scsisys

I'll consider it to be SOLVED at this time... ] Thanks, Ray

No Mbam log as of today so apparently no attempt to connect was made OR it was KIA . Regardless, should the problem reappear, I'll just use JRT and Adwcleaner again. Thanks again for your support / help / etc. As a side note, in your instructions for running the AdwCleaner program, you stated "Double click on AdwCleaner.exe to run the tool" . If in fact it was to have initiated a Scan automatically, it didn't for me. In as much as you also stated "Follow my instructions strickly" , I refrained from clicking on the "Scan" button and that's why I posted that the "Clean" button was not active. The next day, I decided to rerun the AdwCleaner tool and I clicked the "Scan" button and it then did a scan and was then able to click the "Clean" button and got a log. Another suggestion: When one pastes all the log results in a reply and then clicks on "Submit", there needs to be some sort of message that the reply was in fact submitted. All I saw on my first attempt was a white box and figured that nothing happened and submitted again. Then I got back to the main forum and saw -2- postings. ray

# AdwCleaner v3.016 - Report created 28/12/2013 at 12:09:49 # Updated 23/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : RayXP - GIGGY4 # Running from : C:\Documents and Settings\RayXP\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\WINDOWS\system32\Uninstall.exe File Deleted : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\wtoatje5.default\prefs.js ] [ File : C:\Documents and Settings\RayXP\Application Data\Mozilla\Firefox\Profiles\jnjv52to.default\prefs.js ] [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o3qnn5r9.default\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\RayXP\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2740 octets] - [28/12/2013 08:13:41] AdwCleaner[R1].txt - [1699 octets] - [28/12/2013 08:46:19] AdwCleaner[R2].txt - [1759 octets] - [28/12/2013 12:08:30] AdwCleaner[s0].txt - [2839 octets] - [28/12/2013 08:15:35] AdwCleaner[s1].txt - [1688 octets] - [28/12/2013 12:09:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1748 octets] ##########

# AdwCleaner v3.016 - Report created 28/12/2013 at 08:46:19 # Updated 23/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : RayXP - GIGGY4 # Running from : C:\Documents and Settings\RayXP\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Program Files\Mozilla Firefox\Components\AskHPRFF.js File Found : C:\WINDOWS\system32\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\wtoatje5.default\prefs.js ] [ File : C:\Documents and Settings\RayXP\Application Data\Mozilla\Firefox\Profiles\jnjv52to.default\prefs.js ] [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o3qnn5r9.default\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\RayXP\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2740 octets] - [28/12/2013 08:13:41] AdwCleaner[R1].txt - [1499 octets] - [28/12/2013 08:46:19] AdwCleaner[s0].txt - [2839 octets] - [28/12/2013 08:15:35] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1619 octets] ##########

Junkware Removal Tool attached: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Microsoft Windows XP x86 Ran by RayXP on Fri 12/27/2013 at 19:57:06.07 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.fh_hookeventsink Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.fh_hookeventsink.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_dialogeventshandler Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_dialogeventshandler.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_printdialogcallback Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_printdialogcallback.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions.1 ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess" ~~~ FireFox Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml" Successfully deleted: [File] C:\Documents and Settings\RayXP\Application Data\mozilla\firefox\profiles\jnjv52to.default\user.js Successfully deleted: [File] C:\Documents and Settings\RayXP\Application Data\mozilla\firefox\profiles\jnjv52to.default\invalidprefs.js Successfully deleted: [File] C:\Documents and Settings\RayXP\Application Data\mozilla\firefox\profiles\jnjv52to.default\searchplugins\babylon.xml Successfully deleted: [File] C:\Documents and Settings\RayXP\Application Data\mozilla\firefox\profiles\jnjv52to.default\searchplugins\delta.xml Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\ocr@babylon.com Successfully deleted the following from C:\Documents and Settings\RayXP\Application Data\mozilla\firefox\profiles\jnjv52to.default\prefs.js user_pref("extensions.delta.admin", false); user_pref("extensions.delta.aflt", "babsst"); user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); user_pref("extensions.delta.autoRvrt", "false"); user_pref("extensions.delta.dfltLng", "en"); user_pref("extensions.delta.excTlbr", false); user_pref("extensions.delta.ffxUnstlRst", true); user_pref("extensions.delta.id", "2c20b94f000000000000001109d850f7"); user_pref("extensions.delta.instlDay", "15867"); user_pref("extensions.delta.instlRef", ""); user_pref("extensions.delta.newTab", false); user_pref("extensions.delta.prdct", "delta"); user_pref("extensions.delta.prtnrId", "delta"); user_pref("extensions.delta.rvrt", "false"); user_pref("extensions.delta.smplGrp", "none"); user_pref("extensions.delta.tlbrId", "base"); user_pref("extensions.delta.tlbrSrchUrl", ""); user_pref("extensions.delta.vrsn", "1.8.21.5"); user_pref("extensions.delta.vrsnTs", "1.8.21.522:46:55"); user_pref("extensions.delta.vrsni", "1.8.21.5"); user_pref("extensions.delta_i.babExt", ""); user_pref("extensions.delta_i.babTrack", ""); user_pref("extensions.delta_i.srcExt", ""); user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/ Emptied folder: C:\Documents and Settings\RayXP\Application Data\mozilla\firefox\profiles\jnjv52to.default\minidumps [3 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/27/2013 at 20:01:05.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log... No log generated... "Clean" button was not active ; only "Scan" , "Uninstall" & "Donate" buttons. ********************************************************************************************************* Mbam log for 12-27-2013 attached : Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.28.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 RayXP :: GIGGY4 [administrator] Protection: Disabled 12/27/2013 8:15:23 PM mbam-log-2013-12-27 (20-15-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 305395 Time elapsed: 10 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thanks again for your assistance.... Ray

Happened to notice the pop-up today and after doing a Whois search, seems it is part of a botnet out of the Ukraine ( IP hosted by Ivanov Vitaliy Sergeevich ). Did a Registry search using each separate name and the IP but nothing turned up. Did a full scan with MalwareBytes Pro and nothing found. So, what , if anything , can be done to eliminate what is on my system that is "phoning" home. Attached are the requisite .txt files> dds.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by RayXP at 12:51:26 on 2013-12-26 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.391 [GMT -6:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Online Armor Firewall *Enabled* . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\Online Armor\OAcat.exe C:\Program Files\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\SUPERAntiSpyware\SASCORE.EXE E:\Todo Backup\bin\Agent.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe E:\Todo Backup\bin\GuardAgent.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\nvsvc32.exe E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Microsoft Security Client\msseces.exe E:\Todo Backup\bin\EuWatch.exe C:\Program Files\Online Armor\OAui.exe D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe E:\WeatherLink\WeatherLink 5.9.2.exe C:\Program Files\Online Armor\OAhlp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uProxyOverride = local TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll TB: <No Name>: ITBarLayout - LocalServer32 - <no file> TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [TClockEx] d:\program files\tclockex\TCLOCKEX.EXE uRun: [sUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart uRun: [AlcoholAutomount] "e:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install mRun: [soundMan] "c:\windows\SOUNDMAN.EXE" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [sM1BG] c:\windows\SM1BG.EXE mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [EaseUs Watch] "e:\todo backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "e:\todo backup\bin\TrayNotify.exe" mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe" StartupFolder: c:\docume~1\rayxp\startm~1\programs\startup\weathe~1.lnk - c:\windows\installer\{bdba94da-11b9-41d7-8c56-2c217c979376}\_1E7CD030539CF9F8C0D9C5.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-DisallowRun: 1 = "avnotify.exe" mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 208.67.222.222 206.123.113.254 68.105.28.13 TCP: Interfaces\{F9B2EA87-A915-4416-8A65-2E25B0AA9344} : NameServer = 68.105.28.13,68.105.29.13 TCP: Interfaces\{F9B2EA87-A915-4416-8A65-2E25B0AA9344} : DHCPNameServer = 208.67.222.222 206.123.113.254 68.105.28.13 SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\rayxp\application data\mozilla\firefox\profiles\jnjv52to.default\ FF - plugin: c:\documents and settings\rayxp\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\rayxp\application data\mozilla\firefox\profiles\jnjv52to.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: !HIDDEN! 2010-06-27 13:15; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 2c20b94f000000000000001109d850f7 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15867 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:46:55 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-4 50248] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-4 40648] R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-31 26624] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 214696] R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-10-31 16064] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-4 14920] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-3-6 185672] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-10-10 210360] R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-10-10 44984] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-10-10 34856] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2013-10-10 31912] R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12880] R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 67664] R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2010-7-6 116608] R2 EaseUS Agent;EaseUS Agent Service;e:\todo backup\bin\Agent.exe [2013-3-6 68168] R2 Guard Agent;Guard Agent Service;e:\todo backup\bin\GuardAgent.exe [2013-3-6 23624] R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-1 418376] R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-6-19 701512] R2 OAcat;Online Armor Helper Service;c:\program files\online armor\OAcat.exe [2013-10-10 584864] R2 StarWindServiceAE;StarWind AE Service;e:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688] R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2013-10-10 4457688] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-6-19 22856] R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-9-29 17920] R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-9-29 60544] S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;e:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 cpuz134;cpuz134;\??\c:\docume~1\rayxp\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\rayxp\locals~1\temp\cpuz134\cpuz134_x32.sys [?] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-27 13896] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-27 9160] S3 GPU-Z;GPU-Z;\??\c:\docume~1\rayxp\locals~1\temp\gpu-z.sys --> c:\docume~1\rayxp\locals~1\temp\GPU-Z.sys [?] S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?] S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2009-7-13 19024] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S4 K9;K9 Time Synchronization;c:\windows\system32\k9nt.exe --> c:\windows\system32\k9nt.exe [?] . =============== File Associations =============== . FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-12-25 21:19:14 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f8262d8e-54c1-4840-8d5c-008a2bd15319}\mpengine.dll 2013-12-24 21:16:55 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-12-12 16:07:08 276592 ----a-w- c:\program files\mozilla firefox\updater.exe 2013-12-12 16:07:08 22370928 ----a-w- c:\program files\mozilla firefox\xul.dll 2013-12-12 16:07:08 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe 2013-12-12 16:07:08 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-12-12 16:07:06 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe 2013-12-12 16:07:06 153712 ----a-w- c:\program files\mozilla firefox\softokn3.dll 2013-12-12 16:07:05 373104 ----a-w- c:\program files\mozilla firefox\plugins\npOGAPlugin.dll 2013-12-12 16:07:04 53248 ----a-w- c:\program files\mozilla firefox\plugins\NPCIG.dll 2013-12-12 16:07:04 1446264 ----a-w- c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll 2013-12-12 16:07:04 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll 2013-12-12 16:07:03 28272 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe 2013-12-12 16:07:03 18544 ----a-w- c:\program files\mozilla firefox\plugin-container.exe . ==================== Find3M ==================== . 2013-12-11 22:37:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-12-11 22:37:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll 2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll 2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys 2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec 2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-10-16 02:56:50 31912 ----a-w- c:\windows\system32\drivers\OAnet.sys 2013-10-16 02:55:54 34856 ----a-w- c:\windows\system32\drivers\OAmon.sys 2013-10-16 02:55:34 44984 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2013-10-16 02:55:15 210360 ----a-w- c:\windows\system32\drivers\OADriver.sys 2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll 2003-08-27 19:19:18 36963 ------r- c:\program files\common files\SM1updtr.dll . ============= FINISH: 12:54:41.98 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/28/2005 1:40:31 PM System Uptime: 12/26/2013 12:29:35 PM (0 hours ago) . Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7125 Processor: AMD Athlon 64 Processor 4000+ | Socket 939 | 2412/201mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 40 GiB total, 14.576 GiB free. D: is FIXED (NTFS) - 33 GiB total, 27.54 GiB free. E: is FIXED (NTFS) - 59 GiB total, 49.387 GiB free. F: is FIXED (NTFS) - 54 GiB total, 8.997 GiB free. G: is CDROM () H: is CDROM () I: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_058C1462&REV_15\4&14AECDB0&0&0060 Manufacturer: Marvell Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_058C1462&REV_15\4&14AECDB0&0&0060 Service: yukonwxp . Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Description: Canon MX860 ser Network Device ID: ROOT\CANON_IJ_NETWORK\0000 Manufacturer: Canon Name: Canon MX860 ser Network PNP Device ID: ROOT\CANON_IJ_NETWORK\0000 Service: StillCam . ==== System Restore Points =================== . RP1884: 12/1/2013 2:00:25 AM - Software Distribution Service 3.0 RP1885: 12/1/2013 5:21:48 PM - Software Distribution Service 3.0 RP1886: 12/2/2013 5:24:12 PM - Software Distribution Service 3.0 RP1887: 12/3/2013 5:23:04 PM - Software Distribution Service 3.0 RP1888: 12/4/2013 5:21:15 PM - Software Distribution Service 3.0 RP1889: 12/5/2013 5:22:24 PM - Software Distribution Service 3.0 RP1890: 12/6/2013 5:20:16 PM - Software Distribution Service 3.0 RP1891: 12/7/2013 8:31:51 PM - Software Distribution Service 3.0 RP1892: 12/8/2013 1:47:36 AM - Software Distribution Service 3.0 RP1893: 12/8/2013 8:28:07 PM - Software Distribution Service 3.0 RP1894: 12/9/2013 8:31:59 PM - Software Distribution Service 3.0 RP1895: 12/10/2013 8:30:40 PM - Software Distribution Service 3.0 RP1896: 12/11/2013 2:55:06 PM - Software Distribution Service 3.0 RP1897: 12/12/2013 3:16:54 PM - Software Distribution Service 3.0 RP1898: 12/13/2013 6:32:49 AM - Software Distribution Service 3.0 RP1899: 12/13/2013 3:16:46 PM - Software Distribution Service 3.0 RP1900: 12/14/2013 3:16:20 PM - Software Distribution Service 3.0 RP1901: 12/15/2013 1:43:35 AM - Software Distribution Service 3.0 RP1902: 12/15/2013 3:17:44 PM - Software Distribution Service 3.0 RP1903: 12/16/2013 3:17:27 PM - Software Distribution Service 3.0 RP1904: 12/17/2013 3:17:19 PM - Software Distribution Service 3.0 RP1905: 12/18/2013 3:15:28 PM - Software Distribution Service 3.0 RP1906: 12/19/2013 3:18:14 PM - Software Distribution Service 3.0 RP1907: 12/20/2013 3:18:47 PM - Software Distribution Service 3.0 RP1908: 12/21/2013 3:16:57 PM - Software Distribution Service 3.0 RP1909: 12/22/2013 1:43:31 AM - Software Distribution Service 3.0 RP1910: 12/22/2013 3:16:18 PM - Software Distribution Service 3.0 RP1911: 12/23/2013 3:17:50 PM - Software Distribution Service 3.0 RP1912: 12/24/2013 3:16:46 PM - Software Distribution Service 3.0 RP1913: 12/25/2013 3:18:55 PM - Software Distribution Service 3.0 . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 wdcs.trendmicro.com . ==== Installed Programs ====================== . 3114 SATARAID5 7-Zip 9.22beta Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Broderbund Media Manager Brultech Virtual COM Port (Driver Removal) Bullzip PDF Printer 9.10.0.1629 Canon Camera Support Core Library Canon G.726 WMP-Decoder Canon IJ Network Scan Utility Canon IJ Network Tool CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon MP Navigator EX 2.1 Canon MX860 series MP Drivers Canon MX860 series User Registration Canon RAW Image Task for ZoomBrowser EX Canon Utilities CameraWindow DC 8 Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX Canon Utilities Easy-PhotoPrint EX Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities My Printer Canon Utilities MyCamera DC Canon Utilities PhotoStitch Canon Utilities RemoteCapture DC Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Utilities Solution Menu Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Cinema Craft Encoder Basic Core Center CPUID CPU-Z 1.60 Critical Update for Windows Media Player 11 (KB959772) CSVed 2.1.4 Cypress USB Mass Storage Driver Installation DataBase Professional DL-1220 Download Software version 2.00 EaseUS Partition Master 9.2.1 Professional EaseUS Todo Backup Home 5.6 Easy-WebPrint ECM-1220 Software Eye of the Storm 3000 FileHippo.com Update Checker FireShot Firmware Upgrade Program Installation Firmware Upgrade Program Installation (C:\Program Files\FirmwareUpgrade\) Firmware Upgrade Program Installation (C:\Program Files\FirmwareUpgrade\) #3 Google Earth Google Updater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP PrecisionScan IrfanView (remove only) Java 6 Update 39 Karen's Calculator Lite 1220 ver 1.01 Lite 1220db Software for ECM-1220 MailWasher Pro Malwarebytes Anti-Malware version 1.75.0.1300 MediaFire Express Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2003 Web Components Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Small Business Connectivity Components Microsoft Security Client Microsoft Security Essentials Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Tool Web Package:WntIpcfg.exe Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Web Publishing Wizard 1.52 Microsoft XML Parser Move Media Player Mozilla Firefox 26.0 (x86 en-US) Mozilla Firefox 6.0 (x86 en-US) Mozilla Maintenance Service MSI Live Update 3 MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 6 Service Pack 2 (KB973686) NVIDIA Drivers OGA Notifier 2.0.0048.0 Online Armor 6.0 OpenDNS Updater 2.2.1 OpenOffice.org 3.2 Pixeur v3.2 PrintMaster Product Key Explorer 3.5.4 Real Time Logger Revo Uninstaller 1.95 Roxio Burn Engine Roxio Easy Media Creator 7 RTL to Internet Samsung PC Studio Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2838727) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2862772) Security Update for Windows Internet Explorer 8 (KB2870699) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB2888505) Security Update for Windows Internet Explorer 8 (KB2898785) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862152) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2868626) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2876315) Security Update for Windows XP (KB2876331) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB2892075) Security Update for Windows XP (KB2893294) Security Update for Windows XP (KB2893984) Security Update for Windows XP (KB2898715) Security Update for Windows XP (KB2900986) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Send To Toys v2.3 Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista Silicon Laboratories USBXpress Device (Driver Removal) SpywareBlaster 5.0 SumatraPDF 2.4 SUPERAntiSpyware Free Edition TClockEx TreeSize Personal V6.0.2 Ulead DVD MovieFactory 5 Plus Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Windows Internet Explorer 8 (KB971180) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB2904266) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB Storage Adapter FX (SM1) VC80CRTRedist - 8.0.50727.4053 WeatherLink 5.5.1 WeatherLink 5.6 WeatherLink 5.7.1 WeatherLink 5.8.3 WeatherLink 5.9.2 WeatherLink 6.0.3 WebFldrs XP WinAVI Video Converter Windows 7 Upgrade Advisor Windows Automated Installation Kit Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WinZip XML Paper Specification Shared Components Pack 1.0 . ==== Event Viewer Messages From Past Week ======== . 12/26/2013 12:28:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 cdudf_xp Cinemsup epfwtdir EUDSKACS EUFDDISK Fips IPSec MpFilter MRxSmb NetBIOS NetBT OADevice oahlpXX OAmon OAnet RasAcd Rdbss SASDIFSV SASKUTIL StarOpen Tcpip 12/26/2013 12:28:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 12/26/2013 12:28:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/26/2013 12:28:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/26/2013 12:28:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 12/26/2013 12:26:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/26/2013 12:26:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} . ==== End Of File =========================== mbamlog.txt 12-26-2013 Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.26.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 RayXP :: GIGGY4 [administrator] Protection: Enabled 12/26/2013 1:18:44 PM mbam-log-2013-12-26 (13-18-44).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 400704 Time elapsed: 1 hour(s), 49 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Protection log...122513 mbam 2013/12/25 09:08:51 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:08:52 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:08:54 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:08:55 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:09:00 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:09:01 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:09:13 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:09:16 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 09:09:22 -0600 GIGGY4 IP-BLOCK 91.217.90.161 (Type: outgoing) 2013/12/25 19:04:05 -0600 GIGGY4 MESSAGE Executing scheduled update: Daily 2013/12/25 19:04:28 -0600 GIGGY4 MESSAGE Scheduled update executed successfully: database updated from version v2013.12.24.07 to version v2013.12.26.01 2013/12/25 19:04:28 -0600 GIGGY4 MESSAGE Starting database refresh 2013/12/25 19:04:28 -0600 GIGGY4 MESSAGE Stopping IP protection 2013/12/25 19:04:31 -0600 GIGGY4 MESSAGE IP Protection stopped successfully 2013/12/25 19:06:26 -0600 GIGGY4 MESSAGE Database refreshed successfully 2013/12/25 19:06:26 -0600 GIGGY4 MESSAGE Starting IP protection 2013/12/25 19:06:43 -0600 GIGGY4 MESSAGE IP Protection started successfully Appreciate your help in getting rid of the source on my system.... ray

Attached are the requested logs.... scsisys attach.txt dds.txt

Forgot to mention that I have run full scans with the following: malwarebytes superantispyware MS security essentials scsisys

Within the last month, each time I bootup Win7, a small pop-up window appears with the following message: Please, Enter Password (dark blue background) Password | blank field for password | OK ( button ) Have not installed any new software except for the Win7 SP1 update. Brought up Task Manager and went through the list of services, processes , etc looking for anything strange but nothing stood out. Any way to find out what program is generating the request ?? thanks scsisys pswrd box.bmp

Tried again with the following results: 1st pop-up: VcAccelerator SGrid II Con... Run-TIme error "0" 2nd pop-up: Malwarebytes anti malware Run-Time error ' 440 ': automation error Green progress bar got further across at the "Registering Files" point but still stops / hangs. Back to Task Mgr. and forced closing of setup.exe. scsisys

Downloaded latest version of Malwarebytes and tried to install on Win7. Gets to the "registering files" point and then does nothing. Go to task mgr. and find -3- instances of setup.exe running. Have to force shutdown of these to get out of the setup process. Any cure for this event ? thanks scsisys

Maybe jumping the gun but thought I would post anyway. Using the free version ( 1.38 ), installed and ran a quick scan and it returned a detection as follows: Malwarebytes' Anti-Malware 1.38 Database version: 2310 Windows 6.1.7100 6/19/2009 7:56:47 PM mbam-log-2009-06-19 (19-56-37).txt Scan type: Quick Scan Objects scanned: 68163 Time elapsed: 2 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ********************************************** Action previous to this was to uncheck the " align icons to grid " option. Chose to ignore the reported " infection " at this point. Did a full scan and found no other problems.