Jump to content

DayDreams

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by DayDreams

  1. Hi, Lately, or actually for a while my computer has, at random times started using a lot of memory to run "wuauclt.exe" after a google search I discovered this was a normal windows update feature that scans for the updates. Only thing is I have my scan set to do it once a week on Sunday's at around 3am. Thus I was wondering why it was doing it during the week at random times. Also worth mentioning is that at random times (not sure if it is related) a blank program will pop up in the button start menu bar, but it wont have any text and remains for only two seconds before disappearing. Sorry if that's to vague. Malware bytes scans come up clean everytime. I searched to see if I had any extra programs that were un-needed also named "wuauclt.exe" My search got these *attached* results. Don't know if any of those are not necessary. The reason I ask for help is that it is annoying to have the computer totally freeze up for a while because it is running this update process. Thanks, Day MB Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4897 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/20/2010 9:18:51 PM mbam-log-2010-10-20 (21-18-51).txt Scan type: Quick scan Objects scanned: 204255 Time elapsed: 8 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) untitled.bmp
  2. Nope, Everything seems to be fine only did it that one time. BTW: at random times these two processes go crazy and lag the computer. It only lasts for about 5min at most.
  3. Before moving on to the step you just gave me I wanted to inform you that just now my computer randomly turned off without me doing anything. I was the only user logged in and the only programs I had opened were Google Chome open to Gamefaqs.com and Microsoft Word
  4. Ok, I deleted those files. Is that everything?
  5. I decided to scan tonight and watch a movie while it ran. Here are all 4 of the requested logs. Attach.txt DDS.txt ESET.txt log.txt
  6. Ok, this is making me angry. 2 days ago I ran the combofix, and I have the log. Then I tried to run ESET scanner 2 times, but both times I left it running and I came back and my sister had closed the log. I'm going to run it again tonight and dds tomorrow. I wanted to post because I might have gotten another virus. My computer has never said this before: We can deal with that ^^ if needed after you review the logs I shall hopefully have soon.
  7. All 3 logs you requested are below and combofix seemed to run smoothly. I was also wondering what kind of virus the mywebsearch was and what it was doing? log.txt DDS.txt Attach.txt
  8. Here is the scan results, and I'm really mad about it too. Just this past week I noticed my little 7 year old brother had somehow managed to get this mywebsearch thing on his internet explorer. I knew it was bad news, and I've told him countless times not to go to flash game sites because they will often give you viruses. Kind of makes me mad, but here you go. C:\Documents and Settings\Benjamin\My Documents\Downloads\CursorManiaSetup2.3.67.1.ZCman000 (1).exe a variant of Win32/Toolbar.MyWebSearch.K application C:\Documents and Settings\Benjamin\My Documents\Downloads\CursorManiaSetup2.3.67.1.ZCman000.exe a variant of Win32/Toolbar.MyWebSearch.K application C:\Documents and Settings\Laura\My Documents\Downloads\CursorManiaSetup2.3.67.1.ZCman000.exe a variant of Win32/Toolbar.MyWebSearch.K application C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL Win32/Toolbar.MyWebSearch.G application C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Win32/Toolbar.MyWebSearch.D application C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Win32/Adware.FunWeb application C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL Win32/Toolbar.MyWebSearch.I application C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1717\A0269307.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1723\A0269936.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1724\A0270934.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1726\A0271931.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1731\A0272214.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1732\A0272269.sys:1 a variant of Win32/Sirefef.A trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1735\A0272313.sys:1 a variant of Win32/Sirefef.A trojan C:\WINDOWS\SYSTEM32\f3PSSavr.scr Win32/Toolbar.MyWebSearch application C:\WINDOWS\SYSTEM32\vybeg.bak1 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.bak2 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.ini Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.ini2 Win32/Adware.Virtumonde.NEO application C:\WINDOWS\SYSTEM32\vybeg.tmp Win32/Adware.Virtumonde.NEO application Operating memory multiple threats
  9. Hey, after downloading the Java that you linked to the website still says get a version of Java over 1.5, even when on internet explorer
  10. sorry for not getting back to you. Hopefully I'll get it tomorrow because today I have a poster project to do for my English class
  11. Following your instructions forced me to download IE8 which I had previously un-installed due to redirection virus. After trying to run the scan on IE8 I got this message... After seeing if IE8 still got redirected I went to google and typed in "gamestop". It brought up the page could not be found. Which leads me to believe that there is something screwed up with my IE8 (did I mention I hate it).
  12. I got the dds logs, but Kaspersky did this... (apparently I need Safari??) Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/20/2005 10:50:11 AM System Uptime: 5/23/2010 8:42:57 AM (5 hours ago) Motherboard: Dell Inc. | | 0R7935 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 71 GiB total, 47.408 GiB free. D: is CDROM (CDFS) E: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1716: 5/22/2010 6:06:38 PM - System Checkpoint RP1717: 5/23/2010 3:00:21 AM - Software Distribution Service 3.0 RP1718: 5/23/2010 8:58:25 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03 RP1719: 5/23/2010 8:59:31 AM - Removed Java SE Development Kit 6 Update 12 RP1720: 5/23/2010 1:05:02 PM - Removed Java 6 Update 7 RP1721: 5/23/2010 1:05:47 PM - Removed Macromedia Flash Player ==== Installed Programs ====================== 23_24_2500Tour 2400 2400_2500Help 2400_2500trb Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 9.3.2 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 AiO_Scan AiOSoftware Amazon Kindle For PC v1.1 AoA Audio Extractor 1.0 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Backyard Skateboarding Bonjour Broadcom Management Programs BufferChm Cheat Engine 5.5 Comcast High-Speed Internet Install Wizard Conexant D110 MDC V.9x Modem Copy CreataCard Gold 3 CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Dell Driver Reset Tool Dell System Restore Deployment Manager Destinations Director DocProc DocumentViewer FarmVilleBot 1.3.3.1 FarmVilleBot 2.0 Fax GdiplusUpgrade Google Chrome Google Update Helper Google Updater HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Diagnostic Assistant HP Image Zone 4.2 HP PSC & OfficeJet 4.2 HP Software Update HPSystemDiagnostics HyperCam 2 InstantShare Intel® Graphics Media Accelerator Driver InterActual Player Internet Explorer Default Page iTunes Java Auto Updater Java DB 10.4.1.3 Java 6 Update 20 Learn2 Player (Uninstall Only) Line Rider Logitech Audio Echo Cancellation Component Malwarebytes' Anti-Malware ManyCam 2.4 (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Access 2002 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Standard 2006 Microsoft Digital Image Standard 2006 Editor Microsoft Digital Image Standard 2006 Library Microsoft IntelliPoint 5.3 Microsoft IntelliType Pro 5.3 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office Professional Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) MVision My Way Search Assistant My Web Search (Cursor Mania) Octoshape Streaming Services OGA Notifier 2.0.0048.0 overland PCFriendly PhoTags Express PhotoGallery PrintScreen ProductContext QFolder QuickProjects QuickTime Readme Scan Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) SkinsHP1 Spelling Dictionaries Support For Adobe Reader 9 Spyware Doctor 7.0 System Requirements Lab TrayApp Tweak UI Uninstall Dual Mode Camera Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB 2.0 Wireless LAN Card Utility Viewpoint Media Player WebFldrs XP WebReg Windows Defender Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WinRAR archiver WM Converter 2.0 XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.3 final uninstall Yahtzee YouTube Downloader 2.5.4 ==== Event Viewer Messages From Past Week ======== 5/23/2010 8:43:52 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 5/22/2010 8:16:34 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 5/22/2010 8:16:34 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 5/22/2010 6:04:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file '{29F8DDC1- .. C3C1298FF}' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 5/22/2010 11:51:00 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/22/2010 11:50:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 5/20/2010 2:43:11 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/20/2010 2:43:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 5/20/2010 2:43:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 5/19/2010 6:35:49 AM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified. 5/19/2010 6:35:49 AM, error: Service Control Manager [7000] - The DP1112 service failed to start due to the following error: The system cannot find the file specified. ==== End Of File =========================== DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Benjamin at 13:18:47.93 on Sun 05/23/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.228 [GMT -4:00] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Documents and Settings\Benjamin\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZCman000&ptb=U7wka2VELyPIW3C0pWIOFQ uWindow Title = Windows Internet Explorer provided by Comcast mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.0.0.1213 StartupFolder: c:\docume~1\benjamin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: &Search - http://edits.mywebsearch.com/toolbaredits/...mp;n=2010052309 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: facebook.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll Hosts: 192.168.1.100 HP0015604A1BAC ============= SERVICES / DRIVERS =============== R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-10-10 30820] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-23 207280] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S2 DP1112;DP1112;\??\c:\windows\system32\drivers\dp.sys --> c:\windows\system32\drivers\DP.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104] S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-5-23 28762] S3 68190f73-0883-459e-818e-79bc83ccb4c8;68190f73-0883-459e-818e-79bc83ccb4c8;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-22 34248] S3 pnicml;pnicml;\??\c:\docume~1\laura\locals~1\temp\pnicml.sys --> c:\docume~1\laura\locals~1\temp\pnicml.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-23 358600] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-23 1141200] S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-11 57344] =============== Created Last 30 ================ 2010-05-23 13:08:25 32768 -c--a-w- c:\windows\system32\f3PSSavr.scr 2010-05-23 13:08:25 0 dc----w- c:\program files\FunWebProducts 2010-05-23 13:08:24 0 dc----w- c:\program files\MyWebSearch 2010-05-20 01:10:37 0 dc----w- c:\program files\Amazon 2010-05-09 18:56:15 0 dc----w- c:\program files\common files\Symantec Shared 2010-05-09 14:43:26 0 dc----w- c:\program files\Norton Security Scan 2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Symantec 2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Norton 2010-05-09 14:43:23 0 dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller ==================== Find3M ==================== 2010-05-12 15:21:16 221568 -c----w- c:\windows\system32\MpSigStub.exe 2010-04-12 21:29:19 411368 -c--a-w- c:\windows\system32\deployJava1.dll 2010-04-10 15:48:27 104174 -c--a-w- c:\windows\hpoins04.dat 2010-03-30 04:46:30 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45:52 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 13:35:24 69 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences2.dat 2010-03-13 13:32:50 41 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences.dat 2010-03-10 06:15:52 420352 -c--a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24:37 916480 -c--a-w- c:\windows\system32\wininet.dll 2008-05-30 18:52:16 56 -csh--r- c:\windows\system32\2B5BCE7350.sys 2008-05-30 18:52:17 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys 2006-08-01 11:29:00 1074401 -csha-w- c:\windows\system32\vybeg.bak1 2006-08-01 20:47:51 1153967 -csha-w- c:\windows\system32\vybeg.bak2 2006-08-02 00:56:53 1153755 -csha-w- c:\windows\system32\vybeg.ini2 2009-06-11 15:28:25 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-05-18 18:24:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat ============= FINISH: 13:19:32.11 ===============
  13. Before I follow your instructions I wanted to let you know that when I woke up (5min ago) the computer was off so I turned it on and upon logging in it showed the green shield (Which I assume means all the updates were downloaded automatically) and also this... I wouldn't worry too much about this because I was the one that made a few changes to it about 2 months ago because some wierd things were running in startup and I stopped them...
  14. Apart from the log I just posted I wanted to let you know that I got back on my computer to watch some MW2 gameplay and I noticed the yellow shield (update) at the bottom right. Upon clicking it I discovered 39 new updates were needed. I was wondering if those had been blocked by the virus or ??
  15. How did you learn what everything means and how to determine between good and bad? log: Running from: C:\Documents and Settings\Benjamin\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Benjamin\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\{29F8DDC1-9487-49b8-B27E-3E0C3C1298FF} Cannot access: C:\WINDOWS\Installer\10d8f474.msi Attempting to restore permissions of : C:\WINDOWS\Installer\10d8f474.msi [1] 2009-02-09 08:10:48 60928 C:\WINDOWS\Installer\10d8f474.msi () Cannot access: C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\035cdeeef9eaa07de20138b420444b17\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\22f1a1e628f2ceada1948d2c604b5154\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\248802b74506342031e926839639c729\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\269630a60abe4177f0ba214686d6ebda\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\284a430ed4a998417200bec9f0c45f85\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3724a78548e17e8215a17353ec597ae3\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3724a78548e17e8215a17353ec597ae3\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3aaae38d3fc3ac97f34ad4b0d335b406\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3aaae38d3fc3ac97f34ad4b0d335b406\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\3e17316becee1d41b884695bbf7f49db\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\3e17316becee1d41b884695bbf7f49db\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\5e5aab0184cde550e4ba21f1d2bd377e\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\5e5aab0184cde550e4ba21f1d2bd377e\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\638d2a273cb5d34a9f7e327666b9e38c\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\678162639e69c808c1768ab6340eae25\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\71668abe67b6d77ebac6750f25908a6e\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\75cd10bc79782317976e2a857798ad9f\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\7dc77bad5469553a68ef5efe55070b06\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\7dc77bad5469553a68ef5efe55070b06\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8f6570639abf0586cc1aaf1fc76726f6\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8f6570639abf0586cc1aaf1fc76726f6\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\8fa1ad7968e63408057364ad07aa482c\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\91fdb2bb23ba8edd195d7bed698912e5\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\91fdb2bb23ba8edd195d7bed698912e5\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9d21500a4aa475547c4a2420fee1c623\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\9e56f14e7203556d1448d8e8d058de0f\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\ab0676fe50d78a2ee35a6cca883a9b02\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7b0631e184025ba37e5a4ec1d8637e7\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c6bdb40c9241b85d304fd5cdfbebec2f\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c6bdb40c9241b85d304fd5cdfbebec2f\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\d8ef7c8f90f509563f255df3e967b057\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\d8ef7c8f90f509563f255df3e967b057\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\da7fee2d51e2e59bdd47cb9e03387bcc\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e15760431e46367ca5a3dfd40a9d03e3\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\e639ef786ddd695030aad48a97363146\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\e639ef786ddd695030aad48a97363146\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5\update\update.exe Cannot access: C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\fbadf956b1f29cd6cc8927434ddbc900\update\update.exe Finished!
  16. Log: Volume in drive C has no label. Volume Serial Number is 7C56-BB0C Directory of C:\WINDOWS\$NtServicePackUninstall$ 08/04/2004 06:00 AM 180,224 scecli.dll Directory of C:\WINDOWS\$NtServicePackUninstall$ 08/04/2004 06:00 AM 407,040 netlogon.dll Directory of C:\WINDOWS\$NtServicePackUninstall$ 08/04/2004 06:00 AM 55,808 eventlog.dll 3 File(s) 643,072 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:12 PM 181,248 scecli.dll Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:12 PM 407,040 netlogon.dll Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:11 PM 56,320 eventlog.dll 3 File(s) 644,608 bytes Directory of C:\WINDOWS\SYSTEM32 04/13/2008 08:12 PM 181,248 scecli.dll Directory of C:\WINDOWS\SYSTEM32 04/13/2008 08:12 PM 407,040 netlogon.dll Directory of C:\WINDOWS\SYSTEM32 04/13/2008 08:11 PM 56,320 eventlog.dll 3 File(s) 644,608 bytes Total Files Listed: 9 File(s) 1,932,288 bytes 0 Dir(s) 44,774,023,168 bytes free
  17. Apparently the size is too big so it is attached. Win32kDiag.txt
  18. I followed your instructions... hopefully. DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Benjamin at 19:28:31.96 on Thu 05/20/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.509.190 [GMT -4:00] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\lexpps.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Benjamin\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uWindow Title = Windows Internet Explorer provided by Comcast mStart Page = about:blank uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=c:\windows\system32\Userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.0.0.1213 StartupFolder: c:\docume~1\benjamin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL Trusted Zone: facebook.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll Hosts: 192.168.1.100 HP0015604A1BAC ============= SERVICES / DRIVERS =============== R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2006-10-10 30820] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-23 207280] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632] S2 DP1112;DP1112;\??\c:\windows\system32\drivers\dp.sys --> c:\windows\system32\drivers\DP.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104] S3 68190f73-0883-459e-818e-79bc83ccb4c8;68190f73-0883-459e-818e-79bc83ccb4c8;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-22 34248] S3 pnicml;pnicml;\??\c:\docume~1\laura\locals~1\temp\pnicml.sys --> c:\docume~1\laura\locals~1\temp\pnicml.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-23 358600] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-11-23 1141200] S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2005-4-11 57344] =============== Created Last 30 ================ 2010-05-20 01:10:37 0 dc----w- c:\program files\Amazon 2010-05-09 18:56:15 0 dc----w- c:\program files\common files\Symantec Shared 2010-05-09 14:43:26 0 dc----w- c:\program files\Norton Security Scan 2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Symantec 2010-05-09 14:43:26 0 dc----w- c:\docume~1\alluse~1\applic~1\Norton 2010-05-09 14:43:23 0 dc----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-04-22 21:42:44 0 dc----w- c:\docume~1\benjamin\applic~1\Backyard Baseball 2007 ==================== Find3M ==================== 2010-05-06 14:36:38 221568 -c----w- c:\windows\system32\MpSigStub.exe 2010-04-12 21:29:19 411368 -c--a-w- c:\windows\system32\deployJava1.dll 2010-04-10 15:48:27 104174 -c--a-w- c:\windows\hpoins04.dat 2010-03-30 04:46:30 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45:52 20824 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 13:35:24 69 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences2.dat 2010-03-13 13:32:50 41 -c--a-w- c:\documents and settings\benjamin\jagex_runescape_preferences.dat 2008-05-30 18:52:16 56 -csh--r- c:\windows\system32\2B5BCE7350.sys 2008-05-30 18:52:17 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys 2006-08-01 11:29:00 1074401 -csha-w- c:\windows\system32\vybeg.bak1 2006-08-01 20:47:51 1153967 -csha-w- c:\windows\system32\vybeg.bak2 2006-08-02 00:56:53 1153755 -csha-w- c:\windows\system32\vybeg.ini2 2009-06-11 15:28:25 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-05-18 18:24:27 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090519\index.dat ============= FINISH: 19:29:11.75 =============== Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 4/20/2005 10:50:11 AM System Uptime: 5/20/2010 2:37:59 PM (5 hours ago) Motherboard: Dell Inc. | | 0R7935 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 71 GiB total, 41.896 GiB free. D: is CDROM (CDFS) E: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1639: 3/22/2010 8:11:46 PM - System Checkpoint RP1640: 3/22/2010 11:59:07 PM - Software Distribution Service 3.0 RP1641: 3/24/2010 12:11:12 AM - System Checkpoint RP1642: 3/25/2010 1:22:44 AM - System Checkpoint RP1643: 3/25/2010 11:27:10 AM - Software Distribution Service 3.0 RP1644: 3/26/2010 1:50:05 AM - Software Distribution Service 3.0 RP1645: 3/27/2010 11:08:54 AM - Software Distribution Service 3.0 RP1646: 3/27/2010 6:01:32 PM - Spyware Doctor: Cleaning Threats RP1647: 3/28/2010 6:07:12 PM - System Checkpoint RP1648: 3/28/2010 7:46:09 PM - Spyware Doctor: Cleaning Threats RP1649: 3/29/2010 9:57:21 PM - Software Distribution Service 3.0 RP1650: 3/30/2010 11:08:04 PM - System Checkpoint RP1651: 3/31/2010 3:00:17 AM - Software Distribution Service 3.0 RP1652: 3/31/2010 6:04:21 PM - Spyware Doctor: Cleaning Threats RP1653: 4/1/2010 9:53:11 PM - System Checkpoint RP1654: 4/2/2010 2:13:59 AM - Software Distribution Service 3.0 RP1655: 4/3/2010 3:59:38 AM - System Checkpoint RP1656: 4/4/2010 5:12:45 AM - System Checkpoint RP1657: 4/5/2010 5:59:33 AM - System Checkpoint RP1658: 4/5/2010 9:42:03 AM - Software Distribution Service 3.0 RP1659: 4/5/2010 7:44:44 PM - Spyware Doctor: Cleaning Threats RP1660: 4/6/2010 9:59:37 PM - System Checkpoint RP1661: 4/8/2010 9:39:33 AM - System Checkpoint RP1662: 4/8/2010 4:52:54 PM - Software Distribution Service 3.0 RP1663: 4/9/2010 5:05:17 PM - System Checkpoint RP1664: 4/10/2010 1:02:25 AM - Spyware Doctor: Cleaning Threats RP1665: 4/10/2010 6:52:46 PM - Spyware Doctor: Cleaning Threats RP1666: 4/11/2010 8:19:21 PM - System Checkpoint RP1667: 4/12/2010 6:54:22 PM - Software Distribution Service 3.0 RP1668: 4/13/2010 9:50:58 PM - System Checkpoint RP1669: 4/14/2010 6:04:43 PM - Spyware Doctor: Cleaning Threats RP1670: 4/15/2010 9:46:12 PM - Software Distribution Service 3.0 RP1671: 4/16/2010 10:11:40 PM - System Checkpoint RP1672: 4/16/2010 11:18:56 PM - Installed Java 6 Update 20 RP1673: 4/18/2010 2:29:27 AM - System Checkpoint RP1674: 4/18/2010 3:00:31 AM - Software Distribution Service 3.0 RP1675: 4/18/2010 8:55:19 PM - Spyware Doctor: Cleaning Threats RP1676: 4/19/2010 11:37:29 PM - Software Distribution Service 3.0 RP1677: 4/21/2010 1:42:00 AM - System Checkpoint RP1678: 4/22/2010 2:18:12 AM - System Checkpoint RP1679: 4/22/2010 10:54:13 AM - Software Distribution Service 3.0 RP1680: 4/23/2010 2:20:22 AM - Software Distribution Service 3.0 RP1681: 4/24/2010 1:01:51 AM - Spyware Doctor: Cleaning Threats RP1682: 4/24/2010 7:26:22 AM - Installed Backyard Skateboarding RP1683: 4/25/2010 8:23:20 AM - System Checkpoint RP1684: 4/26/2010 10:47:48 AM - System Checkpoint RP1685: 4/26/2010 6:07:07 PM - Spyware Doctor: Cleaning Threats RP1686: 4/27/2010 2:17:02 AM - Software Distribution Service 3.0 RP1687: 4/28/2010 2:24:57 AM - System Checkpoint RP1688: 4/29/2010 5:06:07 AM - System Checkpoint RP1689: 4/29/2010 4:56:23 PM - Software Distribution Service 3.0 RP1690: 4/30/2010 10:12:23 PM - Spyware Doctor: Cleaning Threats RP1691: 5/1/2010 10:17:58 PM - System Checkpoint RP1692: 5/3/2010 1:18:16 AM - System Checkpoint RP1693: 5/3/2010 6:29:57 PM - Software Distribution Service 3.0 RP1694: 5/4/2010 7:55:53 PM - System Checkpoint RP1695: 5/5/2010 8:29:01 PM - System Checkpoint RP1696: 5/6/2010 2:28:33 PM - Software Distribution Service 3.0 RP1697: 5/7/2010 2:47:02 PM - System Checkpoint RP1698: 5/7/2010 9:19:52 PM - Spyware Doctor: Cleaning Threats RP1699: 5/9/2010 1:48:02 AM - System Checkpoint RP1700: 5/10/2010 4:20:32 AM - System Checkpoint RP1701: 5/10/2010 3:35:18 PM - Software Distribution Service 3.0 RP1702: 5/11/2010 3:39:50 PM - System Checkpoint RP1703: 5/11/2010 6:02:31 PM - Spyware Doctor: Cleaning Threats RP1704: 5/12/2010 6:16:04 PM - System Checkpoint RP1705: 5/12/2010 7:07:28 PM - Spyware Doctor: Cleaning Threats RP1706: 5/13/2010 9:26:26 PM - Software Distribution Service 3.0 RP1707: 5/13/2010 9:38:08 PM - Software Distribution Service 3.0 RP1708: 5/15/2010 7:53:18 PM - System Checkpoint RP1709: 5/16/2010 10:35:07 AM - System Checkpoint RP1710: 5/17/2010 12:06:44 PM - System Checkpoint RP1711: 5/17/2010 11:32:04 PM - Software Distribution Service 3.0 RP1712: 5/18/2010 6:24:07 PM - Spyware Doctor: Cleaning Threats RP1713: 5/19/2010 6:36:56 PM - System Checkpoint RP1714: 5/20/2010 6:42:11 PM - System Checkpoint ==== Installed Programs ====================== 23_24_2500Tour 2400 2400_2500Help 2400_2500trb Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 9.3.2 Adobe Shockwave Player 11.5 Adobe Stock Photos 1.0 AiO_Scan AiOSoftware Amazon Kindle For PC v1.1 AoA Audio Extractor 1.0 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 Backyard Skateboarding Bonjour Broadcom Management Programs BufferChm Cheat Engine 5.5 Comcast High-Speed Internet Install Wizard Conexant D110 MDC V.9x Modem Copy CreataCard Gold 3 CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Dell Driver Reset Tool Dell System Restore Deployment Manager Destinations Director DocProc DocumentViewer FarmVilleBot 1.3.3.1 FarmVilleBot 2.0 Fax GdiplusUpgrade Google Chrome Google Update Helper Google Updater HijackThis 1.99.1 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Diagnostic Assistant HP Image Zone 4.2 HP PSC & OfficeJet 4.2 HP Software Update HPSystemDiagnostics HyperCam 2 InstantShare Intel® Graphics Media Accelerator Driver InterActual Player Internet Explorer Default Page iTunes Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java DB 10.4.1.3 Java 6 Update 20 Java 6 Update 7 Java SE Development Kit 6 Update 12 Learn2 Player (Uninstall Only) Line Rider Logitech Audio Echo Cancellation Component Macromedia Flash Player Malwarebytes' Anti-Malware ManyCam 2.4 (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Access 2002 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Standard 2006 Microsoft Digital Image Standard 2006 Editor Microsoft Digital Image Standard 2006 Library Microsoft IntelliPoint 5.3 Microsoft IntelliType Pro 5.3 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office Professional Edition 2003 Microsoft Plus! Digital Media Edition Installer Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) MVision My Way Search Assistant Octoshape Streaming Services OGA Notifier 2.0.0048.0 Overland PCFriendly PhoTags Express PhotoGallery PrintScreen ProductContext QFolder QuickProjects QuickTime Readme Scan Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB973346) SkinsHP1 Spelling Dictionaries Support For Adobe Reader 9 Spyware Doctor 7.0 System Requirements Lab TrayApp Tweak UI Uninstall Dual Mode Camera Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB969497) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) USB 2.0 Wireless LAN Card Utility Viewpoint Media Player WebFldrs XP WebReg Windows Defender Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows PowerShell 1.0 Windows XP Service Pack 3 WinRAR archiver WM Converter 2.0 XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.3 final uninstall Yahtzee YouTube Downloader 2.5.4 ==== Event Viewer Messages From Past Week ======== 5/20/2010 2:43:11 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/20/2010 2:43:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 5/20/2010 2:43:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 5/15/2010 7:53:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000011E' while processing the file 'Microsoft .. d 2003.lnk' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 5/14/2010 6:11:37 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde 5/13/2010 9:38:59 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000156: Security Update for Windows XP (KB978542). 5/13/2010 2:25:01 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified. 5/13/2010 2:25:01 PM, error: Service Control Manager [7000] - The DP1112 service failed to start due to the following error: The system cannot find the file specified. ==== End Of File =========================== GMER (this one seemed short...did I do it wrong?): GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-20 19:47:49 Windows 5.1.2600 Service Pack 3 Running: c79sew1d.exe; Driver: C:\DOCUME~1\Benjamin\LOCALS~1\Temp\awrdapog.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF82AEE22] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF828FCDC] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF828FECE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF82AF610] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF82AF8C4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF82ADB14] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF82AFD30] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF82AF0E2] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF828F982] ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF74CEF80] ? win32k.sys:1 The system cannot find the file specified. ! ? win32k.sys:2 The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys Device \FileSystem\Fastfat \Fat A8C58D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Acceleration Software\StopSignProducts\Firewall\appinsp.dll Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@Threading Model Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\ProgID@ Appinsp.TrustInfo.1 Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\TypeLib@ {28CDF2D7-614A-44CC-9563-A6EE82F1A77B} Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\VersionIndependentProgID @ Appinsp.TrustInfo ---- EOF - GMER 1.0.15 ----
  19. 1 more question does my anti-spyware program (Spyware Doctor) need to be turned off?
  20. Thanks for replying to me Blade. My dad is going to be using the computer for the next few hours, and so I don't think it is a good idea to scan then. I will probably scan both tonight, and post tomorrow when I get back from school.
  21. Here is the picture if you dont want to download it sorry...
  22. Hello, Obviously I just joined this site, and I hope to not be a hassle to anyone. The reason for my joining was that I believe I have some sort of malware on my computer. Who would have guessed? The only reason I believe it to be there is that the current anti-spyware I run (PC Tools Spyware Doctor) detects the same thing on login (after startup). It then prompts me to restart to complete the removal. I did do this the first to times, but after I realized that it just kept coming back I stopped restarting it. There is no apparent problem with anything, but I downloaded Malware bytes a few weeks ago to scan. The computer was scanned with malwarebytes for the first time in a long time and it found about 39 infections which it removed. Didn't even know they were there, but that all said and done the one issue, stated above, continued. I still have that log from a few weeks ago if you would like to see it though... Like I said no noticeable changes, but I would rather be safe than sorry. This is the only lead I have to the infection... (attachments) Thanks in advance for any assistance. New_Bitmap_Image.bmp
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.