Jump to content

error code 2 and error code 0


Recommended Posts

Sometimes my computer boots fine and quickly with no error code. Then sometimes I get an error code 0 and then at times I get an error code 2 and it takes quite a while to start up.

Here is the DDS.txt from today after it started up with an error code 2

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/6/2006 5:31:58 PM

System Uptime: 11/12/2012 7:26:18 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333

Processor: Intel® Core2 Duo CPU E4500 @ 2.20GHz | LGA 775 | 2199/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 932 GiB total, 382.879 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP446: 8/14/2012 2:31:18 PM - System Checkpoint

RP447: 8/15/2012 4:04:09 PM - System Checkpoint

RP448: 8/15/2012 7:56:44 PM - Software Distribution Service 3.0

RP449: 8/16/2012 9:01:13 PM - System Checkpoint

RP450: 8/17/2012 9:06:26 PM - System Checkpoint

RP451: 8/18/2012 9:48:17 PM - System Checkpoint

RP452: 8/20/2012 12:25:47 PM - System Checkpoint

RP453: 8/21/2012 2:31:51 PM - System Checkpoint

RP454: 8/22/2012 2:40:03 PM - System Checkpoint

RP455: 8/23/2012 3:12:37 PM - System Checkpoint

RP456: 8/25/2012 10:25:27 AM - System Checkpoint

RP457: 8/26/2012 10:51:05 AM - System Checkpoint

RP458: 8/27/2012 11:22:00 AM - System Checkpoint

RP459: 8/28/2012 2:53:19 PM - System Checkpoint

RP460: 8/29/2012 7:36:02 PM - System Checkpoint

RP461: 8/31/2012 8:54:44 AM - System Checkpoint

RP462: 9/1/2012 10:43:10 AM - System Checkpoint

RP463: 9/2/2012 1:27:13 PM - System Checkpoint

RP464: 9/3/2012 1:33:44 PM - System Checkpoint

RP465: 9/4/2012 2:57:21 PM - System Checkpoint

RP466: 9/5/2012 3:52:15 PM - System Checkpoint

RP467: 9/6/2012 4:33:44 PM - System Checkpoint

RP468: 9/9/2012 12:04:12 AM - System Checkpoint

RP469: 9/10/2012 6:11:54 AM - System Checkpoint

RP470: 9/11/2012 6:55:30 AM - System Checkpoint

RP471: 9/12/2012 12:05:55 AM - Software Distribution Service 3.0

RP472: 9/13/2012 11:02:40 AM - System Checkpoint

RP473: 9/14/2012 1:15:55 PM - System Checkpoint

RP474: 9/15/2012 10:32:27 PM - System Checkpoint

RP475: 9/16/2012 3:29:49 PM - Installed calibre

RP476: 9/16/2012 3:31:14 PM - Removed calibre

RP477: 9/17/2012 10:01:20 PM - System Checkpoint

RP478: 9/18/2012 10:21:26 PM - System Checkpoint

RP479: 9/19/2012 8:39:14 PM - Restore Operation

RP480: 9/19/2012 8:58:07 PM - Restore Operation

RP481: 9/19/2012 9:17:08 PM - Restore Operation

RP482: 9/20/2012 9:55:15 PM - System Checkpoint

RP483: 9/21/2012 8:40:18 AM - Installed AVG 2013

RP484: 9/21/2012 8:40:57 AM - Installed AVG 2013

RP485: 9/22/2012 4:47:27 AM - Software Distribution Service 3.0

RP486: 9/23/2012 5:10:28 PM - System Checkpoint

RP487: 9/24/2012 6:56:26 PM - System Checkpoint

RP488: 9/25/2012 8:02:50 AM - Restore Operation

RP489: 9/25/2012 3:42:18 PM - Software Distribution Service 3.0

RP490: 9/25/2012 4:25:08 PM - Removed AVG 2013

RP491: 9/25/2012 4:27:26 PM - Removed AVG 2013

RP492: 9/25/2012 4:39:40 PM - Installed Symantec Endpoint Protection.

RP493: 9/26/2012 9:50:02 AM - Software Distribution Service 3.0

RP494: 9/27/2012 4:57:35 PM - System Checkpoint

RP495: 9/27/2012 6:29:20 PM - Software Distribution Service 3.0

RP496: 9/28/2012 6:53:01 PM - System Checkpoint

RP497: 10/10/2012 12:27:29 AM - System Checkpoint

RP498: 10/10/2012 12:58:38 AM - Software Distribution Service 3.0

RP499: 10/11/2012 10:08:16 AM - System Checkpoint

RP500: 10/12/2012 11:39:41 AM - System Checkpoint

RP501: 10/13/2012 11:57:41 AM - System Checkpoint

RP502: 10/14/2012 3:41:15 PM - System Checkpoint

RP503: 10/15/2012 9:42:21 PM - System Checkpoint

RP504: 10/16/2012 10:59:02 PM - System Checkpoint

RP505: 10/17/2012 11:30:23 PM - System Checkpoint

RP506: 10/19/2012 10:21:38 AM - System Checkpoint

RP507: 10/20/2012 12:05:43 PM - System Checkpoint

RP508: 10/21/2012 12:40:08 PM - System Checkpoint

RP509: 10/22/2012 2:03:26 PM - System Checkpoint

RP510: 10/23/2012 3:34:13 PM - System Checkpoint

RP511: 10/24/2012 6:13:33 PM - System Checkpoint

RP512: 10/26/2012 12:14:28 AM - System Checkpoint

RP513: 10/27/2012 12:20:17 AM - System Checkpoint

RP514: 10/28/2012 12:22:40 PM - Installed calibre

RP515: 10/28/2012 12:28:25 PM - Removed calibre

RP516: 10/29/2012 12:34:47 PM - System Checkpoint

RP517: 10/30/2012 12:45:06 PM - System Checkpoint

RP518: 10/31/2012 2:53:37 PM - System Checkpoint

RP519: 11/1/2012 4:01:51 PM - System Checkpoint

RP520: 11/2/2012 4:16:30 PM - System Checkpoint

RP521: 11/3/2012 8:22:26 PM - System Checkpoint

RP522: 11/4/2012 10:27:52 PM - System Checkpoint

RP523: 11/5/2012 10:36:46 PM - System Checkpoint

RP524: 11/6/2012 11:17:53 PM - System Checkpoint

RP525: 11/8/2012 10:58:35 AM - System Checkpoint

RP526: 11/10/2012 10:54:28 AM - System Checkpoint

RP527: 11/11/2012 11:46:22 AM - System Checkpoint

.

==== Installed Programs ======================

.

7-Zip 4.65

Acrobat.com

Adobe Acrobat Reader 3.01

Adobe AIR

Adobe Digital Editions

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS

Adobe Photoshop Elements 2.0

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

Adobe Type Manager 4.0

Alchemy Deluxe 1.5y

Amazon MP3 Downloader 1.0.17

AnalogX Capture

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® L2 Fast Ethernet Driver

ATT-PRT22

Audacity 1.2.4

Audacity Recovery Utility

AVS Update Manager 1.0

AVS Video Converter 8

AVS4YOU Software Navigator 1.4

AXIS Media Control

Bing Bar

Bonjour

Brother HL-5250DN

calibre

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon CanoScan Toolbox 4.1

Canon DIGITAL CAMERA Solution Disk Software Guide

Canon G.726 WMP-Decoder

Canon i850

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 1.0

Canon PhotoRecord

Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC 8

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities CameraWindow Launcher

Canon Utilities Easy-PhotoPrint

Canon Utilities EOS Utility

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CanoScan LiDE 90

Carmen Sandiego Math Detective

Combined Community Codec Pack 2008-01-24

Cosmopolitan Fashion Makeover Deluxe

Critical Update for Windows Media Player 11 (KB959772)

CutePDF Writer 2.8

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Digital Photo Navigator 1.5

Discovering French, Nouveau! Take-Home Tutor Blanc

DivX Web Player

Documentation of lcc-win32

DVD Flick 1.3.0.7

eMedia Piano and Keyboard Method

ffdshow v1.2.4422 [2012-04-09]

Finale NotePad 2002

Firehand Ember

Firehand Lightning

Firehand Lightning Photo Album Viewer

Firehand Lightning Screen Saver

Firehand Lightning Slideshow Player

Freemake Video Converter version 3.1.2

Garfield's Typing Pal

GIMPshop 2.2.8

Google Chrome

Google Drive

Google Earth

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Guitar Guru Version 2.2.5.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

iDump (Backing up your iPod)

Image Resizer Powertoy for Windows XP

InstallIQ Updater

Intel RSX 3D

Intel® Graphics Media Accelerator Driver

InterActual Player

iPod for Windows 2006-06-28

IrfanView (remove only)

iTunes

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java 2 Runtime Environment Standard Edition v1.3.1_02

Java Auto Updater

Java 6 Update 30

Java 6 Update 7

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Korean Fonts Support For Adobe Reader 9

lcc-win32 version 3.2 (base system)

LEGO MINDSTORMS NXT Dynamic Block Update

LEGO® MINDSTORMS® NXT - English Language Pack

LEGO® MINDSTORMS® NXT Driver

LEGO® MINDSTORMS® NXT Software v1.0

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.65.1.1000

Math Advantage Geometry

Math Contests Grades 4-8 32-bit

McAfee Security Scan

Memory Savior v2.0

MicroMachines V4

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Lync 2010

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Move Networks Media Player for Internet Explorer

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Musicnotes Player V1.23.1 and Viewer

Musition 3 Demo

Musition 3 Student Edition

MyHeritage Family Tree Builder

MyPublisher BookMaker

Napster

Napster Burn Engine

Nero Suite

Online help of lcc-win32

OpenOffice.org 3.2

Oregon Trail® 5

OTOY

Pando

PayPal Plug-In

Piano Suite Lite

Picasa 2

PowerCinema NE for Everio

PowerDirector Express

PowerProducer

Production Explorer v3.0

Python 3.1.3

QuickTime

Rainbow Reefs dx 1280x1024 Screen Saver

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RemoteCapture Task 1.0.3

Seagate Replica v3.0.1801.8554

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Shockwave

SmartMusic 2012

Snapshot Viewer

Spellbound!

Spelling Dictionaries Support For Adobe Reader 9

SUPERAntiSpyware

Symantec Endpoint Protection

Synthesia (remove only)

The Print Shop

TurboTax 2008

TurboTax 2008 wcaiper

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 wcaiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 wcaiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 wcaiper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax Deluxe 2007

Ubuntu

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

ViceVersa Pro 2 (Build 2010)

WebFldrs XP

win32 online help

Winamp

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinX HD Video Converter Deluxe 3.12.4

Writing and Grammar Bronze

Yahoo! Anti-Spy

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Mail Advisor

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/9/2012 6:07:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

11/9/2012 6:07:35 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/9/2012 6:06:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

11/9/2012 6:06:56 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/9/2012 6:06:56 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

11/9/2012 6:06:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Seagate Replica System Monitor service to connect.

11/9/2012 6:06:01 AM, error: Service Control Manager [7000] - The Seagate Replica System Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/7/2012 8:20:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sfsync04

11/7/2012 8:20:15 AM, error: Service Control Manager [7000] - The Pdrprsp service failed to start due to the following error: The system cannot find the file specified.

11/7/2012 8:20:15 AM, error: Service Control Manager [7000] - The Ftdippk2sacs service failed to start due to the following error: The system cannot find the path specified.

11/10/2012 10:06:49 AM, error: Service Control Manager [7000] - The Distributed Transaction Coordinator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/10/2012 10:06:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Distributed Transaction Coordinator service to connect.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : sharon [Admin rights]

Mode : Scan -- Date : 11/12/2012 09:36:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A1BD598)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A02C3E0)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A148348)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A027178)

SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x8A19A898)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A7B0500)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A0298B8)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A1A3878)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A48CBF8)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A1B8A10)

SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A19AEC0)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A272648)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x8A02A990)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A4B36C0)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A677860)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A19B888)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x8A02CEB0)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A026488)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A2A8AB8)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xA867D640)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A2B6458)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A1963A0)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A029948)

S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x88CCE1E8)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS +++++

--- User ---

[MBR] d73962480abac290be476a68dab61ebd

[bSP] 0dc9148d47c877cfd41a21fd99980882 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11122012_02d0936.txt >>

RKreport[1]_S_11122012_02d0936.txt

Link to post
Share on other sites

Please create a new system restore point before running Malwarebytes Anti-Malware.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

<p> </p>

<pre>

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.199000 GHz

Memory total: 2138222592, free: 799772672

------------ Kernel report ------------

11/12/2012 09:50:16

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

sfhlp02.sys

sfdrv01.sys

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\igxpmp32.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\l251x86.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\System32\Drivers\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasirda.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\teefer2.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\SRTSP.SYS

\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121111.008\NAVEX15.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121111.008\NAVENG.SYS

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\System32\Drivers\SRTSPX.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Cdr4_xp.SYS

\SystemRoot\System32\Drivers\Cdralw2k.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\ATMhelpr.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\Drivers\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\igxpgd32.dll

\SystemRoot\System32\igxprd32.dll

\SystemRoot\System32\igxpdv32.DLL

\SystemRoot\System32\igxpdx32.DLL

\??\C:\WINDOWS\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys

\SystemRoot\system32\DRIVERS\irda.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\WpsHelper.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\drivers\BrPar.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\System32\Drivers\DgiVecp.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\System32\Drivers\SYMREDRV.SYS

\??\C:\DOCUME~1\sharon\LOCALS~1\Temp\mbr.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a7b6030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-e\

Lower Device Object: 0xffffffff8a762d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.12.04

Downloaded database version: v2012.11.09.02

Initializing...

Done!

Scanning directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a7b6030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a75a340, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a7b6030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a75ca98, DeviceName: \Device\0000007e\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a762d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-e\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe718c2d0, 0xffffffff8a7b6030, 0xffffffff88a5d8b0

Lower DeviceData: 0xffffffffe851ac68, 0xffffffff8a762d98, 0xffffffff8a125848

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 30D5EE0B

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 1953520002

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\sharon\Local Settings\Temp\DDMCache\How.I.Met.Your.Mother.S01E09.couchpotatoes.forumotion.net.DVDRip.XviD-TOPAZ_ns.avi" is sparse (flags = 32768)

Read File: File "C:\Documents and Settings\sharon\Local Settings\Temp\DDMCache\How.I.Met.Your.Mother.S01E09.couchpotatoes.forumotion.net.DVDRip.XviD-TOPAZ_ns.avi" is sparse (flags = 32768)

Read File: File "C:\WINDOWS\$NtUninstallKB915865$\update.ver" is compressed (flags = 1)

Read File: File "C:\WINDOWS\$NtUninstallKB915865$\updatebr.inf" is compressed (flags = 1)

Done!

Scan finished</pre>

<p> </p>

<p> </p>

<p> </p>

<pre>

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.12.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

sharon :: SHUTTLE [administrator]

11/12/2012 1:06:33 PM

mbar-log-2012-11-12 (13-06-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 41629

Time elapsed: 3 hour(s), 15 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)</pre>

Link to post
Share on other sites

Looks like it came up clean...............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here is the ComboFix log

ComboFix 12-11-14.01 - sharon 11/14/2012 13:38:52.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1075 [GMT -8:00]

Running from: c:\documents and settings\sharon\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\_ctypes.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\_elementtree.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\_hashlib.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\_socket.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\_ssl.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\pyexpat.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\pysqlite2._sqlite.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\python26.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\pythoncom26.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\PyWinTypes26.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\select.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\unicodedata.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32api.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32com.shell.shell.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32crypt.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32event.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32file.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32inet.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32pdh.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32process.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32profile.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32security.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\win32ts.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\windows._cacheinvalidation.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._controls_.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._core_.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._gdi_.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._html2.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._misc_.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._windows_.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wx._wizard.pyd

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wxbase293u_net_vc.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wxbase293u_vc.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wxmsw293u_adv_vc.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wxmsw293u_core_vc.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wxmsw293u_html_vc.dll

c:\docume~1\sharon\LOCALS~1\Temp\_MEI19402\wxmsw293u_webview_vc.dll

c:\documents and settings\sharon\Application Data\AdobeDLM.log

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\_ctypes.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\_elementtree.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\_hashlib.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\_socket.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\_ssl.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\pyexpat.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\pysqlite2._sqlite.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\python26.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\pythoncom26.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\PyWinTypes26.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\select.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\unicodedata.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32api.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32com.shell.shell.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32crypt.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32event.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32file.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32inet.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32pdh.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32process.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32profile.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32security.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\win32ts.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\windows._cacheinvalidation.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._controls_.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._core_.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._gdi_.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._html2.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._misc_.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._windows_.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wx._wizard.pyd

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wxbase293u_net_vc.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wxbase293u_vc.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wxmsw293u_adv_vc.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wxmsw293u_core_vc.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wxmsw293u_html_vc.dll

c:\documents and settings\sharon\Local Settings\Temp\_MEI19402\wxmsw293u_webview_vc.dll

c:\documents and settings\sharon\Local Settings\Temporary Internet Files\cookies.sqlite

c:\documents and settings\sharon\WINDOWS

c:\program files\Common

c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf

c:\windows\EventSystem.log

c:\windows\Firehand Lightning Screen Saver.cfg

c:\windows\system32\100.tmp

c:\windows\system32\178.tmp

c:\windows\system32\1D4.tmp

c:\windows\system32\PowerToyReadme.htm

c:\windows\system32\SET598.tmp

c:\windows\system32\SET5A4.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_RkHit

.

.

((((((((((((((((((((((((( Files Created from 2012-10-14 to 2012-11-14 )))))))))))))))))))))))))))))))

.

.

2012-11-06 15:08 . 2012-11-06 15:08 -------- d-----w- c:\documents and settings\sharon\Application Data\SUPERAntiSpyware.com

2012-11-06 15:07 . 2012-11-07 16:18 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-06 15:07 . 2012-11-06 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-11-02 14:35 . 2012-11-02 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake

2012-11-02 14:34 . 2012-11-02 14:35 -------- d-----w- c:\program files\Freemake

2012-11-01 16:19 . 2012-04-09 07:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll

2012-11-01 16:13 . 2012-11-01 16:13 -------- d-----w- c:\program files\Common Files\xing shared

2012-11-01 15:47 . 2012-11-01 15:47 -------- d-----w- c:\documents and settings\sharon\Application Data\Digiarty

2012-11-01 15:47 . 2012-11-01 15:47 -------- d-----w- c:\program files\Digiarty

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-09 00:27 . 2012-09-25 23:43 174056 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-10-22 08:37 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-10 07:22 . 2012-05-05 16:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-10 07:22 . 2011-05-21 01:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-10 07:22 . 2012-10-10 06:22 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-30 02:54 . 2012-09-14 17:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 23:41 . 2012-09-25 23:41 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2012-09-25 23:41 . 2012-09-25 23:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-09-21 14:50 . 2012-09-14 16:47 105088 ----a-w- c:\windows\system32\drivers\av5flt.sys

2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-11-06 19:52 . 2012-11-06 19:51 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn9\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-10 1176064]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192]

"12F9BEC1EC6BE2D5615C75033DB928BBBB2922E8._service_run"="c:\documents and settings\sharon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012-11-06 1247768]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]

"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-09-29 12105344]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-11-01 296096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

.

c:\documents and settings\sharon\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^sharon^Start Menu^Programs^Startup^Seagate NA0JGNRB Product Registration.lnk]

path=c:\documents and settings\sharon\Start Menu\Programs\Startup\Seagate NA0JGNRB Product Registration.lnk

backup=c:\windows\pss\Seagate NA0JGNRB Product Registration.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 22:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]

2012-09-29 04:44 12105344 ----a-w- c:\program files\Microsoft Lync\communicator.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]

2006-11-23 05:10 151552 ----a-w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-11-08 07:56 166424 ----a-r- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-11-08 07:56 141848 ----a-r- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2007-11-08 07:56 137752 ----a-r- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-10-25 03:57 16855552 ------r- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-10-11 03:04 1826816 ------r- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]

2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=

"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=

"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\sharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Microsoft Lync\\communicator.exe"=

"c:\\Program Files\\Microsoft Lync\\UcMapi.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [5/8/2006 9:46 AM 4064]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 3:38 PM 116608]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/14/2012 9:01 AM 399432]

R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\Seagate Replica\bin\ReplicaSysMon.exe [3/31/2011 11:46 AM 416208]

R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe [3/31/2011 11:46 AM 1947600]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/25/2012 3:45 PM 106656]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/14/2012 9:01 AM 22856]

S0 jrvtbk;jrvtbk;c:\windows\system32\drivers\tguv.sys --> c:\windows\system32\drivers\tguv.sys [?]

S0 pkixkats;pkixkats;c:\windows\system32\drivers\uijs.sys --> c:\windows\system32\drivers\uijs.sys [?]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/14/2012 9:01 AM 676936]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/2/2009 3:02 PM 23888]

S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 2:55 PM 39424]

S3 Ftdippk2sacs;Ftdippk2sacs; [x]

S3 Pdrprsp;Pdrprsp; [x]

S3 RDID1059;Cakewalk Music Connector 1;c:\windows\system32\drivers\Rdwm1059.sys [10/21/2006 5:24 PM 66674]

S3 Wptaontfhm;Wptaontfhm; [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 07:22]

.

2012-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 23:47]

.

2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004Core.job

- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]

.

2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-790525478-682003330-1004UA.job

- c:\documents and settings\sharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-26 01:55]

.

2012-11-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-790525478-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

2012-11-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-790525478-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]

.

2012-11-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a11f6e15-a95d-420c-9ca2-958410e41e78.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-11-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task de10ebce-b45f-49d3-ac39-e198ae5e3843.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE: &Google Search

IE: &Translate English Word

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: Backward Links

IE: Cached Snapshot of Page

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Similar Pages

IE: Translate Page into English

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.254

DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab

DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?

FF - ProfilePath - c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-tyc8

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=

FF - ExtSQL: 2012-11-01 09:13; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - ExtSQL: 2012-11-02 07:35; fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

FF - ExtSQL: !HIDDEN! 2009-09-02 06:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-VoipStunt - c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-RepairSolutions - c:\program files\RepairSolutions\RepairSolutions.exe

HKCU-Run-Pando - c:\program files\Pando Networks\Pando\Pando.exe

Notify-avldr - (no file)

SafeBoot-Symantec Antvirus

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-14 14:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\docume~1\sharon\LOCALS~1\Temp\_MEI24802\support

c:\docume~1\sharon\LOCALS~1\Temp\_MEI24802\support\gen_py

c:\docume~1\sharon\LOCALS~1\Temp\_MEI24802\support\gen_py\__init__.py 0 bytes

.

scan completed successfully

hidden files: 3

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Svc]

"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3648)

c:\windows\system32\WININET.dll

c:\program files\Google\Drive\googledrivesync32.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\windows\system32\dllhost.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\msdtc.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe

c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe

c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2012-11-14 14:34:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-14 22:34

.

Pre-Run: 405,210,607,616 bytes free

Post-Run: 426,953,527,296 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\wubildr.mbr = "Ubuntu"

.

- - End Of File - - 8E1BB86D4F6FBCA0AE059B650EB748C7

Thanks! :)

Link to post
Share on other sites

Looks Good.........

Please run the fixdamage tool in the Malwarebytes Anti-Rootkit folder and reboot.

~~~~~~~~~~~~~~~~~~~~~

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

Here you go:

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 16:47:30

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : sharon - SHUTTLE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\sharon\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\searchplugins\Search_Results.xml

File Found : C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\searchplugins\yahoo-zugo.xml

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess

Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Found : C:\Documents and Settings\sharon\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\sharon\Application Data\searchquband

Folder Found : C:\Documents and Settings\sharon\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\sharon\Start Menu\Programs\vGrabber

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\Trymedia

Folder Found : C:\Program Files\v-Grabber

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\ConduitSearchScopes

Key Found : HKCU\Software\Headlight

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3059010

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKU\S-1-5-21-515967899-790525478-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Documents and Settings\jun\Application Data\Mozilla\Firefox\Profiles\dfhy4j44.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Profile name : default

File : C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.defaultthis.engineName", "Vgrabber Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&Sea[...]

Found : user_pref("browser.search.order.1", "Search Results");

Profile name : default

File : C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\64uuh40b.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v24.0.1312.14

File : C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.28] : urls_to_restore_on_startup = [ "hxxp://www.bing.com/", [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ] ]

Found [l.5192] : urls_to_restore_on_startup = [ "hxxp://www.bing.com/", [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ] ]

File : C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4614 octets] - [14/11/2012 16:47:30]

########## EOF - C:\AdwCleaner[R1].txt - [4674 octets] ##########

Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~

Then............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 19:01:46

# Updated 06/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : sharon - SHUTTLE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\sharon\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\searchplugins\Search_Results.xml

File Deleted : C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\searchplugins\yahoo-zugo.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\sharon\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\sharon\Application Data\searchquband

Folder Deleted : C:\Documents and Settings\sharon\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\sharon\Start Menu\Programs\vGrabber

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Trymedia

Folder Deleted : C:\Program Files\v-Grabber

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Documents and Settings\jun\Application Data\Mozilla\Firefox\Profiles\dfhy4j44.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Profile name : default

File : C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\prefs.js

C:\Documents and Settings\sharon\Application Data\Mozilla\Firefox\Profiles\nuy0i18j.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3059010&Sea[...]

Deleted : user_pref("browser.search.order.1", "Search Results");

Profile name : default

File : C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\64uuh40b.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v24.0.1312.14

File : C:\Documents and Settings\sharon\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.28] : urls_to_restore_on_startup = [ "hxxp://www.bing.com/", [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ] ]

Deleted [l.5195] : urls_to_restore_on_startup = [ "hxxp://www.bing.com/", [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ] ]

File : C:\Documents and Settings\Rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4743 octets] - [14/11/2012 16:47:30]

AdwCleaner[s1].txt - [4721 octets] - [14/11/2012 19:01:46]

########## EOF - C:\AdwCleaner[s1].txt - [4781 octets] ##########

Results of screen317's Security Check version 0.99.54

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Yahoo! Anti-Spy

SUPERAntiSpyware

Malwarebytes Anti-Malware version 1.65.1.1000

Java 2 Runtime Environment Standard Edition v1.3.1_02

JavaFX 2.1.1

Java 6 Update 30

Java 7 Update 5

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (16.0.2)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java 2 Runtime Environment Standard Edition v1.3.1_02 <----please uninstall from add/remove programs

JavaFX 2.1.1

Java™ 6 Update 30 <----please uninstall from add/remove programs

Java™ 7 Update 5 <---please update, should be Update 9

Java™ 6 Update 7 <----please uninstall from add/remove programs

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date! <----check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

This is what it said yesterday before I uninstalled ComboFix, etc

[shell_NotifyIcon]Failed to perform desired action. Error code 0

I went ahead and uninstalled ComboFix, and updated Java, etc last night. This morning, when I booted, it took a while and then I got "Shell_NotifyIcon Failed to perform desired action. Error code: 2"

So it's basically still doing what it's been doing. I "randomly" can boot with no problem, then sometimes I get the error code 0 and then sometimes it takes a while to boot and I get error code 2. The error codes show up shortly after booting, I just didn't notice it yesterday...

By the way, I had a hard time uninstalling ComboFix. I couldn't do it from the Window run box. So I renamed it uninstall.exe but after double clicking it, it seemed like it was going to run again as it was complaining about my anti virus being on. I clicked "cancel" and then it said ComboFix was uninstalled. I hope that didn't mess anything up.-

I'm going to update Adobe Reader 9 now. Thank you so much for working with me.

Link to post
Share on other sites

Please do this.............

Go to your control panels add/remove programs and uninstall MalwareBytes Anti-Malware > reboot

Download and run this cleaner:

mbam-clean.exe

Reboot <---very important

Now download and see if you can install the latest version of MB from here: (disable any malware/anti-virus programs running first)

http://www.malwareby...am-download.php

Let me know, MrC

Link to post
Share on other sites

What do you think about this? I found it somewhere online...

f You Know You Have Malware ...

If you know you have malware running in your computer, it may be preventing Malwarebytes' Anti-Malware from starting normally. Usually, the main executable file is targetted: mbam.exe

You can often get around this by renaming the mbam.exe file to something else, and then trying to run it again. Sometimes, any random name will do, and because of this, Malwarebytes offers a link to download a randomly named copy of mbam.exe:

malwarebytes.org/mbam-download-exe-random.php

Save the above randomly named file to one of the following locations, and run it from there:

64 Bit Systems:

C:\Program Files (x86)\Malwarebytes' Anti-Malware

32 Bit Systems:

C:\Program Files\Malwarebytes' Anti-Malware

Unfortunately, some malware blocks almost ANY executable file from running (*.exe), but in my experience they will nevertheless allow either explorer.exe oriexplore.exe to run ... so if the random name does not work, try each of the above two names, and you may find yourself in business!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.