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2011/12/27 17:05:15 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/23 14:02:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011/09/02 12:24:39 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2011/09/02 12:16:21 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/09/02 12:16:21 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/09/02 12:16:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/05/21 06:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2009/09/18 08:24:11 | 001,513,982 | ---- | C] () -- C:\Program Files\Malwarebytes' Anti-Malware.zip [2008/04/21 14:28:10 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/02/01 07:09:46 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2007/06/29 21:45:05 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.tif [2007/06/29 21:45:05 | 000,000,164 | -H-- | C] () -- C:\Documents and Settings\All Users\hpothb07.dat [2007/04/19 18:30:03 | 000,189,440 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/04/14 07:17:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008/05/05 16:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series [2008/01/19 19:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica [2008/09/04 16:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2013/03/28 06:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2010/03/16 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner [2011/02/08 20:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/09/19 16:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2013/03/29 08:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2008/04/09 14:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HumanClick [2008/04/25 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software [2007/09/20 22:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions [2011/09/14 18:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2013/03/17 15:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/10/21 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/04/09 00:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series [2007/11/29 16:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2008/02/23 10:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/05/09 17:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2012/05/11 15:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe [2007/05/27 13:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm [2011/04/29 12:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2010/11/12 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R [2011/11/28 20:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan [2007/04/18 15:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/07/31 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner [2010/04/13 14:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/26 19:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/21 13:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008/05/05 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\5600-6600 Series [2009/08/25 12:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\AbleFaxTifView [2008/01/19 19:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Acoustica [2013/03/28 17:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon [2008/02/18 20:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Antepo-ACCEPT [2008/08/04 12:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Auslogics [2010/07/14 19:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BBLite.1C8FCB66D507A5DBA729DC95068F311B51E8F16C.1 [2012/08/11 14:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BBViewer [2011/07/06 01:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BigBrotherLite [2011/09/03 21:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Catalina Marketing Corp [2012/04/28 14:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant [2011/08/29 07:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DAEMON Tools Lite [2007/08/29 09:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DialogCoach [2012/04/08 12:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\DiskAid [2012/09/06 09:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FileZilla [2008/04/25 07:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\flashpaste [2009/11/20 20:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GetRightToGo [2010/04/23 17:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GrabPro [2008/01/23 06:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient [2010/04/23 17:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\IEPro [2010/05/05 06:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Inbit [2008/08/13 20:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Interactive Intelligence [2012/09/12 17:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\iolo [2011/03/31 08:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks [2012/12/30 18:58:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB936782_WMP11 [2013/01/02 12:03:31 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB954154_WM11 [2013/01/02 12:04:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB961371 [2012/12/30 19:24:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\KB981852 [2007/04/18 16:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech [2008/05/05 16:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Lexmark Productivity Studio [2008/04/27 19:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\NCH Swift Sound [2008/05/09 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Nokia [2008/05/09 17:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\PC Suite [2008/09/03 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Pogo Games [2008/11/24 09:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Saba [2011/09/03 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sammsoft [2007/04/17 05:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish [2012/05/13 12:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2009/10/09 11:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Stamps.com Internet Postage [2013/02/15 10:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\SynthMaker [2008/02/02 18:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\System Tweaker [2011/10/31 23:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\TuneAid [2008/02/02 15:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Uniblue [2008/10/07 18:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unreal Streaming [2013/03/28 09:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\uTorrent [2011/11/28 20:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Visan [2007/05/03 06:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Visicom Media [2011/01/25 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\webex [2012/12/30 18:58:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mom\Application Data\Windows XP Service Pack ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 564 bytes -> C:\cookies.txt:1296059898.txt < End of report >
- April 2, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Ok, here's the log from "View" Vino's Event Viewer v01c run on Windows XP in English Report run at 02/04/2013 1:28:32 PM Note: All dates below are in the format dd/mm/yyyy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 29/03/2013 12:02:06 AM Type: error Category: 0 Event: 5000 Source: MPSampleSubmission EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL. Log: 'Application' Date/Time: 27/03/2013 11:25:04 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application i4gxdtvj.exe, version 2.1.19155.0, faulting module i4gxdtvj.exe, version 2.1.19155.0, fault address 0x00012288. Log: 'Application' Date/Time: 17/03/2013 10:26:06 PM Type: error Category: 0 Event: 5000 Source: Microsoft Security Client The event description cannot be found. Log: 'Application' Date/Time: 22/02/2013 11:03:25 AM Type: error Category: 0 Event: 1000 Source: Microsoft Office 12 Faulting application winword.exe, version 12.0.6661.5000, stamp 4f7cd9da, faulting module mso.dll, version 12.0.6662.5000, stamp 4fd67dd1, debug? 0, fault address 0x00208953. Log: 'Application' Date/Time: 06/01/2013 10:04:43 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 30/12/2012 6:18:44 PM Type: error Category: 100 Event: 1000 Source: Application Error Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d. Log: 'Application' Date/Time: 30/12/2012 6:18:34 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689. Log: 'Application' Date/Time: 16/11/2012 8:59:04 AM Type: error Category: 0 Event: 5000 Source: MPSampleSubmission EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd, P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL. Log: 'Application' Date/Time: 24/10/2012 9:55:05 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 24/10/2012 9:36:34 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 24/10/2012 9:33:33 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application lxdulscn.exe, version 0.0.0.0, faulting module lxdudrs.dll, version 0.1.25.0, fault address 0x0006735a. Log: 'Application' Date/Time: 24/10/2012 9:27:59 AM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application paint shop pro.exe, version 8.0.0.0, faulting module paint shop pro.exe, version 8.0.0.0, fault address 0x00011f7a. Log: 'Application' Date/Time: 01/10/2012 1:28:42 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application realplay.exe, version 12.0.1.652, faulting module nevideohd.ax, version 4.6.15.0, fault address 0x00008b89. Log: 'Application' Date/Time: 23/09/2012 1:19:05 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application smsystemanalyzer.exe, version 11.0.5.2, faulting module smsystemanalyzer.exe, version 11.0.5.2, fault address 0x000e0c23. Log: 'Application' Date/Time: 17/09/2012 10:07:36 PM Type: error Category: 0 Event: 1000 Source: Application Error Faulting application b3vviewer.exe, version 1.0.0.1, faulting module wdmaud.drv, version 5.1.2600.5512, fault address 0x0000461f. Log: 'Application' Date/Time: 14/09/2012 7:11:49 AM Type: error Category: 0 Event: 1103 Source: .NET Runtime Optimization Service .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Log: 'Application' Date/Time: 14/09/2012 5:59:25 AM Type: error Category: 0 Event: 5000 Source: MPSampleSubmission EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - information Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 02/04/2013 1:26:56 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 1:26:40 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 1:26:37 PM Type: information Category: 0 Event: 1800 Source: SecurityCenter The Windows Security Center Service has started. Log: 'Application' Date/Time: 02/04/2013 1:26:37 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 1:26:36 PM Type: information Category: 0 Event: 105 Source: ATI Smart The service was started. Log: 'Application' Date/Time: 02/04/2013 12:48:59 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 12:48:49 PM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:48:59 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:48:49 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:35:26 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:35:15 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:35:10 AM Type: information Category: 0 Event: 1800 Source: SecurityCenter The Windows Security Center Service has started. Log: 'Application' Date/Time: 02/04/2013 11:35:09 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:35:09 AM Type: information Category: 0 Event: 105 Source: ATI Smart The service was started. Log: 'Application' Date/Time: 02/04/2013 11:21:55 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 11:21:44 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 10:21:55 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 10:21:44 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 9:21:55 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. Log: 'Application' Date/Time: 02/04/2013 9:21:44 AM Type: information Category: 0 Event: 0 Source: gupdate The event description cannot be found. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'Application' Log - warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'Application' Date/Time: 02/04/2013 11:40:24 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 02/04/2013 6:38:24 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 01/04/2013 10:07:24 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 01/04/2013 5:52:54 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 01/04/2013 5:48:11 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user FAMILY\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 01/04/2013 5:47:41 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 01/04/2013 10:13:17 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 10:13:49 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user D563PSC1\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 29/03/2013 8:05:38 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 8:01:52 PM Type: warning Category: 0 Event: 1517 Source: Userenv Windows saved user D563PSC1\Mom registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Log: 'Application' Date/Time: 29/03/2013 3:08:27 PM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 9:59:11 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 9:49:59 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 9:49:53 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 9:37:17 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\MsMpEng.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 29/03/2013 9:37:13 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\msseces.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 29/03/2013 9:37:08 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\MpCmdRun.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 29/03/2013 9:37:02 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Microsoft Security Client\Setup.exe has been restricted by your Administrator by location with policy rule {29a76dbc-0473-46de-9d9b-6a5a50697bc3} placed on path C:\Program Files\Microsoft Security Client Log: 'Application' Date/Time: 29/03/2013 9:34:41 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware Log: 'Application' Date/Time: 29/03/2013 9:33:20 AM Type: warning Category: 0 Event: 866 Source: Software Restriction Policies Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {6680132f-759a-4e64-979a-462d4d0a4d19} placed on path C:\Program Files\Malwarebytes' Anti-Malware ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - error Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 02/04/2013 1:26:40 PM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 02/04/2013 1:26:37 PM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 02/04/2013 1:26:37 PM Type: error Category: 0 Event: 7023 Source: Service Control Manager The 6to4 service terminated with the following error: The system cannot find the file specified. Log: 'System' Date/Time: 02/04/2013 11:45:14 AM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Log: 'System' Date/Time: 02/04/2013 11:35:12 AM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 02/04/2013 11:35:10 AM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 02/04/2013 11:35:10 AM Type: error Category: 0 Event: 7023 Source: Service Control Manager The 6to4 service terminated with the following error: The system cannot find the file specified. Log: 'System' Date/Time: 02/04/2013 11:33:07 AM Type: error Category: 0 Event: 7034 Source: Service Control Manager The iPod Service service terminated unexpectedly. It has done this 1 time(s). Log: 'System' Date/Time: 02/04/2013 11:33:06 AM Type: error Category: 0 Event: 7031 Source: Service Control Manager The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Log: 'System' Date/Time: 02/04/2013 11:33:06 AM Type: error Category: 0 Event: 7031 Source: Service Control Manager The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Log: 'System' Date/Time: 02/04/2013 11:33:06 AM Type: error Category: 0 Event: 7034 Source: Service Control Manager The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s). Log: 'System' Date/Time: 02/04/2013 11:33:06 AM Type: error Category: 0 Event: 7031 Source: Service Control Manager The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Log: 'System' Date/Time: 02/04/2013 11:33:06 AM Type: error Category: 0 Event: 7034 Source: Service Control Manager The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s). Log: 'System' Date/Time: 01/04/2013 10:17:47 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Log: 'System' Date/Time: 01/04/2013 10:07:33 PM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 01/04/2013 10:07:30 PM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. Log: 'System' Date/Time: 01/04/2013 10:07:30 PM Type: error Category: 0 Event: 7023 Source: Service Control Manager The 6to4 service terminated with the following error: The system cannot find the file specified. Log: 'System' Date/Time: 01/04/2013 5:59:45 PM Type: error Category: 0 Event: 2001 Source: Microsoft Antimalware Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.662.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Log: 'System' Date/Time: 01/04/2013 5:49:41 PM Type: error Category: 0 Event: 7026 Source: Service Control Manager The following boot-start or system-start driver(s) failed to load: nvatabus nvraid Log: 'System' Date/Time: 01/04/2013 5:49:38 PM Type: error Category: 0 Event: 7000 Source: Service Control Manager The MCSTRM service failed to start due to the following error: The system cannot find the file specified. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - information Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 02/04/2013 1:26:56 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the stopped state. Log: 'System' Date/Time: 02/04/2013 1:26:56 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Remote Access Connection Manager service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:54 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The IMAPI CD-Burning COM Service service entered the stopped state. Log: 'System' Date/Time: 02/04/2013 1:26:51 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Remote Access Connection Manager service was successfully sent a start control. Log: 'System' Date/Time: 02/04/2013 1:26:51 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Telephony service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:47 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The SSDP Discovery Service service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:47 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The IMAPI CD-Burning COM Service service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:47 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The SSDP Discovery Service service was successfully sent a start control. Log: 'System' Date/Time: 02/04/2013 1:26:47 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The IMAPI CD-Burning COM Service service was successfully sent a start control. Log: 'System' Date/Time: 02/04/2013 1:26:46 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Computer Browser service entered the stopped state. Log: 'System' Date/Time: 02/04/2013 1:26:44 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Application Layer Gateway Service service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:44 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Application Layer Gateway Service service was successfully sent a start control. Log: 'System' Date/Time: 02/04/2013 1:26:40 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Google Update Service (gupdate) service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:40 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Google Update Service (gupdate) service was successfully sent a start control. Log: 'System' Date/Time: 02/04/2013 1:26:40 PM Type: information Category: 0 Event: 7036 Source: Service Control Manager The Network Location Awareness (NLA) service entered the running state. Log: 'System' Date/Time: 02/04/2013 1:26:40 PM Type: information Category: 0 Event: 7035 Source: Service Control Manager The Network Location Awareness (NLA) service was successfully sent a start control. Log: 'System' Date/Time: 02/04/2013 1:26:31 PM Type: information Category: 0 Event: 2 Source: nvata Device identified. Log: 'System' Date/Time: 02/04/2013 1:26:31 PM Type: information Category: 0 Event: 2 Source: nvata Device identified. Log: 'System' Date/Time: 02/04/2013 1:26:30 PM Type: information Category: 0 Event: 6005 Source: EventLog The Event log service was started. Log: 'System' Date/Time: 02/04/2013 1:26:30 PM Type: information Category: 0 Event: 6009 Source: EventLog Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 'System' Log - warning Type ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log: 'System' Date/Time: 01/04/2013 11:35:15 AM Type: warning Category: 0 Event: 4 Source: bcm4sbxp Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected. Log: 'System' Date/Time: 01/04/2013 11:29:43 AM Type: warning Category: 0 Event: 1007 Source: Dhcp Your computer has automatically configured the IP address for the Network Card with network address 00188B6FB993. The IP address being used is 169.254.13.98. Log: 'System' Date/Time: 29/03/2013 1:31:14 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 29/03/2013 1:06:54 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 28/03/2013 2:12:29 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 27/03/2013 7:19:36 PM Type: warning Category: 0 Event: 1073 Source: USER32 The attempt to power off D563PSC1 failed Log: 'System' Date/Time: 27/03/2013 7:19:15 PM Type: warning Category: 0 Event: 1073 Source: USER32 The attempt to reboot D563PSC1 failed Log: 'System' Date/Time: 27/03/2013 6:07:30 PM Type: warning Category: 0 Event: 1116 Source: Microsoft Antimalware Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentBypass.gen!K&threatid=2147599269 Name: Trojan:Win32/AgentBypass.gen!K ID: 2147599269 Severity: Severe Category: Trojan Path: file:_C:\Documents and Settings\All Users\Application Data\izihyh.dat;regkey:_HKCU@S-1-5-21-706684962-979399936-124493050-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\izihyh;runkey:_HKCU@S-1-5-21-706684962-979399936-124493050-1006\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\izihyh Detection Origin: Local machine Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Signature Version: AV: 1.147.594.0, AS: 1.147.594.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9302.0, NIS: 0.0.0.0 Log: 'System' Date/Time: 27/03/2013 6:04:39 PM Type: warning Category: 0 Event: 1116 Source: Microsoft Antimalware Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/AgentBypass.gen!K&threatid=2147599269 Name: Trojan:Win32/AgentBypass.gen!K ID: 2147599269 Severity: Severe Category: Trojan Path: file:_C:\Documents and Settings\All Users\Application Data\izihyh.dat Detection Origin: Local machine Detection Type: Heuristics Detection Source: Real-Time Protection User: D563PSC1\Mom Process Name: C:\WINDOWS\system32\regsvr32.exe Signature Version: AV: 1.147.594.0, AS: 1.147.594.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9302.0, NIS: 0.0.0.0 Log: 'System' Date/Time: 18/03/2013 7:01:19 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 18/03/2013 6:29:33 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 17/03/2013 2:59:41 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 17/03/2013 9:21:11 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 17/03/2013 7:35:48 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 17/03/2013 5:16:14 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 16/03/2013 7:05:04 PM Type: warning Category: 0 Event: 36 Source: W32Time The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Log: 'System' Date/Time: 15/03/2013 9:46:48 PM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 15/03/2013 11:35:28 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 15/03/2013 7:40:53 AM Type: warning Category: 0 Event: 4226 Source: Tcpip TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Log: 'System' Date/Time: 14/03/2013 9:18:02 PM Type: warning Category: 0 Event: 36 Source: W32Time The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
- April 2, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

I've ran the MBAM with updated definitions as well when I did it in Safe Mode before I came here. It was clean too. The one I just ran, was from the link in instructions that you gave me, after I moved the pc with no internet access. I've always logged in with admin rights. Never changed anything. I'll do that last bit in just a few.
- April 2, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

I've attached the error I keep seeing. I get the error when I try to run MSE from Start, Programs, MSE. It's still there for some reason. I used to get it when trying to open MBAM the same way, but don't anymore now that I changed the installation directory to downloads. I'm sorry to be pessimistic, but I'm not excited about the clear MBAM log, as it was clear before all this was started, when I ran it in safe mode prior to coming here for help. MBAM had been missing whatever was going on, from the beginning. Here are the logs. I'm all up for trying anyhting and everything else. Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html Program started at: 04/02/2013 11:28:19 AM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 04/02/2013 11:28:56 AM Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s) All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Mom ->Temp folder emptied: 245172411 bytes ->Temporary Internet Files folder emptied: 38766 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 24614 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Owner ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser.D563PSC1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 44221 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 234.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: Mom ->Flash cache emptied: 0 bytes User: NetworkService ->Flash cache emptied: 0 bytes User: Owner User: UpdatusUser ->Flash cache emptied: 0 bytes User: UpdatusUser.D563PSC1 ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User User: LocalService User: Mom ->Java cache emptied: 0 bytes User: NetworkService User: Owner User: UpdatusUser User: UpdatusUser.D563PSC1 Total Java Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04022013_113305 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... 111error.bmp
- April 2, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Ok, installed in downloads vs. Program Files and all ran fine. Nothing found. PC very laggy and still getting software restriction policy. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.14.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Mom :: FAMILY [administrator] 4/1/2013 11:21:38 PM mbam-log-2013-04-01 (23-21-38).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 475324 Time elapsed: 2 hour(s), 16 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- April 2, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Hi. I ran the first one, which got rid of MBAM, but upon installation of the new one, I got software restriction error again and it would not let me run it. One thing I did notice, is if I put in in another directory, like downloads, instead of program files, it will install. Do you want me to try that?
- April 1, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Finished the new Dr. Cure It. Nothing found this time. Log attached this time. Sorry I missed the part about attaching it before yikes. Still getting the software policy message when trying to open MBAM. cureit040113.log
- April 1, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Ok update. Apparently this pc doesnt have wireless ability. So I downloaded that file and the program you told me to, on a flash drive, merged and ran on the problem pc. I uninstalled java and adobe reader. Is there a scan I can do in place of the online scan for now? I don't have the option of getting this pc online right now. I can, however, download a program to the flash drive and run one like that. Please advise.
- April 1, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

I'm not abandoning this. I had to get another pc so I didnt miss any more work. I have the old one hooked up in the kitchen, but I'm still trying to get it online so we can continue. I still want to try and fix it. Just letting you know.
- April 1, 2013
- 219 replies
Emergency Help - can't work until safe. Virus/Malware issues

kstmommy replied to kstmommy's topic in Resolved Malware Removal Logs

Finally! That long of a log cannot be normal, so I am SO sorry if I did something wrong! I'm going to have a nice talk to my children about their music UGH! I'm still getting the same software restriction policy thing when I try to open Malwarebytes. Whatever it is, isn't shutting down Avast though, so I guess that's good? Let me know what we need to do next. Thanks again, I REALLY appreciate it.
- March 30, 2013
- 219 replies

Events

Profiles

Forums

Everything posted by kstmommy

Important Information