Jump to content

Infected with ad.xtendmedia virus

treeman990
 Share

Recommended Posts

treeman990

treeman990

Posted
Posted

Hello, I believe I am infected with the ad.xtendmedia virus. I've tried multiple malware removal programs but nothing can find anything infected on my computer. I get little popups while browsing the internet, and am sometimes redirected to a different website than I was intending to go to. I ran dds and here are my logs:

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2

Run by Kevin Ewert at 9:29:23 on 2013-04-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.852 [GMT -5:00]

.

AV: Managed Antivirus Managed Antivirus *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Advanced Monitoring Agent\winagent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\ADVANC~1\managedav\SBAMSvc.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

c:\Program Files\Zune\ZuneBusEnum.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ADVANC~1\managedav\SBAMTray.exe

C:\PROGRA~1\SEARCH~2\Datamngr\DATAMN~1.EXE

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

c:\Program Files\Zune\ZuneWlanCfgSvc.exe

C:\Program Files\Microsoft Works\wkswp.exe

C:\Program Files\Microsoft Works\MSWorks.exe

C:\Program Files\Microsoft Works\wkgdcach.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Kevin Ewert\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.coupons.com/

uWindow Title = Powered by Charter Communications

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://search.coupons.com/

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll

BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} -

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} -

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -

TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -

TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll

TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [Google Update] "c:\documents and settings\kevin ewert\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zune 4.0)" -"http://perspective.pearsonaccess.com/content/resources/learningresources/rd/cct_imp2.html?cct=cct/v_06_01_01"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [EPSON Stylus Photo RX500] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sBAMTray] "c:\progra~1\advanc~1\managedav\SBAMTray.exe"

mRun: [DATAMNGR] c:\progra~1\search~2\datamngr\DATAMN~1.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Search - http://kl.bar.need2f...earch.html?p=KL

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/43.10/uploader2.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/15274ee98603a0a0d701/netzip/RdxIE601.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123689493343

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://office.sonscape.org/Remote/msrdp.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} - hxxps://accounting.quickbooks.com/c2/v20.127/qboax10.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab

DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab

DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.pogo.com/game/deluxe/zuma/popcaploader_v6.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{7BDE0E69-4C31-40F5-A51E-46FF6D034AD9} : DHCPNameServer = 192.168.1.1

Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - <orphaned>

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs= c:\progra~1\search~2\datamngr\datamngr.dll c:\progra~1\search~2\datamngr\IEBHO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-8-8 21496]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624]

R2 Advanced Monitoring Agent;Advanced Monitoring Agent;c:\program files\advanced monitoring agent\winagent.exe [2012-8-7 3517952]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-10 54752]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-23 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-9 701512]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 SBAMSvc;Managed Antivirus;c:\progra~1\advanc~1\managedav\SBAMSvc.exe [2011-10-12 2804312]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-8-8 74104]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-11 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-9 22856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-17 40776]

S2 5874;5874;\??\c:\docume~1\kevine~1\locals~1\temp\5874.sys --> c:\docume~1\kevine~1\locals~1\temp\5874.sys [?]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2006-3-13 4736]

S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.318\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [?]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2006-3-13 8960]

S3 PortAcc;Spearit Port Access;c:\program files\laplink\pcmover\PortAcc.sys [2006-3-13 10752]

.

=============== File Associations ===============

.

ShellExec: BitDownload.exe: open=c:\documents and settings\kevin ewert\desktop\justin\bitdownload\BitDownload.exe

ShellExec: QuickTimePlayer.exe: open=c:\progra~1\quickt~1\QUICKT~1.EXE "%1"

.

=============== Created Last 30 ================

.

2013-04-17 14:27:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-04-05 13:22:03 -------- d-----w- c:\documents and settings\kevin ewert\local settings\application data\APN

2013-04-05 13:22:01 -------- d-----w- c:\program files\Ask.com

2013-04-05 13:22:01 -------- d-----w- C:\Firefox

2013-04-05 13:22:00 -------- d-----w- c:\documents and settings\kevin ewert\local settings\application data\AskToolbar

2013-04-05 13:11:38 -------- d-----w- c:\documents and settings\all users\application data\Ask

2013-04-05 13:11:16 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-04 02:43:09 -------- d-----w- c:\documents and settings\kevin ewert\application data\ElevatedDiagnostics

2013-03-21 18:11:37 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-21 18:11:37 12928 ------w- c:\windows\system32\dllcache\usb8023.sys

.

==================== Find3M ====================

.

2013-04-05 13:11:02 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-05 13:11:02 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-05 13:11:02 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-13 09:10:42 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 09:10:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec

2013-02-27 07:56:51 2067456 ------w- c:\windows\system32\mstscax.dll

2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023.sys

2013-01-31 22:51:15 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe

2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll

.

============= FINISH: 9:30:43.06 ===============

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/21/2006 8:36:33 PM

System Uptime: 4/11/2013 3:24:16 AM (150 hours ago)

.

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 228 GiB total, 16.989 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2398: 1/18/2013 5:19:03 AM - System Checkpoint

RP2399: 1/19/2013 6:15:01 AM - System Checkpoint

RP2400: 1/20/2013 3:00:19 AM - Software Distribution Service 3.0

RP2401: 1/21/2013 3:18:45 AM - System Checkpoint

RP2402: 1/22/2013 4:18:46 AM - System Checkpoint

RP2403: 1/23/2013 5:17:41 AM - System Checkpoint

RP2404: 1/23/2013 2:14:55 PM - Removed Greeting Card Factory Express

RP2405: 1/24/2013 2:55:13 PM - System Checkpoint

RP2406: 1/25/2013 3:52:51 PM - System Checkpoint

RP2407: 1/26/2013 4:44:06 PM - System Checkpoint

RP2408: 1/27/2013 5:41:41 PM - System Checkpoint

RP2409: 1/28/2013 6:38:33 PM - System Checkpoint

RP2410: 1/29/2013 7:36:38 PM - System Checkpoint

RP2411: 1/30/2013 8:53:59 PM - System Checkpoint

RP2412: 1/31/2013 4:51:11 PM - Installed Logitech Desktop Messenger

RP2413: 1/31/2013 4:51:34 PM - Installed Remote Control USB Driver

RP2414: 1/31/2013 4:51:49 PM - Installed Logitech Harmony Remote Software 7

RP2415: 2/1/2013 5:32:39 PM - System Checkpoint

RP2416: 2/2/2013 3:25:05 PM - Installed Microsoft Fix it 50577

RP2417: 2/2/2013 3:37:26 PM - Installed Zune 4.8

RP2418: 2/3/2013 4:00:22 PM - System Checkpoint

RP2419: 2/4/2013 4:14:45 PM - System Checkpoint

RP2420: 2/5/2013 4:16:03 PM - System Checkpoint

RP2421: 2/6/2013 5:11:42 PM - System Checkpoint

RP2422: 2/7/2013 5:31:24 PM - System Checkpoint

RP2423: 2/8/2013 6:06:08 PM - System Checkpoint

RP2424: 2/9/2013 6:14:56 PM - System Checkpoint

RP2425: 2/10/2013 6:23:03 PM - System Checkpoint

RP2426: 2/11/2013 7:21:14 PM - System Checkpoint

RP2427: 2/12/2013 8:05:43 PM - System Checkpoint

RP2428: 2/13/2013 8:29:08 PM - System Checkpoint

RP2429: 2/14/2013 3:00:22 AM - Software Distribution Service 3.0

RP2430: 2/14/2013 8:49:44 PM - Installed Windows XP winusb0100.

RP2431: 2/15/2013 8:55:55 PM - System Checkpoint

RP2432: 2/16/2013 9:32:32 PM - System Checkpoint

RP2433: 2/17/2013 9:54:40 PM - System Checkpoint

RP2434: 2/18/2013 10:07:41 PM - System Checkpoint

RP2435: 2/19/2013 10:44:15 PM - System Checkpoint

RP2436: 2/20/2013 11:48:09 PM - System Checkpoint

RP2437: 2/22/2013 12:36:40 AM - System Checkpoint

RP2438: 2/23/2013 1:41:21 AM - System Checkpoint

RP2439: 2/24/2013 2:30:21 AM - System Checkpoint

RP2440: 2/25/2013 3:29:03 AM - System Checkpoint

RP2441: 2/26/2013 4:24:13 AM - System Checkpoint

RP2442: 2/27/2013 4:46:03 AM - System Checkpoint

RP2443: 2/28/2013 5:46:04 AM - System Checkpoint

RP2444: 3/1/2013 6:43:10 AM - System Checkpoint

RP2445: 3/2/2013 7:44:00 AM - System Checkpoint

RP2446: 3/3/2013 7:44:28 AM - System Checkpoint

RP2447: 3/4/2013 9:26:21 AM - System Checkpoint

RP2448: 3/5/2013 9:40:23 AM - System Checkpoint

RP2449: 3/6/2013 9:48:21 AM - System Checkpoint

RP2450: 3/7/2013 10:35:19 AM - System Checkpoint

RP2451: 3/8/2013 11:29:45 AM - System Checkpoint

RP2452: 3/9/2013 12:24:43 PM - System Checkpoint

RP2453: 3/10/2013 1:27:41 PM - System Checkpoint

RP2454: 3/11/2013 1:55:09 PM - System Checkpoint

RP2455: 3/12/2013 2:51:08 PM - System Checkpoint

RP2456: 3/13/2013 3:18:12 PM - System Checkpoint

RP2457: 3/14/2013 3:00:19 AM - Software Distribution Service 3.0

RP2458: 3/15/2013 3:29:22 AM - System Checkpoint

RP2459: 3/16/2013 3:36:16 AM - System Checkpoint

RP2460: 3/17/2013 4:12:44 AM - System Checkpoint

RP2461: 3/18/2013 5:06:24 AM - System Checkpoint

RP2462: 3/19/2013 6:05:58 AM - System Checkpoint

RP2463: 3/20/2013 6:08:21 AM - System Checkpoint

RP2464: 3/21/2013 7:06:32 AM - System Checkpoint

RP2465: 3/22/2013 3:00:21 AM - Software Distribution Service 3.0

RP2466: 3/23/2013 3:24:22 AM - System Checkpoint

RP2467: 3/24/2013 3:26:17 AM - System Checkpoint

RP2468: 3/25/2013 3:36:58 AM - System Checkpoint

RP2469: 3/26/2013 4:36:52 AM - System Checkpoint

RP2470: 3/27/2013 5:11:37 AM - System Checkpoint

RP2471: 3/28/2013 6:06:49 AM - System Checkpoint

RP2472: 3/29/2013 7:06:47 AM - System Checkpoint

RP2473: 3/30/2013 7:12:53 AM - System Checkpoint

RP2474: 3/31/2013 8:03:33 AM - System Checkpoint

RP2475: 4/1/2013 8:39:43 AM - System Checkpoint

RP2476: 4/2/2013 9:04:41 AM - System Checkpoint

RP2477: 4/3/2013 9:07:40 AM - System Checkpoint

RP2478: 4/3/2013 9:41:23 PM - Installed %1 %2.

RP2479: 4/4/2013 10:03:32 PM - System Checkpoint

RP2480: 4/5/2013 8:10:11 AM - Removed Java™ 7 Update 4

RP2481: 4/5/2013 8:10:54 AM - Installed Java 7 Update 15

RP2482: 4/6/2013 9:24:44 AM - System Checkpoint

RP2483: 4/7/2013 10:03:35 AM - System Checkpoint

RP2484: 4/8/2013 11:03:33 AM - System Checkpoint

RP2485: 4/9/2013 12:03:34 PM - System Checkpoint

RP2486: 4/10/2013 1:02:26 PM - System Checkpoint

RP2487: 4/11/2013 3:00:20 AM - Software Distribution Service 3.0

RP2488: 4/12/2013 3:26:31 AM - System Checkpoint

RP2489: 4/13/2013 3:30:48 AM - System Checkpoint

RP2490: 4/14/2013 4:25:08 AM - System Checkpoint

RP2491: 4/15/2013 5:25:09 AM - System Checkpoint

RP2492: 4/16/2013 6:25:11 AM - System Checkpoint

RP2493: 4/17/2013 6:40:02 AM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.02)

Advanced Monitoring Agent

AIM 6

Allok Video Converter 4.4.0609

AnswerWorks 5.0 English Runtime

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Software Suite

Ask Toolbar

Ask Toolbar Updater

Asteroids

ATI - Software Uninstall Utility

ATI Display Driver

ATI Parental Control

Audacity 1.2.6

Bonjour

BufferChm

Build In Time

BUM

Cabela's Deer Hunt 2005 Season

CameraDrivers

Charter Browser Updater

Compaq Wallpaper

Conexant D850 56K V.9x DFVc Modem

CopySafe Plugin

Corel Photo Album 6

Coupon Printer for Windows

CouponBar

CreativeProjects

CreativeProjectsTemplates

Critical Update for Windows Media Player 11 (KB959772)

Cucusoft DVD to iPod/PSP + iPod/PSP Video Converter Suite 2.8.3

Cucusoft DVD to PSP Converter 7.15

Cucusoft DVD to Zune + Zune Video Converter Suite 7.19.7.12

CueTour

Dell Driver Reset Tool

Dell Game Console

Dell System Restore

DellSupport

Digital Line Detect

Director

DirectX Media Runtime 5.1

Download Updater (AOL LLC)

EarthLink setup files

ELIcon

EPSON CardMonitor

EPSON Copy Utility

EPSON Photo Print

EPSON Printer Software

EPSON RX500 Reference Guide

EPSON Scan

EPSON Smart Panel

FinePixViewer Resource

FinePixViewer Ver.5.1

FUJIFILM USB Driver

Garmin Communicator Plugin

Garmin USB Drivers

GemMaster Mystic

Google Chrome

Google Earth

Google Pack Screensaver

Google Toolbar for Internet Explorer

Google Update Helper

Guitar Pro 5.2

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format 11 SDK (KB973442)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Diagnostic Assistant

HP Image Zone 4.0

HP Officejet 6500 E710n-z Basic Device Software

HP Officejet 6500 E710n-z Help

HP Officejet 6500 E710n-z Product Improvement Study

HP Photosmart Cameras 4.0

HP Software Update

HP Update

HPSystemDiagnostics

I.R.I.S. OCR

iLivid

ImageMixer VCD2 LE for FinePix

InstantShare

InstantShareAlert

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

InterVideo Installer

IrfanView (remove only)

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java 7 Update 15

Java Auto Updater

JavaFX 2.1.0

Junk Mail filter update

Know the Bible Toolbar Chrome Extension

KODAK EASYSHARE Gallery Easy Upload, v2.1

Learn2 Player (Uninstall Only)

Logitech Desktop Messenger

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.75.0.1300

Managed Antivirus

MCU

Microsoft .NET Framework 1.0 Hotfix (KB2572066)

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.0 Security Update (KB2698035)

Microsoft .NET Framework 1.0 Security Update (KB2742607)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Age of Empires Gold

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft VC9 runtime libraries

Microsoft Visual Basic 2005 Express Edition - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WinUsb 1.0

Microsoft Works 6.0

MobileMe Control Panel

MONOPOLY HERE AND NOW EDITION

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

msxml4

Musicnotes Player V1.23.1

My Wal-Mart Digital Photo Center

neroxml

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

OpenOffice.org 3.2

Otto

Overland

Palm

PCmover

PhotoGallery

Picasa 3

PSP Video Express(remove only)

Punch! Super Home Suite

QFolder

Quicken 2009

QuickProjects

QuickTime

RapidGX Media Free Trial

RAW FILE CONVERTER LE

Remote Control USB Driver

Roll

Safari

Searchqu Toolbar

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 Series (KB969878)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Shutterfly Express Uploader

Sibelius Scorch (ActiveX Only)

Sierra On-Line Games (Remove only)

SkinsHP1

Skype™ 5.10

Sonic Activation Module

Sonic Encoders

Sonic Update Manager

SonicStage 4.3

Sony Noise Reduction Plug-In 2.0h

Sony Picture Utility

Sony Sound Forge 9.0

Sony USB Driver

Sony Vegas Movie Studio 8.0

Spelling Dictionaries Support For Adobe Reader 9

SplashPhoto

TD AMERITRADE StrategyDesk 3.4

TeamViewer 5

The Next Tetris

Torch

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

VLC media player 2.0.5

VoiceOver Kit

WebFldrs XP

WebReg

West Point Bridge Designer 2007

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Media Player 11

Windows Mobile Device Updater Component

Windows PowerShell™ 1.0

Windows Presentation Foundation

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

Wondershare DVD to Zune Ripper(Build 1.1.1.0) Trial Version

WordPerfect Office 12

XML Paper Specification Shared Components Pack 1.0

Yahoo! Install Manager

Yahoo! Software Update

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

4/15/2013 12:38:51 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/14/2013 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402

4/14/2013 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402

4/14/2013 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402

4/14/2013 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402

4/14/2013 12:32:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

4/14/2013 12:25:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

4/14/2013 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

4/14/2013 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402

4/14/2013 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402

4/14/2013 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

4/13/2013 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

4/13/2013 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402

4/13/2013 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402

4/13/2013 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402

4/12/2013 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402

4/12/2013 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402

4/12/2013 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

4/12/2013 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402

4/12/2013 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402

4/12/2013 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402

4/12/2013 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402

4/12/2013 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402

4/12/2013 4:59:59 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402

4/12/2013 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402

4/12/2013 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

4/12/2013 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402

4/12/2013 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402

4/12/2013 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402

4/12/2013 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

4/12/2013 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

4/11/2013 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402

4/11/2013 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402

4/11/2013 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

4/11/2013 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

4/11/2013 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

4/11/2013 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402

4/11/2013 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402

4/11/2013 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402

4/11/2013 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402

4/11/2013 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

.

==== End Of File ===========================

Thanks so much in advance for you help! My computer is really struggling.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
treeman990

treeman990

Posted
  • Author
Posted

<p> </p>

<div><span style="color:#ff0000;">Heres the report from RogueKiller, Sorry I took so long to get that done. I was backing up all of my files to a cloud. </span></div>

<div> </div>

<div> </div>

<div>RogueKiller V8.5.4 [Mar 18 2013] by Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website : http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</div>

<div>Started in : Normal mode</div>

<div>User : Kevin  Ewert [Admin rights]</div>

<div>Mode : Scan -- Date : 04/19/2013 10:30:06</div>

<div>| ARK || FAK || MBR |</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 3 ¤¤¤</div>

<div>[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5874 (C:\Documents and Settings\Kevin  Ewert\Local Settings\Temp\5874.sys) -> FOUND</div>

<div>[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5874 (C:\Documents and Settings\Kevin  Ewert\Local Settings\Temp\5874.sys) -> FOUND</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [LOADED] ¤¤¤</div>

<div>IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([iNLINE] atapi.sys @ 0xB9F11852)</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\WINDOWS\system32\drivers\etc\hosts</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div>::1             localhost</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: SAMSUNG SP2504C +++++</div>

<div>--- User ---</div>

<div>[MBR] d36a22f10f94f8571152763db55737dc</div>

<div>[bSP] 3efdd157322bc54deb4f0f8435ac64f6 : MBR Code unknown</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo</div>

<div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 233585 Mo</div>

<div>2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 478528155 | Size: 4753 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[1]_S_04192013_02d1030.txt >></div>

<div>RKreport[1]_S_04192013_02d1030.txt</div>

<div> </div>

<div> </div>

<div> </div>

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

When you post the logs............Click this:

Bottom right corner of this page.

more-reply-options.jpg

and then post on the new window that comes up.

---------------------------------

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\5874 (C:\Documents and Settings\Kevin Ewert\Local Settings\Temp\5874.sys) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\5874 (C:\Documents and Settings\Kevin Ewert\Local Settings\Temp\5874.sys) -> FOUND

Now click Delete on the right hand column under Options

----------------------------------

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK.....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.