Infected Computer - Please Help - Thanks In Advance!

[Niksanyl]

Malwarebytes has removed some files, but I think we might have a root kit.

DDS and Attach Log Files. Thank you so much for the help.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Administrator at 15:45:55 on 2013-05-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.600 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\WINDOWS\system32\savedump.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bsecure\InetCtrl.exe

C:\Program Files\Bsecure\BSecAMX.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Virtual Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=25F30050B60983D9&cat=delta&dlb=0&affID=119351

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmdt

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmdt

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Yontoo Desktop] "c:\documents and settings\administrator\application data\yontoo\YontooDesktop.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [Edison] "c:\program files\verdiem\powermanager\PowerManager.exe" /autolaunched

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CloudCare] c:\program files\bsecure\BsecTray.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2008\QBW32.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1369235824109

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{0BA9B4B7-4C0D-4FA0-8200-764A7B086F40} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{34D62B32-5480-40B1-9E65-728BB57D6B49} : DHCPNameServer = 192.168.1.254

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\rjqgfblv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.my-online-search.com/?babsrc=HP_ofln&mntrId=25F30050B60983D9&cat=delta&dlb=0&affID=119351

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R2 Bsecure;CloudCare;c:\program files\bsecure\InetCtrl.exe [2011-3-4 66344]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

S1 elwppjjs;elwppjjs;\??\c:\windows\system32\drivers\elwppjjs.sys --> c:\windows\system32\drivers\elwppjjs.sys [?]

S1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-7-11 191872]

S1 MpKslca4fe2db;MpKslca4fe2db;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36530496-8b0c-434e-b716-fd0343bddf0f}\MpKslca4fe2db.sys [2013-5-24 29904]

S2 0138241239287912mcinstcleanup;McAfee Application Installer Cleanup (0138241239287912);c:\docume~1\admini~1\locals~1\temp\013824~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\013824~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S2 BsecureAV;CloudCare AntiVirus;c:\program files\bsecure\BsecAV.exe [2011-3-4 161776]

S2 edsvc;HP Power Manager Service;c:\program files\verdiem\powermanager\edsvc.exe [2008-8-1 75008]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-12-6 576024]

S2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]

S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-5-22 23552]

S3 BSecACFltr;BSecACFltr;c:\windows\system32\drivers\BSecACFltr.sys [2011-3-4 21624]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-6 243856]

S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11220.sys [2013-5-24 106656]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-3 35144]

.

=============== Created Last 30 ================

.

2013-05-24 18:38:29 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36530496-8b0c-434e-b716-fd0343bddf0f}\MpKslca4fe2db.sys

2013-05-23 21:22:18 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36530496-8b0c-434e-b716-fd0343bddf0f}\MpKslc27b3f84.sys

2013-05-22 19:47:55 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla

2013-05-22 19:45:11 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-05-22 19:45:10 -------- d-----w- c:\program files\common files\Symantec Shared

2013-05-22 19:41:41 -------- d-----w- c:\windows\system32\drivers\nss\0400000.030

2013-05-22 19:41:41 -------- d-----w- c:\windows\system32\drivers\NSS

2013-05-22 19:41:41 -------- d-----w- c:\program files\Norton Security Scan

2013-05-22 19:41:40 -------- d-----w- c:\documents and settings\all users\application data\Norton

2013-05-22 19:41:36 -------- d-----w- c:\program files\NortonInstaller

2013-05-22 19:41:36 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2013-05-22 19:40:36 -------- d-----w- c:\program files\Yontoo

2013-05-22 19:40:36 -------- d-----w- c:\documents and settings\administrator\application data\Yontoo

2013-05-22 19:40:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Babylon

2013-05-22 19:40:00 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

2013-05-22 19:39:57 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2013-05-22 19:39:57 -------- d-----w- c:\documents and settings\administrator\application data\Babylon

2013-05-22 15:55:57 -------- d-----w- c:\windows\system32\LogFiles

2013-05-21 12:44:23 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36530496-8b0c-434e-b716-fd0343bddf0f}\mpengine.dll

2013-05-20 12:42:16 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-10 07:57:26 187456 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2013-05-05 22:06:39 -------- d-----w- C:\swsetup

2013-05-05 21:52:21 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-05-05 21:49:21 -------- d-----w- c:\program files\Microsoft Security Client

2013-05-05 21:18:41 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2013-05-05 21:18:37 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-05 21:18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-05 21:18:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-05-05 21:17:39 14208 ----a-r- c:\windows\system32\drivers\USB200M.sys

2013-05-05 21:06:00 21504 ----a-w- c:\windows\system32\hidserv.dll

2013-05-05 21:05:58 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2013-05-03 20:24:58 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-05-03 20:10:59 -------- d-----w- c:\documents and settings\all users\application data\25FA83224F91113C000025FA5D2F1862

2013-05-03 18:04:29 -------- d-----w- c:\program files\common files\Windows Microsoft Shared

.

==================== Find3M ====================

.

2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec

2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

============= FINISH: 15:47:00.95 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/7/2009 6:57:07 AM

System Uptime: 5/24/2013 3:43:54 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2A84h

Processor: Intel Pentium III Xeon processor | CPU 1 | 2665/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 190.693 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 7.635 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® 82567V-2 Gigabit Network Connection

Device ID: PCI\VEN_8086&DEV_10CE&SUBSYS_2A84103C&REV_00\3&11583659&0&C8

Manufacturer: Intel

Name: Intel® 82567V-2 Gigabit Network Connection

PNP Device ID: PCI\VEN_8086&DEV_10CE&SUBSYS_2A84103C&REV_00\3&11583659&0&C8

Service: e1yexpress

.

==== System Restore Points ===================

.

RP1080: 2/25/2013 7:50:53 AM - System Checkpoint

RP1081: 2/25/2013 3:26:46 PM - Software Distribution Service 3.0

RP1082: 2/26/2013 3:28:18 PM - Software Distribution Service 3.0

RP1083: 2/27/2013 3:24:55 PM - Software Distribution Service 3.0

RP1084: 2/28/2013 3:41:38 PM - Software Distribution Service 3.0

RP1085: 3/1/2013 2:58:47 PM - Software Distribution Service 3.0

RP1086: 3/4/2013 7:54:47 AM - System Checkpoint

RP1087: 3/4/2013 3:34:14 PM - Software Distribution Service 3.0

RP1088: 3/5/2013 3:31:31 PM - Software Distribution Service 3.0

RP1089: 3/6/2013 3:32:02 PM - Software Distribution Service 3.0

RP1090: 3/7/2013 3:26:07 PM - Software Distribution Service 3.0

RP1091: 3/8/2013 2:56:57 PM - Software Distribution Service 3.0

RP1092: 3/11/2013 7:53:19 AM - System Checkpoint

RP1093: 3/11/2013 3:28:12 PM - Software Distribution Service 3.0

RP1094: 3/12/2013 3:30:53 PM - Software Distribution Service 3.0

RP1095: 3/13/2013 3:27:18 PM - Software Distribution Service 3.0

RP1096: 3/15/2013 7:50:14 AM - System Checkpoint

RP1097: 3/18/2013 7:33:50 AM - Software Distribution Service 3.0

RP1098: 3/18/2013 3:36:20 PM - Software Distribution Service 3.0

RP1099: 3/19/2013 3:18:00 PM - Software Distribution Service 3.0

RP1100: 3/20/2013 3:33:49 PM - Software Distribution Service 3.0

RP1101: 3/21/2013 3:30:28 PM - Software Distribution Service 3.0

RP1102: 3/22/2013 2:59:58 PM - Software Distribution Service 3.0

RP1103: 3/25/2013 7:49:08 AM - System Checkpoint

RP1104: 3/25/2013 3:32:50 PM - Software Distribution Service 3.0

RP1105: 3/26/2013 3:29:14 PM - Software Distribution Service 3.0

RP1106: 3/27/2013 3:29:03 PM - Software Distribution Service 3.0

RP1107: 3/28/2013 2:59:11 PM - Software Distribution Service 3.0

RP1108: 4/2/2013 7:42:57 AM - System Checkpoint

RP1109: 4/2/2013 3:23:33 PM - Software Distribution Service 3.0

RP1110: 4/3/2013 3:18:50 PM - Software Distribution Service 3.0

RP1111: 4/4/2013 3:25:19 PM - Software Distribution Service 3.0

RP1112: 4/5/2013 8:04:26 AM - Installed Windows Internet Explorer 8.

RP1113: 4/5/2013 8:05:32 AM - Software Distribution Service 3.0

RP1114: 4/5/2013 3:07:31 PM - Software Distribution Service 3.0

RP1115: 4/8/2013 7:45:37 AM - System Checkpoint

RP1116: 4/8/2013 3:14:45 PM - Software Distribution Service 3.0

RP1117: 4/9/2013 3:26:22 PM - Software Distribution Service 3.0

RP1118: 4/10/2013 3:25:54 PM - Software Distribution Service 3.0

RP1119: 4/12/2013 7:37:33 AM - Software Distribution Service 3.0

RP1120: 4/12/2013 3:12:10 PM - Software Distribution Service 3.0

RP1121: 4/15/2013 7:50:43 AM - System Checkpoint

RP1122: 4/15/2013 3:20:10 PM - Software Distribution Service 3.0

RP1123: 4/16/2013 3:26:31 PM - Software Distribution Service 3.0

RP1124: 4/17/2013 3:28:18 PM - Software Distribution Service 3.0

RP1125: 4/18/2013 3:28:07 PM - Software Distribution Service 3.0

RP1126: 4/19/2013 3:14:57 PM - Software Distribution Service 3.0

RP1127: 4/22/2013 7:59:41 AM - System Checkpoint

RP1128: 4/22/2013 3:32:30 PM - Software Distribution Service 3.0

RP1129: 4/23/2013 3:26:14 PM - Software Distribution Service 3.0

RP1130: 4/24/2013 3:44:53 PM - Software Distribution Service 3.0

RP1131: 4/25/2013 11:09:11 AM - Software Distribution Service 3.0

RP1132: 4/25/2013 3:29:38 PM - Software Distribution Service 3.0

RP1133: 4/26/2013 2:51:18 PM - Software Distribution Service 3.0

RP1134: 4/29/2013 7:44:53 AM - System Checkpoint

RP1135: 4/29/2013 3:28:54 PM - Software Distribution Service 3.0

RP1136: 4/30/2013 3:31:32 PM - System Checkpoint

RP1137: 4/30/2013 3:36:32 PM - Software Distribution Service 3.0

RP1138: 5/1/2013 3:29:54 PM - Software Distribution Service 3.0

RP1139: 5/2/2013 3:28:33 PM - Software Distribution Service 3.0

RP1140: 5/3/2013 2:34:23 PM - Software Distribution Service 3.0

RP1141: 5/3/2013 3:05:51 PM - Software Distribution Service 3.0

RP1142: 5/3/2013 3:34:33 PM - Software Distribution Service 3.0

RP1143: 5/5/2013 4:52:20 PM - Software Distribution Service 3.0

RP1144: 5/5/2013 5:08:02 PM - Removed Intel® Network Connections.

RP1145: 5/5/2013 5:08:55 PM - Installed VC90_CRT_x86.

RP1146: 5/5/2013 5:09:03 PM - Installed Intel® Network Connections.

RP1147: 5/5/2013 5:13:07 PM - Software Distribution Service 3.0

RP1148: 5/6/2013 8:20:00 AM - Software Distribution Service 3.0

RP1149: 5/6/2013 3:41:07 PM - Software Distribution Service 3.0

RP1150: 5/7/2013 7:42:19 AM - Software Distribution Service 3.0

RP1151: 5/7/2013 3:26:03 PM - Software Distribution Service 3.0

RP1152: 5/8/2013 2:59:40 PM - Software Distribution Service 3.0

RP1153: 5/9/2013 7:48:16 AM - Software Distribution Service 3.0

RP1154: 5/9/2013 3:25:21 PM - Software Distribution Service 3.0

RP1155: 5/10/2013 2:56:17 PM - Software Distribution Service 3.0

RP1156: 5/13/2013 7:44:00 AM - Software Distribution Service 3.0

RP1157: 5/13/2013 3:38:02 PM - Software Distribution Service 3.0

RP1158: 5/14/2013 10:00:50 AM - Software Distribution Service 3.0

RP1159: 5/14/2013 3:26:34 PM - Software Distribution Service 3.0

RP1160: 5/15/2013 3:26:31 PM - Software Distribution Service 3.0

RP1161: 5/16/2013 7:44:12 AM - Software Distribution Service 3.0

RP1162: 5/17/2013 7:41:54 AM - Software Distribution Service 3.0

RP1163: 5/17/2013 7:51:25 AM - Software Distribution Service 3.0

RP1164: 5/20/2013 7:32:34 AM - Software Distribution Service 3.0

RP1165: 5/20/2013 7:42:14 AM - Software Distribution Service 3.0

RP1166: 5/20/2013 3:34:53 PM - Software Distribution Service 3.0

RP1167: 5/21/2013 7:44:22 AM - Software Distribution Service 3.0

RP1168: 5/22/2013 7:59:01 AM - System Checkpoint

RP1169: 5/23/2013 8:04:11 AM - System Checkpoint

RP1170: 5/24/2013 12:18:50 PM - System Checkpoint

RP1171: 5/24/2013 1:37:58 PM - Unsigned driver install

.

==== Installed Programs ======================

.

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.7)

Altiris Software Virtualization Agent

AX88772

Brother HL-5040

Business Contact Manager for Outlook 2007 SP2

CloudCare

Coupon Printer for Windows

dj_sf_software_req

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952117-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Backup and Recovery Manager

HP Deskjet Printer Driver Software 9.0

HP Help and Support

HP Power Manager

Intel® Graphics Media Accelerator Driver

Intel® Network Connections 15.2.89.2

InterVideo Register Manager

InterVideo WinDVD

Java 6 Update 7

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft WinUsb 1.0

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB954459)

Norton Security Scan

PDF Complete

Pulse Ambassador

QuickBooks

QuickBooks Pro 2011

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB2722913)

Security Update for Windows Internet Explorer 7 (KB2744842)

Security Update for Windows Internet Explorer 7 (KB2761465)

Security Update for Windows Internet Explorer 7 (KB2792100)

Security Update for Windows Internet Explorer 7 (KB2797052)

Security Update for Windows Internet Explorer 7 (KB2799329)

Security Update for Windows Internet Explorer 7 (KB2809289)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SupportSoft Assisted Service

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC_CRT_x86

WebFldrs XP

Windows Easy Transfer

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

Yontoo 2.053

.

==== Event Viewer Messages From Past Week ========

.

5/24/2013 12:50:49 PM, error: System Error [1003] - Error code 1000000a, parameter1 0000f787, parameter2 00000002, parameter3 00000001, parameter4 806e7a8e.

5/24/2013 12:14:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/24/2013 12:04:48 PM, error: System Error [1003] - Error code 00000044, parameter1 850ed430, parameter2 00000d64, parameter3 00000000, parameter4 00000000.

5/24/2013 1:38:52 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/24/2013 1:37:51 PM, error: System Error [1003] - Error code 00000044, parameter1 856a26f8, parameter2 00000d64, parameter3 00000000, parameter4 00000000.

5/24/2013 1:00:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/23/2013 8:53:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/23/2013 7:43:18 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/23/2013 5:11:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/23/2013 4:31:02 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/22/2013 9:12:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/22/2013 9:01:30 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/22/2013 8:52:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi

5/22/2013 8:51:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

5/22/2013 8:43:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter

5/22/2013 8:42:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/22/2013 8:41:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/22/2013 8:33:07 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/22/2013 7:46:21 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/22/2013 7:36:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.

5/22/2013 2:57:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/22/2013 2:46:58 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0050B60983D9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/22/2013 10:24:43 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.563.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.

5/21/2013 7:35:00 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/21/2013 7:35:00 AM, error: Service Control Manager [7002] - The BrPar service depends on the Parallel arbitrator group and no member of this group started.

5/21/2013 7:35:00 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

5/20/2013 3:37:04 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).

5/20/2013 3:36:47 PM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).

5/20/2013 2:54:36 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address CC:5D:4E:31:83:F4. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

[Maniac]

Hello Niksanyl! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Why you thought that there is a rootkit?

[Niksanyl]

Hello Maniac. This computer belongs to my sons school, and they are not a paying customer.

I was thinking rootkit only because we removed a virus a couple of weeks ago, then got it again this week. I'm only guessing. So that may not be the case. I'm not exactly an expert in virus removal.

[Maniac]

Step 1

Please uninstall the following applications:

Coupon Printer for Windows

Yontoo 2.053

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 4

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• Junkware Removal Tool log
  
• AdwCleaner log
  
• RogueKiller log

[Niksanyl]

All logs attached. Thank you so much.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.28.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Administrator :: ADMIN [administrator]

5/28/2013 11:39:16 AM

mbam-log-2013-05-28 (11-39-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215681

Time elapsed: 27 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Microsoft Windows XP x86

Ran by Administrator on Tue 05/28/2013 at 12:11:44.82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3427358397-1220081132-790238294-500\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/28/2013 at 12:15:28.31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 12:28:07

# Updated 16/05/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - ADMIN

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\37g54g9h.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rjqgfblv.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1500 octets] - [28/05/2013 12:28:07]

########## EOF - C:\AdwCleaner[R1].txt - [1560 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 05/28/2013 12:32:09

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND

[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-3427358397-1220081132-790238294-500\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND

[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND

[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-3427358397-1220081132-790238294-500\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-60B4A0 +++++

--- User ---

[MBR] 902aba67093b5c55fe18f8be9ac1203b

[bSP] 5552c0dc4191488df4a64307c8144b31 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226165 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463202145 | Size: 12291 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05282013_02d1232.txt >>

RKreport[1]_S_05282013_02d1232.txt

[Maniac]

I'm afraid I have bad news.

One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

I suggest you disconnect this computer from the Internet immediately you finish reading this post.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted.

Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Visit the following sites for more information on Internet theft and when to reformat!

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

[Niksanyl]

Thanks! I was afraid of that. Best course of action will be to reformat and re-install. . . is it safe to put in a new usb drive and backup a few items? Their quickbooks file for example?

[Niksanyl]

Also, this is an HP computer with a recovery drive. . . is it safe to re-install using the hp recovery process? Or will i have to wipe all drives clean?

[Maniac]

is it safe to put in a new usb drive and backup a few items? Their quickbooks file for example?

Yes, it is okay.

is it safe to re-install using the hp recovery process? Or will i have to wipe all drives clean?

Unfortunately, it is not enough, you have to wipe all of your drives.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!