Jump to content

dsh

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by dsh

  1. Back to baseline, running well. Thanks again for all your help. Happy Holidays! DSH
  2. Lookin good! Let me know what else. Thanks for all your help. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5363 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 12/24/2010 10:11:22 PM mbam-log-2010-12-24 (22-11-22).txt Scan type: Quick scan Objects scanned: 148404 Time elapsed: 8 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. FYI after posting that last message, I rebooted in normal mode and am no longer getting the crazy System Security messages. Is there anything else I need to do to make sure it is gone for good? Thanks again for all your help. DSH
  4. Went through regedit to remove all references to Norton 360 I could find. Ran OTL with the fix, rebooted and missed the log. So I ran the fix again and got the log on the second reboot. Here is what it says: All processes killed ========== FILES ========== File\Folder C:\Documents and Settings\All Users\Application Data\cLlAj06309 not found. File\Folder C:\WINDOWS\System32\*.tmp not found. File\Folder C:\WINDOWS\System32\drivers\*.tmp not found. File\Folder C:\WINDOWS\*.tmp not found. File\Folder C:\Documents and Settings\David Hodges\Desktop\System Tool 2011.lnk not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: David Hodges ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 163546 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.17.3 log created on 12212010_194019 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  5. Do not see Norton 360 on Add or Remove Programs from Control Panel. Did see LiveUpdate from Symantec, which I tried to uninstall only to get an error message saying The Windows Installer Service could not be accessed... I tried to run OTL (.exe, .scr, .com), but nothing happens except a balloon pops up from the taskbar saying "WARNING! Application cannot be executed. The file tfswctrl.exe is infected. Please activate your antivirus software." Thoughts? Thanks for your help. DSH
  6. Here is Extras.txt from safe mode: OTL Extras logfile created on: 12/16/2010 9:52:27 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\David Hodges\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 544.00 Mb Available Physical Memory | 72.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.14 Gb Total Space | 2.28 Gb Free Space | 6.89% Space Free | Partition Type: NTFS Drive D: | 52.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: DAVID | User Name: David Hodges | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web) "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA "{12723C3A-0FF8-4A0C-8BD3-DC958F388F67}" = GoBoingo! "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 20 "{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver "{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB) "{56740943-FB5A-434B-AE15-5D641AD0AD5B}" = ACR Ultrasound Learning File - Edition 2 "{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011 "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = XP Themes "{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore "{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7821CB27-2A44-456D-AB5E-901C92701319}" = ACR Vascular and Interventional Radiology Learning File "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX) "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager "{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV) "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}" = Diskeeper Lite "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{E8192116-B93A-4245-AF56-C4016D5DF331}" = Draft Analyzer 2009 "{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2 "{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EEE22184-B53C-4B87-9F5B-53638160B966}" = VirtualDrive "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers "{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "ACR Body MRI Learning File3.02" = ACR Body MRI Learning File "ACR Chest Learning File" = ACR Chest Learning File "ACR Gastrointestinal Learning File - Edition 23.1" = ACR Gastrointestinal Learning File - Edition 2 "ACR Genitourinary Learning File" = ACR Genitourinary Learning File "ACR Neuroradiology Learning File" = ACR Neuroradiology Learning File "ACR Nuclear Medicine Learning File" = ACR Nuclear Medicine Learning File "ACR Pediatric Learning File" = ACR Pediatric Learning File "ACR Skeletal Learning File" = ACR Skeletal Learning File "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "Adobe Shockwave Player" = Adobe Shockwave Player "Atlas3.exe" = Atlas_3 "AVG" = AVG 2011 "AwayTask" = ThinkVantage Away Manager "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows "InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2 "LHTTSSPE" = L&H TTS3000 Espa
  7. Thought I'd go ahead and post the log files from safe mode just in case they help...Here's OTL.txt: OTL logfile created on: 12/16/2010 9:52:27 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\David Hodges\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 758.00 Mb Total Physical Memory | 544.00 Mb Available Physical Memory | 72.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.14 Gb Total Space | 2.28 Gb Free Space | 6.89% Space Free | Partition Type: NTFS Drive D: | 52.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: DAVID | User Name: David Hodges | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\David Hodges\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\David Hodges\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe () SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Ltd.) SRV - (UCLauncherService) -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe () SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe () SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (FVXSCSI) -- C:\WINDOWS\system32\DRIVERS\fvxscsi.sys (FarStone Inc.) DRV - (RemoteControl-USBLAN) -- C:\WINDOWS\system32\drivers\rcblan.sys (Belcarra Technologies) DRV - (fcdabus) -- C:\WINDOWS\system32\drivers\fcdabus.sys (FarStone Inc.) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Ltd.) DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation) DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS () DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (risdptsk) -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (Shockprf) -- C:\WINDOWS\System32\drivers\shockprf.sys (Lenovo.) DRV - (ShockMgr) -- C:\WINDOWS\System32\drivers\ShockMgr.sys (Lenovo.) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel
  8. Unfortunately, I can't run OTL.exe, OTL.com, or OTL.scr except in safe mode (which I'm not sure will do any good since MBAM didn't pick up anything in safe modes). I double click the icon for each and nothing happens, except the error message in the lower right saying the application cannot be executed. Thoughts? Should I send you the output files from safe mode? DSH
  9. Laptop appears to have the System Security - Warning Your're in Danger! virus/malware. I've been reading posts on here, and my major issue to start with is that I can't get any programs to run. Can't get MBAM to run (was already loaded on this laptop), even after renaming to winlogon. Can't get defogger, DDS, OTL, or hijackthis to run. Have no idea where to go from here! Any help would be greatly appreciated. Thanks, DSH PS - Would it be beneficial to run any of these scans while in safe mode? I've run MBAM in safe mode, but it doesn't pick up anything.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.