Jump to content

Runaway email Outlook- Previous post deleted after maintenence


Recommended Posts

Last week my outlook was running rampant sending bogus emails. Did a scan with Malaware Bytes Anti-malware and cleaned the infection, I have since run AVIRA and found nothing. After the scans, Outlook was still sending emails out, so we deleted the email account and reloaded Outlook. My concern is that there may still be something amiss. I have included the dds files per the pinned directions. Please advise.

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by cray at 17:12:43 on 2012-11-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1147 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\real\realplayer\update\realsched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\msdtc.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Akamai NetSession Interface] "c:\documents and settings\cray\local settings\application data\akamai\netsession_win.exe"

uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\speedbit video accelerator\SBLSP.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: HP Instant Printing Plugin - hxxp://ftp.hp.com/pub/softlib/programmatic/COL23700/plugin/hpwinstallSP.cab?version=1.0

DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://padilla1:4343/officescan/console/ClientInstall/WinNTChk.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://padilla1:4343/officescan/console/ClientInstall/setupini.cab

DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://padilla1:4343/officescan/console/ClientInstall/setup.cab

DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://padilla1:4343/officescan/console/html/AtxEnc.cab

DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} - hxxps://www.sub-hub.com/Secures/SHDnld.cab

DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://padilla1:4343/officescan/console/ClientInstall/RemoveCtrl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239902377828

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351868458656

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {A644122F-80E1-4AD1-B2E9-4F267FC58517} - hxxps://viewer.planwellcollaborate.com/BravaServer/BravaClientXWrapper.cab

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 172.16.1.4 206.13.29.12 206.13.30.12

TCP: Interfaces\{6C5CF1FF-3342-4D81-AEC4-C9522A19EB08} : DHCPNameServer = 172.16.1.4 206.13.29.12 206.13.30.12

Filter: text/html - {a75dc788-5829-4e70-b0a8-c4f3500a9872} -

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-5 36552]

R1 MpKsl7966ccf8;MpKsl7966ccf8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cfa9df9-c185-402a-a76e-231c709b4b25}\MpKsl7966ccf8.sys [2012-11-5 29904]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-5 84256]

R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-5 108320]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-5 83792]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-10-22 2749224]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-10-20 15656]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-9 136176]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-16 250808]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-9 136176]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"

ShellExec: DWGVIEWR.exe: open="c:\program files\autodesk\dwg trueview 2011\DWGVIEWR.exe"

.

=============== Created Last 30 ================

.

2012-11-05 22:33:36 -------- dc----w- c:\documents and settings\cray\application data\Avira

2012-11-05 22:27:36 83792 -c--a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-05 22:27:36 36552 -c--a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-05 22:27:34 -------- dc----w- c:\program files\Avira

2012-11-05 22:06:31 29904 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cfa9df9-c185-402a-a76e-231c709b4b25}\MpKsl7966ccf8.sys

2012-11-05 03:36:35 6918632 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cfa9df9-c185-402a-a76e-231c709b4b25}\mpengine.dll

2012-11-02 20:53:23 6918632 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-11-02 14:39:44 -------- dc----w- C:\TDSSKiller_Quarantine

2012-11-01 22:49:32 -------- dc----w- c:\program files\Spybot - Search & Destroy

2012-11-01 22:49:32 -------- dc----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-10-31 16:48:39 6918632 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{833b0adf-983b-4de5-88b9-92922d70830b}\mpengine.dll

2012-10-30 23:32:23 -------- dc----w- c:\documents and settings\cray\application data\TuneUp Software

2012-10-30 23:24:40 -------- dc-h--w- c:\documents and settings\all users\application data\Common Files

2012-10-30 23:24:40 -------- dc----w- c:\documents and settings\cray\local settings\application data\MFAData

2012-10-30 23:24:40 -------- dc----w- c:\documents and settings\cray\local settings\application data\Avg2013

2012-10-30 23:24:40 -------- dc----w- c:\documents and settings\all users\application data\MFAData

2012-10-29 20:48:17 -------- dc----w- c:\program files\Microsoft Security Client

.

==================== Find3M ====================

.

2012-10-09 02:25:21 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 02:25:21 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 02:54:26 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 05:03:50 193552 -c--a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14:53 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 -c--a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 -c----w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-08-23 02:45:53 499712 -c--a-w- c:\windows\system32\msvcp71.dll

2012-08-23 02:45:53 348160 -c--a-w- c:\windows\system32\msvcr71.dll

2012-08-21 13:33:26 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 17:13:58.58 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/16/2009 10:17:15 AM

System Uptime: 11/5/2012 2:04:15 PM (3 hours ago)

.

Motherboard: MSI | | 0A48

Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 775 | 3066/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 32.613 GiB free.

D: is CDROM ()

F: is NetworkDisk (NTFS) - 126 GiB total, 78.755 GiB free.

Q: is NetworkDisk (NTFS) - 233 GiB total, 69.82 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\3&61AAA01&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\3&61AAA01&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP787: 8/30/2012 2:32:16 AM - System Checkpoint

RP788: 8/31/2012 2:19:57 AM - Software Distribution Service 3.0

RP789: 9/4/2012 6:17:58 AM - Software Distribution Service 3.0

RP790: 9/5/2012 8:03:05 AM - System Checkpoint

RP791: 9/6/2012 2:30:50 AM - Software Distribution Service 3.0

RP792: 9/7/2012 2:31:40 AM - Software Distribution Service 3.0

RP793: 9/8/2012 3:22:36 AM - System Checkpoint

RP794: 9/9/2012 4:14:10 AM - System Checkpoint

RP795: 9/10/2012 4:33:09 AM - System Checkpoint

RP796: 9/11/2012 1:34:15 AM - Software Distribution Service 3.0

RP797: 9/12/2012 2:24:27 AM - System Checkpoint

RP798: 9/12/2012 6:36:22 AM - Software Distribution Service 3.0

RP799: 9/13/2012 7:17:01 AM - System Checkpoint

RP800: 9/16/2012 7:48:56 PM - Software Distribution Service 3.0

RP801: 9/17/2012 8:39:21 PM - System Checkpoint

RP802: 9/18/2012 2:01:47 AM - Software Distribution Service 3.0

RP803: 9/19/2012 3:01:01 AM - System Checkpoint

RP804: 9/20/2012 3:57:44 AM - System Checkpoint

RP805: 9/21/2012 1:42:29 AM - Software Distribution Service 3.0

RP806: 9/21/2012 3:17:20 PM - Software Distribution Service 3.0

RP807: 9/23/2012 8:13:34 PM - System Checkpoint

RP808: 9/24/2012 9:31:12 PM - System Checkpoint

RP809: 9/25/2012 1:41:35 AM - Software Distribution Service 3.0

RP810: 9/26/2012 2:05:56 AM - System Checkpoint

RP811: 9/27/2012 3:01:11 AM - System Checkpoint

RP812: 9/28/2012 1:41:49 AM - Software Distribution Service 3.0

RP813: 9/29/2012 1:46:37 AM - System Checkpoint

RP814: 9/30/2012 2:45:03 AM - System Checkpoint

RP815: 10/1/2012 3:44:52 AM - System Checkpoint

RP816: 10/2/2012 1:41:14 AM - Software Distribution Service 3.0

RP817: 10/3/2012 1:44:39 AM - System Checkpoint

RP818: 10/4/2012 2:45:02 AM - System Checkpoint

RP819: 10/5/2012 1:54:37 AM - Software Distribution Service 3.0

RP820: 10/8/2012 9:22:48 AM - System Checkpoint

RP821: 10/9/2012 2:04:28 AM - Software Distribution Service 3.0

RP822: 10/10/2012 2:07:07 AM - System Checkpoint

RP823: 10/10/2012 7:47:22 AM - Software Distribution Service 3.0

RP824: 10/10/2012 3:59:33 PM - Installed ARCTurboAccelerator

RP825: 10/11/2012 5:33:59 PM - System Checkpoint

RP826: 10/12/2012 1:55:08 AM - Software Distribution Service 3.0

RP827: 10/14/2012 10:25:24 PM - System Checkpoint

RP828: 10/15/2012 10:41:53 PM - System Checkpoint

RP829: 10/16/2012 1:41:34 AM - Software Distribution Service 3.0

RP830: 10/17/2012 10:07:54 AM - System Checkpoint

RP831: 10/18/2012 1:59:15 AM - Software Distribution Service 3.0

RP832: 10/19/2012 1:59:11 AM - Software Distribution Service 3.0

RP833: 10/20/2012 2:01:52 AM - System Checkpoint

RP834: 10/21/2012 2:56:20 AM - System Checkpoint

RP835: 10/22/2012 3:49:01 AM - System Checkpoint

RP836: 10/23/2012 1:59:19 AM - Software Distribution Service 3.0

RP837: 10/24/2012 2:44:39 AM - System Checkpoint

RP838: 10/25/2012 3:35:21 AM - System Checkpoint

RP839: 10/26/2012 4:26:22 AM - System Checkpoint

RP840: 10/26/2012 9:43:18 AM - Software Distribution Service 3.0

RP841: 10/29/2012 7:31:12 AM - System Checkpoint

RP842: 10/29/2012 1:53:58 PM - Software Distribution Service 3.0

RP843: 10/30/2012 11:54:18 AM - Removed Avira SearchFree Toolbar plus Web Protection.

RP844: 10/30/2012 4:25:08 PM - Installed AVG 2013

RP845: 10/30/2012 4:25:49 PM - Installed AVG 2013

RP846: 10/30/2012 11:52:29 PM - Software Distribution Service 3.0

RP847: 10/31/2012 9:48:35 AM - Software Distribution Service 3.0

RP848: 11/1/2012 10:29:15 AM - Software Distribution Service 3.0

RP849: 11/1/2012 5:26:13 PM - Removed Java™ 6 Update 31

RP850: 11/2/2012 1:53:14 PM - Software Distribution Service 3.0

RP851: 11/4/2012 7:36:23 PM - Software Distribution Service 3.0

RP852: 11/5/2012 2:01:19 PM - Removed AVG 2013

RP853: 11/5/2012 2:03:19 PM - Removed AVG 2013

.

==== Installed Programs ======================

.

Acme CAD Converter 2012 v8.2.5

Acrobat.com

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARCTurboAccelerator

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

Autodesk Buzzsaw 2012.1.20.6492

Autodesk Design Review 2011

Avira Free Antivirus

BidMail IP Tools

BlackBerry Desktop Software 4.1

Bonjour

Citrix Presentation Server Client

Compatibility Pack for the 2007 Office system

CP210x USB to UART Bridge Controller

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 2.8

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

Dropbox

DWG TrueView 2011

FastStone Image Viewer 4.0

FileZilla Client 3.5.3

Formatta Filler 7.0

GB Manager

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Help and Support

HP Instant Printing

Infuzer

iSqFt Full Viewer V4.01

Malwarebytes Anti-Malware version 1.65.1.1000

MasterSplitter Program

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access 2003

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office XP Standard

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

NVIDIA Drivers

On-Screen Takeoff

Quick Bid

QuickTime

RAR Password Recovery v1.1 RC16 (remove only)

RealNetworks - Microsoft Visual C++ 2005 Runtime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio CinePlayer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB969897)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentinel Protection Installer 7.4.0

Spybot - Search & Destroy

TeraCopy 2.27

Tweak UI

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB971930)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.6195

Wacom Tablet

WebFldrs XP

Windows Defender

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

11/2/2012 8:00:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.

11/1/2012 9:33:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.

10/31/2012 10:23:22 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

10/30/2012 12:06:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

10/30/2012 12:04:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

10/30/2012 12:02:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/30/2012 12:02:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss Tcpip WS2IFSL

10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/29/2012 6:16:42 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PADILLA due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

10/29/2012 6:13:06 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PADILLA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

10/29/2012 1:56:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.139.863.0).

10/29/2012 1:55:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.863.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation.

10/29/2012 1:55:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome: I am the TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.

    Note:
    A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "
    TDSSKiller.[Version]_[Date]_[Time]_log.txt
    " (for example, C:\
    TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt
    ).


=====

In your reply I would like to see the contents of the following logs please:

  • ComboFix.txt.
  • TDSSKiller log.

How is your computer currently running?

Link to post
Share on other sites

TY Dark Knight for your assistance. My computer seems to running fine now, however, I have disabled the Outlook smtp server addy until I know this computer is clean. I have an older scan report 10/16/12 from MBAM that lists the infection as well as a previous tdskill log that listed some suspicious objects. Those objects did not show in this last report and TDS-Kill did not reboot this time as before.

I will provide at your request.

I am including the 2 reports you requested here: Maybe 2 posts as the editor indicated the post was too long.

1of2

ComboFix 12-11-06.03 - cray 11/07/2012 15:28:33.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1318 [GMT -8:00]

Running from: c:\documents and settings\cray\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\arepo.pad

c:\documents and settings\cray\Application Data\LocalLow

c:\documents and settings\cray\Application Data\LocalLow\GBTemp\svrver.ini

c:\documents and settings\cray\GoToAssistDownloadHelper.exe

c:\program files\Shared

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))

.

.

2012-11-07 21:07 . 2012-11-07 21:07 29904 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys

2012-11-07 02:52 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\mpengine.dll

2012-11-06 18:29 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-05 22:33 . 2012-11-05 22:33 -------- dc----w- c:\documents and settings\cray\Application Data\Avira

2012-11-05 22:27 . 2012-10-04 20:07 133824 -c--a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-05 22:27 . 2012-09-24 17:58 36552 -c--a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-05 22:27 . 2012-09-13 18:58 83792 -c--a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-05 22:27 . 2012-11-05 22:27 -------- dc----w- c:\program files\Avira

2012-11-02 14:39 . 2012-11-02 14:39 -------- dc----w- C:\TDSSKiller_Quarantine

2012-11-01 23:36 . 2012-11-01 23:36 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2012-11-01 22:49 . 2012-11-02 03:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-11-01 22:49 . 2012-11-01 22:59 -------- dc----w- c:\program files\Spybot - Search & Destroy

2012-10-31 16:48 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{833B0ADF-983B-4DE5-88B9-92922D70830B}\mpengine.dll

2012-10-30 23:32 . 2012-10-30 23:32 -------- dc----w- c:\documents and settings\cray\Application Data\TuneUp Software

2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData

2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\Avg2013

2012-10-30 23:24 . 2012-10-30 23:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-10-30 23:24 . 2012-10-30 23:24 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\MFAData

2012-10-29 20:48 . 2012-10-29 20:48 -------- dc----w- c:\program files\Microsoft Security Client

2012-10-17 01:24 . 2012-10-17 01:24 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-17 09:32 . 2009-04-16 21:53 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-10-09 02:25 . 2012-08-16 13:40 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 02:25 . 2011-06-13 14:04 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 02:54 . 2011-03-18 23:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 05:03 . 2012-08-31 05:03 193552 -c--a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14 . 2004-08-04 07:56 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-04 07:56 43520 -c--a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-04 07:56 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 07:56 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-08-23 02:45 . 2011-12-15 00:11 499712 -c--a-w- c:\windows\system32\msvcp71.dll

2012-08-23 02:45 . 2011-12-15 00:11 348160 -c--a-w- c:\windows\system32\msvcr71.dll

2012-08-21 13:33 . 2004-08-04 06:20 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2006-02-28 09:00 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2001-12-04 00:09 . 2010-05-14 19:13 90112 -c----w- c:\program files\internet explorer\plugins\DjVuControl.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2005-08-18 1097855]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-23 296096]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-17 384800]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2005-8-18 929886]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/5/2012 2:27 PM 36552]

R1 MpKsldaf002c0;MpKsldaf002c0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys [11/7/2012 1:07 PM 29904]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2012 2:27 PM 84256]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 12:00 AM 316992]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [10/22/2009 8:54 AM 2749224]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/20/2009 8:37 AM 15656]

S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 30240193

*NewlyCreated* - 57459089

*NewlyCreated* - MPKSLDAF002C0

*Deregistered* - 30240193

*Deregistered* - 57459089

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 02:25]

.

2012-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44]

.

2012-11-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]

.

2012-11-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-104155961-2961242110-3104746187-1227.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

2012-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-104155961-2961242110-3104746187-1227.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll

Trusted Zone: isqft.com\www

Trusted Zone: planwellcollaborate.com\www

Trusted Zone: verizon.net\www

Trusted Zone: isqft.com\www

TCP: DhcpNameServer = 172.16.1.4 206.13.29.12 206.13.30.12

DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} - hxxps://www.sub-hub.com/Secures/SHDnld.cab

DPF: {A644122F-80E1-4AD1-B2E9-4F267FC58517} - hxxps://viewer.planwellcollaborate.com/BravaServer/BravaClientXWrapper.cab

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Akamai NetSession Interface - c:\documents and settings\cray\Local Settings\Application Data\Akamai\netsession_win.exe

SafeBoot-57459089.sys

AddRemove-Intelore - RAR Password Recovery - e:\dl\RAR-PR\uninstall.exe

AddRemove-Wacom Tablet Driver - c:\program files\Tablet\Wacom\Remove.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-07 15:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(708)

c:\windows\system32\Ati2evxx.dll

c:\program files\SpeedBit Video Accelerator\SBLSP.dll

c:\program files\SpeedBit Video Accelerator\ConfigDB.dll

.

- - - - - - - > 'lsass.exe'(764)

c:\program files\SpeedBit Video Accelerator\SBLSP.dll

c:\program files\SpeedBit Video Accelerator\ConfigDB.dll

.

Completion time: 2012-11-07 15:38:08

ComboFix-quarantined-files.txt 2012-11-07 23:38

.

Pre-Run: 34,695,151,616 bytes free

Post-Run: 35,159,977,984 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 43F6BB1291F31AE3A73898A6EFBD14F7

Link to post
Share on other sites

Hey shep711,

Please only use italics for your comments, as it can make the logs hard to read. Thanks! :)

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    Trusted Zone: isqft.com\www
    Trusted Zone: planwellcollaborate.com\www
    Trusted Zone: verizon.net\www
    Trusted Zone: isqft.com\www
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

Are there any current issues on your computer?

Link to post
Share on other sites

ThX DK. I ran the CF Script and the log is pasted in this reply. As far as the computer, it seems to be ok, the browser hangs abit from website to website and I stil have not run Outlook . I mentioned in my previous post that I did have an infection- It was ROOTKIT.TDSS and that is when my troubles seem to have manifested-

ComboFix 12-11-08.01 - cray 11/08/2012 6:39.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1192 [GMT -8:00]

Running from: c:\documents and settings\cray\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\cray\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))))

.

.

2012-11-07 21:07 . 2012-11-07 21:07 29904 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys

2012-11-07 02:52 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\mpengine.dll

2012-11-06 18:29 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-05 22:33 . 2012-11-05 22:33 -------- dc----w- c:\documents and settings\cray\Application Data\Avira

2012-11-05 22:27 . 2012-10-04 20:07 133824 -c--a-w- c:\windows\system32\drivers\avipbb.sys

2012-11-05 22:27 . 2012-09-24 17:58 36552 -c--a-w- c:\windows\system32\drivers\avkmgr.sys

2012-11-05 22:27 . 2012-09-13 18:58 83792 -c--a-w- c:\windows\system32\drivers\avgntflt.sys

2012-11-05 22:27 . 2012-11-05 22:27 -------- dc----w- c:\program files\Avira

2012-11-02 14:39 . 2012-11-02 14:39 -------- dc----w- C:\TDSSKiller_Quarantine

2012-11-01 23:36 . 2012-11-01 23:36 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2012-11-01 22:49 . 2012-11-02 03:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-11-01 22:49 . 2012-11-01 22:59 -------- dc----w- c:\program files\Spybot - Search & Destroy

2012-10-31 16:48 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{833B0ADF-983B-4DE5-88B9-92922D70830B}\mpengine.dll

2012-10-30 23:32 . 2012-10-30 23:32 -------- dc----w- c:\documents and settings\cray\Application Data\TuneUp Software

2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData

2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\Avg2013

2012-10-30 23:24 . 2012-10-30 23:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-10-30 23:24 . 2012-10-30 23:24 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\MFAData

2012-10-29 20:48 . 2012-10-29 20:48 -------- dc----w- c:\program files\Microsoft Security Client

2012-10-17 01:24 . 2012-10-17 01:24 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-17 09:32 . 2009-04-16 21:53 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-10-09 02:25 . 2012-08-16 13:40 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 02:25 . 2011-06-13 14:04 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 02:54 . 2011-03-18 23:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-08-31 05:03 . 2012-08-31 05:03 193552 -c--a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-28 15:14 . 2004-08-04 07:56 916992 -c--a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-04 07:56 43520 -c--a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-04 07:56 1469440 -c----w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 07:56 177664 -c--a-w- c:\windows\system32\wintrust.dll

2012-08-23 02:45 . 2011-12-15 00:11 499712 -c--a-w- c:\windows\system32\msvcp71.dll

2012-08-23 02:45 . 2011-12-15 00:11 348160 -c--a-w- c:\windows\system32\msvcr71.dll

2012-08-21 13:33 . 2004-08-04 06:20 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2006-02-28 09:00 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2001-12-04 00:09 . 2010-05-14 19:13 90112 -c----w- c:\program files\internet explorer\plugins\DjVuControl.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2005-08-18 1097855]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-23 296096]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-17 384800]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2005-8-18 929886]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/5/2012 2:27 PM 36552]

R1 MpKsldaf002c0;MpKsldaf002c0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys [11/7/2012 1:07 PM 29904]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2012 2:27 PM 84256]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 12:00 AM 316992]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [10/22/2009 8:54 AM 2749224]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/20/2009 8:37 AM 15656]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 02:25]

.

2012-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44]

.

2012-11-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]

.

2012-11-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-104155961-2961242110-3104746187-1227.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

2012-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-104155961-2961242110-3104746187-1227.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll

TCP: DhcpNameServer = 172.16.1.4 206.13.29.12 206.13.30.12

DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} - hxxps://www.sub-hub.com/Secures/SHDnld.cab

DPF: {A644122F-80E1-4AD1-B2E9-4F267FC58517} - hxxps://viewer.planwellcollaborate.com/BravaServer/BravaClientXWrapper.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-08 06:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

c:\program files\SpeedBit Video Accelerator\SBLSP.dll

c:\program files\SpeedBit Video Accelerator\ConfigDB.dll

.

- - - - - - - > 'lsass.exe'(768)

c:\program files\SpeedBit Video Accelerator\SBLSP.dll

c:\program files\SpeedBit Video Accelerator\ConfigDB.dll

.

- - - - - - - > 'explorer.exe'(2752)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\crypserv.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\windows\system32\UTSCSI.EXE

c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\WTablet\Wacom_TabletUser.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

.

**************************************************************************

.

Completion time: 2012-11-08 06:58:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-08 14:58

ComboFix2.txt 2012-11-07 23:38

.

Pre-Run: 35,002,183,680 bytes free

Post-Run: 35,207,917,568 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7333B5D83CBEE7D917011935D63127F9

Link to post
Share on other sites

Hello shep711,

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hey shep711,

My apologies. I appear to have cut off the first line.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hey shep711,

Please try this scan instead.

Please do a scan with the Kaspersky Online Scanner.

To optimise scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

  • Click on the Accept button and install the components it needs.
  • Click on Full Scan.
  • The scan will take a while, so please be patient and let it run.
  • When the scan has completed, it will display a window with a list of the issues it has found.
  • Please click Details.
  • Under the categories that have found entries, please copy and paste their reports into your next reply.

Link to post
Share on other sites

DK I finally finished . I tried the Kaspersky OS and they do not have a "online scanner" available but provide a free security scanner which ran for a few hours. When it finished it summarized the problems but when I activated the details tab nothing happened and did this complete process twice- same result. I checked my C drive in the Kaspersky Program file folder and there was no TXT file. I ended up getting the Eset scan to work and there were no threats found. I have pasted that report.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ad4cf10bdbebfe4c95da16614407d12f

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-11-09 07:53:30

# local_time=2012-11-09 11:53:30 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1792 16777215 100 0 250356 250356 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=83234

# found=0

# cleaned=0

# scan_time=3206

Link to post
Share on other sites

Hello shep711,

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

DK Here is the log

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 8%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hey shep711,

Please download Windows Repair (all in one) from here.

  • Install the program.
  • Please proceed to run it.
  • Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
    p22001645.gif
  • Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
    p22001646.gif
  • Go to Step 4 and under System Restore click on the Create button:
    p22001644.gif
  • Next, go to the Start Repairs tab and click the Start button.
    p22001166.gif
  • Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
    p22001647.gif
  • Click on the box next to the Restart System when Finished. Then click on Start.

=====

After running Windows Repair, please re-run Security Check and post a fresh log in your reply.

Link to post
Share on other sites

DK The new log from Security Check

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 8%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Good afternoon shep711,

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

Then, please re-run Security Check again and post a fresh log in your reply.

Link to post
Share on other sites

OK Here you go.

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Windows Defender MSMpEng.exe

Windows Defender MSASCui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Windows Defender MSASCui.exe

Windows Defender MsMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hey shep711,

Please do the following to make sure the Security Center starts up:

  • Click on Start>Run.
  • Type in services.msc.
  • When the page comes up, on the far right scroll down the list and double-click on Security Center.
  • Where it says Startup, please set it to Automatic.
  • Just below that you will see the word Start.
  • Please click Start and then OK.

Please re-run Security Check and let me know if the Security Center still says it isn't running.

Link to post
Share on other sites

DK -Security Center still will not start. I took the liberty of pasting a report from Spybot on a scan completed 11-1 where it found and repaired a file. This file can be recovered - Maybe this info will help.. I am also posting the results of the latest Security Check. Inoticed during the Security Check scan that it is trying to locate a file "HKLMRUN.TXT" and is unable to find it...

Spy bot

--- Report generated: 2012-11-01 16:46 ---

Microsoft.WindowsSecurityCenter.AntiVirusOverride: [sBI $3604910C] Settings (Registry change, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2012-11-01 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2012-10-31 Includes\Adware.sbi (*)

2012-10-30 Includes\AdwareC.sbi (*)

2010-08-12 Includes\Cookies.sbi (*)

2010-12-14 Includes\Dialer.sbi (*)

2012-09-26 Includes\DialerC.sbi (*)

2012-01-31 Includes\HeavyDuty.sbi (*)

2012-10-15 Includes\Hijackers.sbi (*)

2012-09-25 Includes\HijackersC.sbi (*)

2010-09-15 Includes\iPhone.sbi (*)

2012-03-13 Includes\Keyloggers.sbi (*)

2012-03-13 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2012-08-28 Includes\Malware.sbi (*)

2012-10-30 Includes\MalwareC.sbi (*)

2012-10-24 Includes\PUPS.sbi (*)

2012-10-30 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2012-06-18 Includes\Security.sbi (*)

2011-12-13 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2012-09-04 Includes\Spyware.sbi (*)

2012-09-03 Includes\SpywareC.sbi (*)

2010-03-08 Includes\Tracks.uti

2011-09-28 Includes\Trojans.sbi (*)

2012-10-31 Includes\TrojansC-02.sbi (*)

2012-10-30 Includes\TrojansC-03.sbi (*)

2012-10-24 Includes\TrojansC-04.sbi (*)

2012-08-30 Includes\TrojansC-05.sbi (*)

2012-10-31 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 7%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

DK Still is not up and it did not ask me for the install disc either .. I ran another Tweeking window repair an pasted the log - Just trying to help. BTW thank you for your valuble help so far....

Starting Repairs...

Start (11/10/2012 3:12:50 PM)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (11/10/2012 3:12:50 PM)

Done (11/10/2012 3:13:14 PM)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (11/10/2012 3:13:14 PM)

Done (11/10/2012 3:14:50 PM)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (11/10/2012 3:14:50 PM)

Done (11/10/2012 3:15:37 PM)

Reset File Permissions 01/30

C:\Autodesk & Sub Folders

Start (11/10/2012 3:15:37 PM)

Done (11/10/2012 3:16:49 PM)

Reset File Permissions 02/30

C:\bid clerk & Sub Folders

Start (11/10/2012 3:16:49 PM)

Done (11/10/2012 3:16:52 PM)

Reset File Permissions 03/30

C:\BidView & Sub Folders

Start (11/10/2012 3:16:52 PM)

Done (11/10/2012 3:17:02 PM)

Reset File Permissions 04/30

C:\cmdcons & Sub Folders

Start (11/10/2012 3:17:02 PM)

Done (11/10/2012 3:17:07 PM)

Reset File Permissions 05/30

C:\ComboFix & Sub Folders

Start (11/10/2012 3:17:07 PM)

Done (11/10/2012 3:17:09 PM)

Reset File Permissions 06/30

C:\Compaq & Sub Folders

Start (11/10/2012 3:17:09 PM)

Done (11/10/2012 3:17:16 PM)

Reset File Permissions 07/30

C:\COpy Plans & Sub Folders

Start (11/10/2012 3:17:16 PM)

Done (11/10/2012 3:17:18 PM)

Reset File Permissions 08/30

C:\Digital Takeoff Table Installer & Sub Folders

Start (11/10/2012 3:17:18 PM)

Done (11/10/2012 3:17:25 PM)

Reset File Permissions 09/30

C:\divx & Sub Folders

Start (11/10/2012 3:17:25 PM)

Done (11/10/2012 3:17:27 PM)

Reset File Permissions 10/30

C:\downloads & Sub Folders

Start (11/10/2012 3:17:27 PM)

Done (11/10/2012 3:17:29 PM)

Reset File Permissions 11/30

C:\Firefox & Sub Folders

Start (11/10/2012 3:17:29 PM)

Done (11/10/2012 3:17:32 PM)

Reset File Permissions 12/30

C:\Heritage Plaza Pict renovation & Sub Folders

Start (11/10/2012 3:17:32 PM)

Done (11/10/2012 3:17:34 PM)

Reset File Permissions 13/30

C:\i386 & Sub Folders

Start (11/10/2012 3:17:34 PM)

Done (11/10/2012 3:17:59 PM)

Reset File Permissions 14/30

C:\isqft dl & Sub Folders

Start (11/10/2012 3:17:59 PM)

Done (11/10/2012 3:18:01 PM)

Reset File Permissions 15/30

C:\MSOCache & Sub Folders

Start (11/10/2012 3:18:01 PM)

Done (11/10/2012 3:18:06 PM)

Reset File Permissions 16/30

C:\Oceana PDF Archs LS & Sub Folders

Start (11/10/2012 3:18:06 PM)

Done (11/10/2012 3:18:08 PM)

Reset File Permissions 17/30

C:\OCS Documents & Sub Folders

Start (11/10/2012 3:18:08 PM)

Done (11/10/2012 3:18:59 PM)

Reset File Permissions 18/30

C:\oncenter & Sub Folders

Start (11/10/2012 3:18:59 PM)

Done (11/10/2012 3:19:01 PM)

Reset File Permissions 19/30

C:\Program Files & Sub Folders

Start (11/10/2012 3:19:01 PM)

Done (11/10/2012 3:21:26 PM)

Reset File Permissions 20/30

C:\SNAP & Sub Folders

Start (11/10/2012 3:21:26 PM)

Done (11/10/2012 3:21:28 PM)

Reset File Permissions 21/30

C:\Sub Hub DL & Sub Folders

Start (11/10/2012 3:21:28 PM)

Done (11/10/2012 3:21:33 PM)

Reset File Permissions 22/30

C:\SYSTEM.SAV & Sub Folders

Start (11/10/2012 3:21:33 PM)

Done (11/10/2012 3:21:35 PM)

Reset File Permissions 23/30

C:\TDSSKiller_Quarantine & Sub Folders

Start (11/10/2012 3:21:35 PM)

Done (11/10/2012 3:21:38 PM)

Reset File Permissions 24/30

C:\temp & Sub Folders

Start (11/10/2012 3:21:38 PM)

Done (11/10/2012 3:21:40 PM)

Reset File Permissions 25/30

C:\Tweaking.com_Windows_Repair_Logs & Sub Folders

Start (11/10/2012 3:21:40 PM)

Done (11/10/2012 3:21:42 PM)

Reset File Permissions 26/30

C:\WINDOWS & Sub Folders

Start (11/10/2012 3:21:42 PM)

Done (11/10/2012 3:27:57 PM)

Reset File Permissions 27/30

C:\WTablet & Sub Folders

Start (11/10/2012 3:27:57 PM)

Done (11/10/2012 3:28:00 PM)

Reset File Permissions 28/30

C:\Zipped & Sub Folders

Start (11/10/2012 3:28:00 PM)

Done (11/10/2012 3:28:02 PM)

Reset File Permissions 29/30

C:\__0X00F9 & Sub Folders

Start (11/10/2012 3:28:02 PM)

Done (11/10/2012 3:28:09 PM)

Reset File Permissions 30/30

C:\__0X00FC & Sub Folders

Start (11/10/2012 3:28:09 PM)

Done (11/10/2012 3:28:11 PM)

Register System Files

Start (11/10/2012 3:28:11 PM)

Done (11/10/2012 3:29:50 PM)

Repair WMI

Start (11/10/2012 3:29:50 PM)

Step 01/03 - Deleting WMI Repository...

The system cannot find the path specified.

Step 02/03 - Rebuilding WMI Repository...

Step 03/03 - Registering WMI...

Invalid Global Switch.

Done (11/10/2012 3:31:57 PM)

Repair Windows Firewall

Start (11/10/2012 3:31:57 PM)

System error 1060 has occurred.

The specified service does not exist as an installed service.

The Windows Firewall/Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (11/10/2012 3:32:02 PM)

Repair Internet Explorer

Start (11/10/2012 3:32:02 PM)

Done (11/10/2012 3:33:06 PM)

Remove Policies Set By Infections

Start (11/10/2012 3:33:06 PM)

Done (11/10/2012 3:33:08 PM)

Repair Winsock & DNS Cache

Start (11/10/2012 3:33:08 PM)

Done (11/10/2012 3:33:17 PM)

Repair Proxy Settings

Start (11/10/2012 3:33:17 PM)

Done (11/10/2012 3:33:19 PM)

Repair Windows Updates

Start (11/10/2012 3:33:19 PM)

The BITS service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The process cannot access the file because it is being used by another process.

The process cannot access the file because it is being used by another process.

The process cannot access the file because it is being used by another process.

C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process.

C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process.

C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

'bitsadmin.exe' is not recognized as an internal or external command,

operable program or batch file.

Done (11/10/2012 3:34:16 PM)

Set Windows Services To Default Startup

Start (11/10/2012 3:34:16 PM)

Done (11/10/2012 3:34:30 PM)

Repair MSI (Windows Installer)

Start (11/10/2012 3:34:30 PM)

The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

Done (11/10/2012 3:34:36 PM)

Cleaning up empty logs...

All Selected Repairs Done.

Done (11/10/2012 3:34:36 PM)

Total Repair Time: 00:22:14

...YOU MUST RESTART YOUR SYSTEM...

Link to post
Share on other sites

Hey shep711,

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the contents of the log in your reply.

Link to post
Share on other sites

DK -- Another one for you ..

Farbar Service Scanner Version: 09-11-2012

Ran by cray (administrator) on 10-11-2012 at 16:52:46

Running from "C:\Documents and Settings\cray\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)

0x080000000400000001000000020000000300000008000000050000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.