Platinium Security Malware and Browser redirects

[jchillard]

Hello,

I tried to remove the Platinium Security Malware with Malwarebytes yesterday, but today my google searches have been redirected to random sites.

Please see logs below. I appreciate the support and assistance.

Thank You!

Jason

.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Jason at 12:21:57 on 2012-07-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.143 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Lexmark 4800 Series\lxdemon.exe

C:\Program Files\Lexmark 4800 Series\lxdeamon.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\lxdecoms.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application

data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com toolbar\NetAssistant.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: My.Freeze.com Toolbar: {d0523bb4-21e7-11dd-9ab7-415b56d89593} - c:\program files\my.freeze.com toolbar\freeze_us.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [Google Update] "c:\documents and settings\jason\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe"

mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe"

mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: intuit.com\ttlc

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.5.1

TCP: Interfaces\{C4EFDD8C-2396-415E-8862-92B4C168C11E} : DhcpNameServer = 192.168.5.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwprovau

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jason\application data\mozilla\firefox\profiles\q4drqr7n.default\

FF - prefs.js: browser.startup.homepage -

hxxp://us.ard.yahoo.com/SIG=160v708bq/M=650008.12783704.13681781.12384300/D=yahoo_top/S=2023432473:HEADR/_ylt=AkIGv2hq1d21FIZTD8zKIMsZIZt4/Y=YAHOO/EXP=125349

1514/L=.RieLES00mWe3H2ASk4C9ZO2Y4mOP0q2pxoACyVV/B=62LbEWKJiVU-/J=1253484314749523/K=NRDOlbwYEjeI4kiGkeGoAA/A=5765314/R=9/SIG=10l2nj3k8/*http://my.yahoo.com

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\jason\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-7-22 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-22 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-22 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-22 21256]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-15 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-23 40776]

S0 yajrinay;yajrinay;c:\windows\system32\drivers\accs.sys --> c:\windows\system32\drivers\accs.sys [?]

.

=============== Created Last 30 ================

.

2012-07-23 18:43:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-22 21:47:28 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-22 21:47:27 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-22 21:45:22 41224 ----a-w- c:\windows\avastSS.scr

2012-07-22 21:44:20 -------- d-----w- c:\program files\AVAST Software

2012-07-22 21:44:20 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-07-22 15:48:37 -------- d-----w- c:\documents and settings\jason\local settings\application

data\{A884A0BA-D414-11E1-8270-B8AC6F996F26}

2012-07-22 15:48:37 -------- d-----w- c:\documents and settings\jason\local settings\application

data\{A8846FAA-D414-11E1-8270-B8AC6F996F26}

2012-07-22 15:48:27 -------- d-----w- c:\documents and settings\all users\application data\6F638BFE004DD153004A49167B07D287

2012-07-01 16:16:47 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-07-01 16:16:46 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

.

==================== Find3M ====================

.

2012-07-12 11:09:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 11:09:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-23 03:07:40 336186 ----a-w- c:\documents and settings\all users\SPL1B7.tmp

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 12:30:39.07 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Installed Programs ======================

.

.

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader X (10.1.3)

Advertising Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audible Download Manager

avast! Pro Antivirus

Bonjour

Borders Desktop

Broadcom Management Programs

Conexant HDA D110 MDC V.92 Modem

Critical Update for Windows Media Player 11 (KB959772)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Driver Reset Tool

Digital Line Detect

ERUNT 1.1j

ESPNMotion

GemMaster Mystic

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

ImagXpress

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java 6 Update 31

Java 6 Update 5

Lexmark 4800 Series

Lexmark Fax Solutions

Malwarebytes Anti-Malware version 1.62.0.1300

mCore

mDrWiFi

MediaSPace

Menu Templates - Starter Kit

mHlpDell

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86

9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

mIWA

mIWCA

mLogView

mMHouse

MobileMe Control Panel

Modem Helper

Movie Templates - Starter Kit

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

mSSO

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

mToolkit

mWlsSafe

mXML

My.Freeze.com Toolbar

mZConfig

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero DiscSpeed

Nero DriveSpeed

Nero Express Help

Nero InfoTool

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

NetWaiting

Otto

PowerDVD 5.5

QualXServ Service Agreement

QuickSet

QuickTime

RealPlayer

RealUpgrade 1.0

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit

Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit

Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype™ 4.2

Sonic Encoders

SpywareBlaster 4.4

Synaptics Pointing Device Driver

TurboTax 2009

TurboTax 2009 wcaiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 wcaiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit

Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

WebEx

WebFldrs XP

Winamp Toolbar for Firefox

Winamp Toolbar for Internet Explorer

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell 1.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinPatrol

Yahoo! Install Manager

Yahoo! Messenger

Yahoo! Search Suggest Add-on for IE7

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/22/2012 8:51:52 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Google Software Updater service

to connect.

7/22/2012 8:51:52 AM, error: DCOM [10005] - DCOM got error "%1053"

attempting to start the service gusvc with arguments "" in order to

run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

7/22/2012 8:51:27 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Apple Mobile Device service to

connect.

7/22/2012 8:51:27 AM, error: Service Control Manager [7000] - The

Apple Mobile Device service failed to start due to the following

error: The service did not respond to the start or control request in

a timely fashion.

7/22/2012 8:50:53 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the IMAPI CD-Burning COM Service

service to connect.

7/22/2012 8:50:53 AM, error: Service Control Manager [7000] - The

IMAPI CD-Burning COM Service service failed to start due to the

following error: The service did not respond to the start or control

request in a timely fashion.

7/22/2012 8:50:35 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Media Center Extender Service

service to connect.

7/22/2012 8:50:35 AM, error: Service Control Manager [7000] - The

Media Center Extender Service service failed to start due to the

following error: The service did not respond to the start or control

request in a timely fashion.

7/22/2012 8:50:33 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Media Center Receiver Service

service to connect.

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

RegSrvc service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

NICCONFIGSVC service terminated unexpectedly. It has done this 1

time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

Media Center Scheduler Service service terminated unexpectedly. It

has done this 1 time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

lxde_device service terminated unexpectedly. It has done this 1

time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

Java Quick Starter service terminated unexpectedly. It has done this

1 time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

iPod Service service terminated unexpectedly. It has done this 1

time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

Intuit Update Service v4 service terminated unexpectedly. It has done

this 1 time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

Intuit Update Service service terminated unexpectedly. It has done

this 1 time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7034] - The

EvtEng service terminated unexpectedly. It has done this 1 time(s).

7/22/2012 8:50:28 AM, error: Service Control Manager [7031] - The

Nero BackItUp Scheduler 4.0 service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in

500 milliseconds: Restart the service.

7/22/2012 8:50:28 AM, error: Service Control Manager [7031] - The

Media Center Extender Service service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in

5000 milliseconds: Restart the service.

7/22/2012 8:50:28 AM, error: Service Control Manager [7031] - The

Apple Mobile Device service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.

7/22/2012 8:50:28 AM, error: Service Control Manager [7000] - The

Nero BackItUp Scheduler 4.0 service failed to start due to the

following error: Access is denied.

7/22/2012 8:50:27 AM, error: Service Control Manager [7034] - The

WLANKEEPER service terminated unexpectedly. It has done this 1

time(s).

7/22/2012 8:50:27 AM, error: Service Control Manager [7034] - The

Spectrum24 Event Monitor service terminated unexpectedly. It has done

this 1 time(s).

7/22/2012 8:50:27 AM, error: Service Control Manager [7031] - The

Media Center Receiver Service service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in

5000 milliseconds: Restart the service.

7/22/2012 8:25:15 AM, error: Dhcp [1002] - The IP address lease

192.168.1.64 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.19.1 (The DHCP Server sent

a DHCPNACK message).

7/22/2012 10:24:19 AM, error: Ntfs [55] - The file system structure

on the disk is corrupt and unusable. Please run the chkdsk utility on

the volume C:.

7/22/2012 10:10:00 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: APPDRV

BHDrvx86 eeCtrl Fips intelppm MpFilter SRTSPX SymIRON SYMTDI

7/22/2012 10:10:00 AM, error: Service Control Manager [7023] - The

Computer Browser service terminated with the following error: The

specified service does not exist as an installed service.

7/22/2012 10:05:22 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: AFD

APPDRV BHDrvx86 eeCtrl Fips intelppm IPSec MpFilter MRxSmb NetBIOS

NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip WS2IFSL

7/22/2012 10:05:22 AM, error: Service Control Manager [7001] - The

TCP/IP NetBIOS Helper service depends on the AFD service which failed

to start because of the following error: A device attached to the

system is not functioning.

7/22/2012 10:05:22 AM, error: Service Control Manager [7001] - The

IPSEC Services service depends on the IPSEC driver service which

failed to start because of the following error: A device attached to

the system is not functioning.

7/22/2012 10:05:22 AM, error: Service Control Manager [7001] - The

DNS Client service depends on the TCP/IP Protocol Driver service which

failed to start because of the following error: A device attached to

the system is not functioning.

7/22/2012 10:05:22 AM, error: Service Control Manager [7001] - The

DHCP Client service depends on the NetBios over Tcpip service which

failed to start because of the following error: A device attached to

the system is not functioning.

7/22/2012 10:05:22 AM, error: Service Control Manager [7001] - The

Bonjour Service service depends on the TCP/IP Protocol Driver service

which failed to start because of the following error: A device

attached to the system is not functioning.

7/22/2012 10:05:22 AM, error: Service Control Manager [7001] - The

Apple Mobile Device service depends on the TCP/IP Protocol Driver

service which failed to start because of the following error: A

device attached to the system is not functioning.

7/22/2012 10:04:49 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service netman with arguments "" in order to

run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

7/22/2012 10:04:48 AM, error: DCOM [10005] - DCOM got error "%1084"

attempting to start the service EventSystem with arguments "" in order

to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/22/2012 1:33:17 PM, error: Dhcp [1002] - The IP address lease

192.168.19.233 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent

a DHCPNACK message).

7/20/2012 11:28:19 AM, error: Dhcp [1002] - The IP address lease

192.168.5.174 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent

a DHCPNACK message).

7/19/2012 8:35:26 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the lxdeCATSCustConnectService

service to connect.

7/19/2012 8:35:26 AM, error: Service Control Manager [7000] - The

lxdeCATSCustConnectService service failed to start due to the

following error: The service did not respond to the start or control

request in a timely fashion.

7/19/2012 8:34:58 AM, error: Dhcp [1002] - The IP address lease

192.168.1.64 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 10.128.128.128 (The DHCP Server

sent a DHCPNACK message).

7/19/2012 11:53:23 AM, error: Dhcp [1002] - The IP address lease

10.235.65.11 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent

a DHCPNACK message).

7/18/2012 7:58:04 AM, error: Server [2505] - The server could not

bind to the transport

\Device\NetBT_Tcpip_{C4EFDD8C-2396-415E-8862-92B4C168C11E} because

another computer on the network has the same name. The server could

not start.

7/18/2012 7:39:15 AM, error: Dhcp [1002] - The IP address lease

192.168.1.64 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.6.1 (The DHCP Server sent a

DHCPNACK message).

7/18/2012 5:35:57 PM, error: Service Control Manager [7011] - Timeout

(30000 milliseconds) waiting for a transaction response from the N360

service.

7/18/2012 2:46:49 PM, error: Service Control Manager [7011] - Timeout

(30000 milliseconds) waiting for a transaction response from the

WZCSVC service.

7/18/2012 10:55:41 AM, error: Dhcp [1002] - The IP address lease

192.168.5.136 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent

a DHCPNACK message).

7/18/2012 10:55:00 AM, error: Service Control Manager [7011] -

Timeout (30000 milliseconds) waiting for a transaction response from

the Netman service.

7/17/2012 6:14:38 PM, error: WPDMTPDriver [15300] - MTP WPD Driver

has failed to start. Error 0x80070057.

7/17/2012 4:33:44 PM, error: Dhcp [1002] - The IP address lease

192.168.1.64 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.5.1 (The DHCP Server sent a

DHCPNACK message).

7/17/2012 11:44:56 AM, error: Dhcp [1002] - The IP address lease

192.168.5.189 for the Network Card with network address 00166F46BFB0

has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent

a DHCPNACK message).

7/17/2012 10:26:17 PM, error: Service Control Manager [7011] -

Timeout (30000 milliseconds) waiting for a transaction response from

the stisvc service.

7/17/2012 10:04:29 AM, error: Dhcp [1001] - Your computer was not

assigned an address from the network (by the DHCP Server) for the

Network Card with network address 00166F46BFB0. The following error

occurred: The operation was canceled by the user. . Your computer

will continue to try and obtain an address on its own from the network

address (DHCP) server.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please go to your control panels add/remove programs and uninstall....

My.Freeze.com Toolbar

-----------------------------------------------------

Then.....................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[jchillard]

RK report below. Thanks!

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Jason [Admin rights]

Mode: Scan -- Date: 07/23/2012 14:10:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{b49c61e6-4cba-3ee1-0c0f-f3e3af508533}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{b49c61e6-4cba-3ee1-0c0f-f3e3af508533}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{b49c61e6-4cba-3ee1-0c0f-f3e3af508533}\L --> FOUND

[ZeroAccess][FILE] @ : c:\documents and settings\jason\local settings\application data\{b49c61e6-4cba-3ee1-0c0f-f3e3af508533}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\documents and settings\jason\local settings\application data\{b49c61e6-4cba-3ee1-0c0f-f3e3af508533}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\documents and settings\jason\local settings\application data\{b49c61e6-4cba-3ee1-0c0f-f3e3af508533}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9120822A +++++

--- User ---

[MBR] 8f605a24d9333a75596fa35f15fa617a

[bSP] af1cb0469599de55aa308c4121b698b0 : MBR Code unknown

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 107466 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 220202955 | Size: 5506 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

----------------------------------------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[jchillard]

Please see combo fix report below... Thank you - Jason

ComboFix 12-07-24.01 - Jason 07/23/2012 16:06:38.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.362 [GMT -7:00]

Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))

.

.

2012-07-22 21:47 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-22 21:47 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-22 21:47 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-22 21:47 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-22 21:47 . 2012-07-03 16:21 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2012-07-22 21:47 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-22 21:47 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-22 21:47 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-22 21:47 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-22 21:45 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-22 21:45 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-22 21:44 . 2012-07-22 21:44 -------- d-----w- c:\program files\AVAST Software

2012-07-22 21:44 . 2012-07-22 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-07-22 15:48 . 2012-07-22 15:48 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\{A884A0BA-D414-11E1-8270-B8AC6F996F26}

2012-07-22 15:48 . 2012-07-22 15:48 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\{A8846FAA-D414-11E1-8270-B8AC6F996F26}

2012-07-22 15:48 . 2012-07-22 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\6F638BFE004DD153004A49167B07D287

2012-07-11 20:15 . 2012-07-11 20:16 -------- d-----w- c:\program files\Google

2012-07-01 16:16 . 2012-07-01 16:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-07-01 16:16 . 2012-07-01 16:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 11:09 . 2012-05-03 11:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 11:09 . 2011-05-24 11:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2011-03-15 22:21 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2005-08-16 10:18 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2009-08-20 01:07 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2005-08-16 10:18 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2005-08-16 10:18 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2008-10-16 22:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2008-10-16 22:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2005-08-16 10:40 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2005-08-16 10:40 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2005-08-16 10:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2008-10-16 22:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2008-10-16 22:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2005-08-16 10:40 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2005-08-16 10:40 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2005-08-16 10:18 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2008-10-16 22:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2005-08-16 10:40 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2005-08-16 10:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2009-04-18 05:39 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2009-04-18 05:39 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18 . 2009-04-18 05:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2005-08-16 10:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2005-08-16 10:18 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:12 . 2005-08-16 10:18 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2004-08-04 04:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2005-08-16 10:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2009-04-17 01:56 . 2009-04-17 01:56 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2009-04-17 01:56 . 2009-04-17 01:56 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2009-04-17 02:20 . 2009-04-17 02:20 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-07-19 15:38 . 2011-10-04 15:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

.

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-12-14 455336]

"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-12-14 25256]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-12-14 316072]

"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-03-16 325000]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-03 202256]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Audible Download Manager.lnk - [N/A]

Digital Line Detect.lnk - [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [7/22/2012 2:47 PM 18544]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/22/2012 2:47 PM 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [7/22/2012 2:47 PM 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/22/2012 2:47 PM 21256]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 4:25 PM 13672]

R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/15/2011 3:21 PM 655944]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/15/2011 3:21 PM 22344]

S0 yajrinay;yajrinay;c:\windows\system32\drivers\accs.sys --> c:\windows\system32\drivers\accs.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2012 1:16 PM 136176]

S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [3/9/2009 10:02 AM 98984]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/3/2012 4:07 AM 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2012 1:16 PM 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/4/2012 4:10 AM 113120]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - BITS

*NewlyCreated* - WUAUSERV

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 11:09]

.

2012-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]

.

2012-07-23 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 16:21]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 20:15]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-11 20:15]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3477048099-3401580693-1773120605-1005Core.job

- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 03:19]

.

2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3477048099-3401580693-1773120605-1005UA.job

- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 03:19]

.

2012-07-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3477048099-3401580693-1773120605-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2012-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3477048099-3401580693-1773120605-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]

.

2012-07-23 c:\windows\Tasks\User_Feed_Synchronization-{54302964-DE16-421B-92BA-0AE64509D160}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-23 16:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1084)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

- - - - - - - > 'explorer.exe'(2616)

c:\windows\system32\WININET.dll

c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-07-23 16:30:06

ComboFix-quarantined-files.txt 2012-07-23 23:30

ComboFix2.txt 2012-07-23 22:38

.

Pre-Run: 19,453,644,800 bytes free

Post-Run: 19,441,545,216 bytes free

.

- - End Of File - - 184458937E77CF4972A8702028B70C1F

[MrCharlie]

Do you have any idea what these two folders are:

(2012-07-22 15:48 . 2012-07-22 15:50 <---they were all created around this time)

You may have to enable hidden files to see them:

http://www.howtogeek...-folders-in-xp/

c:\documents and settings\Jason\Local Settings\Application Data\{A884A0BA-D414-11E1-8270-B8AC6F996F26}

c:\documents and settings\All Users\Application Data\6F638BFE004DD153004A49167B07D287

MrC

[jchillard]

Hello, I was able to locate them and I have no idea what these files are... They were created around the time I first notice the malware.and ran Malwarebytes.

Thank you

Jason

[MrCharlie]

Is there anything in them??

MrC

[jchillard]

c:\documents and settings\Jason\Local Settings\Application Data\{A884A0BA-D414-11E1-8270-B8AC6F996F26}

Windows script file, an icon, firefox html doc

c:\documents and settings\All Users\Application Data\6F638BFE004DD153004A49167B07D287

unknown icon and an icon

[MrCharlie]

It's late for me, we'll deal with it tomorrow, MrC

[jchillard]

Edit:

c:\documents and settings\All Users\Application Data\6F638BFE004DD153004A49167B07D287

unknown file and icon

[MrCharlie]

I don't think they're malware related, after we're done here you can delete them but don't empty the recycle bin, see if everything runs OK. If so...then empty it.

------------------------

Go to Run > type cmd > Enter > copy and paste this in:

SC Delete yajrinay

and hit Enter

Then delete this file if found:

c:\windows\system32\drivers\accs.sys

---------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[jchillard]

Hello and thank you again for your assistance and time...

I followed the instructions above... ran MBAM and I haven't noticed redirects in Firefox. However, I cannot launch IE or FF from my desktop. I have to launch browsers from the start menu and then only Firefox will launch.

Jason

[MrCharlie]

After "what" did this happen?? MrC

[jchillard]

I first noticed it after running the ComboFix.

[MrCharlie]

As far as I see, CF didn't delete any files.

Check around in this folder: (it's created by CF and contains logs and backups of what it deletes)

C:\Qoobox

MrC

[jchillard]

Okay, I checked around in the file above and didn't find any deleted browser files. However, IE will not launch from desktop or start menu. It opens and hangs up and then closes. It does not look like I can unistall IE... I tried to unistall and download IE, but there is no unistall option in remove/add programs.

So far the rest of my desktop icons will not work unless I right click and select open... double clicking will not open them. They will launch from the start menu.

Jason

[MrCharlie]

Have you rebooted the computer a couple of times??

I mean hard reboots > shut it of > turn the power switch off > then reboot

MrC

[jchillard]

Yes, I have done multiple hard reboots. Should I run another MBAM?

[MrCharlie]

Yes, I don't think that's the problem though, MrC

[jchillard]

You are correct, MBAM detected no malicious items

[MrCharlie]

ComboFix creates a system restore point just before it runs, do you want to try it??

MrC

[jchillard]

Sure!

[jchillard]

How would I go about creating a system restore point prior to running ComboFix?

[jchillard]

Correction, I believe the google search redirect is still active... Avast is blocking the redirect, but I now receive a notification each time I run a search on google.