Think I'm infected by MBPro scan finds no threats

[Swegnson]

I have a desktop running Windows XP. The last time performance degraded so completely I ended up taking the machine to Staples. They found and removed a virus and charged me big time. Immediately following I installed MBPro. I'm now running version 1.75.0.1300, db version 2013-07-24-06. Unfortunately it is finding no threats. Eventually I was able to reboot in safe mode where the system is reasonably responsive. Attached are the DDS and Attach results. Any and all help will be greatly appreciated.

 

 

attach.txt

dds.txt

[CatByte]

Hello and welcome to Malwarebytes

 

There are signs of infection in the logs.

 

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

[Swegnson]

The problem system is so excruciatingly slow that I can really only run it in Safe Mode.  I ran FRST in Safe Mode and here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013

 

Ran by Administrator (administrator) on 24-07-2013 19:43:01

 

Running from C:\Documents and Settings\Administrator\My Documents

 

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

 

Internet Explorer Version 8

 

Boot Mode: Safe Mode (with Networking)

 

 

 

==================== Processes (Whitelisted) ===================

 

 

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

 

 

 

==================== Registry (Whitelisted) ==================

 

 

 

HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)

 

HKLM\...\runonceex: [] - [x]

 

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated)

 

HKU\Guest\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2013-02-22] (Google Inc.)

 

HKU\Guest\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime [ 2012-10-25] (Apple Inc.)

 

HKU\Jenny\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation)

 

HKU\Jenny\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2013-02-22] (Google Inc.)

 

HKU\Jenny\...\Run: [Aim] - "C:\Program Files\AIM\aim.exe" /d locale=en-US [ 2011-01-05] (AOL Inc.)

 

HKU\Jenny\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2010-04-02] ()

 

 

 

==================== Internet (Whitelisted) ====================

 

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

 

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S02133^us&si=COLm0_T0rrICFUhN4AodAVkALQ&ptb=887B2874-5C58-4F3B-9B11-6C4DD6BC031F&psa=&ind=2012091121&st=sb&n=77ee12f1&searchfor={searchTerms}

 

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

 

SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =

 

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

 

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

 

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

 

BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

 

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

 

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

 

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

 

BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

 

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

 

BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)

 

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

 

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

 

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

 

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB

 

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab

 

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

 

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab

 

DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab

 

DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

 

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

 

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

 

DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab

 

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB

 

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

 

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

 

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

 

DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab

 

Handler: ipp - No CLSID Value -

 

Handler: msdaipp - No CLSID Value -

 

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

 

 

========================== Services (Whitelisted) =================

 

 

 

S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)

 

S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

 

S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

 

S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)

 

S2 ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [181312 2003-02-04] ()

 

S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)

 

S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)

 

S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

 

S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

 

S4 WUSB54Gv42SVC; "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" [x]

 

 

 

==================== Drivers (Whitelisted) ====================

 

 

 

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2007-12-27] (Meetinghouse Data Communications)

 

S1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

 

S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)

 

S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()

 

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-06-18] (Symantec Corporation)

 

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-07-18] (Symantec Corporation)

 

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)

 

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)

 

S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)

 

R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)

 

S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [987904 2007-06-20] (Conexant Systems, Inc.)

 

S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130723.001\IDSxpx86.sys [373728 2012-10-19] (Symantec Corporation)

 

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

 

S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130723.024\NAVENG.SYS [93272 2013-07-18] (Symantec Corporation)

 

S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130723.024\NAVEX15.SYS [1611992 2013-07-18] (Symantec Corporation)

 

S1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)

 

S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)

 

R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)

 

R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)

 

S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-06-10] (Symantec Corporation)

 

S3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [44064 2013-03-04] (Symantec Corporation)

 

R3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [44064 2013-03-04] (Symantec Corporation)

 

S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)

 

S1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation)

 

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)

 

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)

 

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)

 

R3 WUSB54GPV4SRV; C:\Windows\System32\DRIVERS\rt2500usb.sys [245376 2005-10-17] (Ralink Technology Inc.)

 

S0 Lbd; system32\DRIVERS\Lbd.sys [x]

 

S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308030.006\SYMFW.SYS [x]

 

S3 SYMIDS; \SystemRoot\System32\Drivers\N360\0308030.006\SYMIDS.SYS [x]

 

S3 SYMNDIS; \SystemRoot\System32\Drivers\N360\0308030.006\SYMNDIS.SYS [x]

 

U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x]

 

U1 WS2IFSL;

 

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

 

2013-07-24 19:42 - 2013-07-24 19:42 - 00000000 ____D C:\FRST

 

2013-07-24 19:34 - 2013-07-24 19:36 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine

 

2013-07-24 19:33 - 2013-07-24 18:48 - 01220306 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe

 

2013-07-24 19:33 - 2013-07-24 18:26 - 00915968 _____ C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe

 

2013-07-24 18:08 - 2013-07-24 18:05 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\My Documents\TFC.exe

 

2013-07-24 16:47 - 2013-07-24 17:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

 

2013-07-24 16:45 - 2013-07-24 16:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\mbar

 

2013-07-24 16:44 - 2013-07-24 16:32 - 13399154 _____ C:\Documents and Settings\Administrator\My Documents\mbar-1.06.0.1004.zip

 

2013-07-24 14:34 - 2013-07-24 14:34 - 00022530 _____ C:\Documents and Settings\Administrator\My Documents\attach.txt

 

2013-07-24 14:34 - 2013-07-24 14:34 - 00011418 _____ C:\Documents and Settings\Administrator\My Documents\dds.txt

 

2013-07-24 14:33 - 2013-07-24 14:33 - 00022530 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt

 

2013-07-24 14:33 - 2013-07-24 14:33 - 00011418 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt

 

2013-07-24 14:32 - 2013-07-24 14:32 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\My Documents\dds.com

 

2013-07-24 08:40 - 2013-07-24 09:11 - 00046640 _____ (Symantec Corporation) C:\WINDOWS\system32\msln.exe

 

2013-07-24 08:28 - 2013-07-24 08:28 - 00006928 _____ C:\{3805D55E-7B97-4D4A-AE9D-DE9BBAB343FD}

 

2013-07-23 22:22 - 2013-07-24 08:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SMR322

 

2013-07-23 22:17 - 2013-07-24 08:40 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\NPE

 

2013-07-23 22:11 - 2013-07-23 22:11 - 02986440 _____ (Symantec Corporation) C:\Documents and Settings\Dad and Mom\Desktop\NPE.exe

 

2013-07-13 04:01 - 2013-07-13 04:05 - 00000000 ____D C:\WINDOWS\system32\MRT

 

2013-07-11 04:34 - 2013-07-11 04:34 - 00021806 _____ C:\WINDOWS\KB2834904.log

 

2013-07-11 04:34 - 2013-07-11 04:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$

 

2013-07-11 04:33 - 2013-07-11 04:33 - 00021841 _____ C:\WINDOWS\KB2834886.log

 

2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$

 

2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$

 

2013-07-11 04:32 - 2013-07-11 04:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00030794 _____ C:\WINDOWS\FaxSetup.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00014780 _____ C:\WINDOWS\ocgen.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00011795 _____ C:\WINDOWS\tsoc.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00010267 _____ C:\WINDOWS\comsetup.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00006222 _____ C:\WINDOWS\ntdtcsetup.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00004884 _____ C:\WINDOWS\iis6.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00001710 _____ C:\WINDOWS\ocmsn.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00001545 _____ C:\WINDOWS\msgsocm.log

 

2013-07-11 04:19 - 2013-07-11 04:34 - 00001374 _____ C:\WINDOWS\imsins.log

 

2013-07-11 04:19 - 2013-07-11 04:33 - 00001374 _____ C:\WINDOWS\imsins.BAK

 

2013-07-11 04:19 - 2013-07-11 04:19 - 00002763 _____ C:\WINDOWS\updspapi.log

 

2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setuperr.log

 

2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setupact.log

 

2013-07-11 04:16 - 2013-07-11 04:19 - 00024535 _____ C:\WINDOWS\KB2846071-IE8.log

 

2013-07-11 01:43 - 2013-07-11 04:33 - 00039963 _____ C:\WINDOWS\KB2850851.log

 

2013-07-11 01:43 - 2013-07-11 04:32 - 00039828 _____ C:\WINDOWS\KB2845187.log

 

2013-07-01 12:52 - 2013-07-01 12:52 - 00000000 ____D C:\Program Files\Dropbox

 

2013-06-25 21:12 - 2013-07-24 16:42 - 00012129 _____ C:\WINDOWS\setupapi.log

 

 

 

==================== One Month Modified Files and Folders =======

 

 

 

2013-07-24 19:42 - 2013-07-24 19:42 - 00000000 ____D C:\FRST

 

2013-07-24 19:36 - 2013-07-24 19:34 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine

 

2013-07-24 19:34 - 2012-04-25 21:32 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop

 

2013-07-24 19:31 - 2012-03-15 17:23 - 01222402 _____ C:\WINDOWS\WindowsUpdate.log

 

2013-07-24 19:31 - 2012-02-09 15:06 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job

 

2013-07-24 19:31 - 2004-08-10 15:08 - 00032514 _____ C:\WINDOWS\SchedLgU.Txt

 

2013-07-24 19:31 - 2004-08-10 15:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

 

2013-07-24 19:04 - 2012-08-18 08:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

 

2013-07-24 19:04 - 2007-12-31 16:56 - 00000272 _____ C:\WINDOWS\wiadebug.log

 

2013-07-24 19:00 - 2007-12-26 14:35 - 00000178 ___SH C:\Documents and Settings\Dad and Mom\ntuser.ini

 

2013-07-24 18:59 - 2011-08-06 18:27 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006UA.job

 

2013-07-24 18:51 - 2009-12-25 11:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

 

2013-07-24 18:48 - 2013-07-24 19:33 - 01220306 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe

 

2013-07-24 18:26 - 2013-07-24 19:33 - 00915968 _____ C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe

 

2013-07-24 18:22 - 2004-08-10 14:51 - 00000639 _____ C:\WINDOWS\win.ini

 

2013-07-24 18:22 - 2004-08-10 14:51 - 00000211 __RSH C:\boot.ini

 

2013-07-24 18:21 - 2004-08-10 14:51 - 00000227 _____ C:\WINDOWS\system.ini

 

2013-07-24 18:19 - 2007-12-31 16:56 - 00000049 _____ C:\WINDOWS\wiaservc.log

 

2013-07-24 18:17 - 2012-04-25 21:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

 

2013-07-24 18:05 - 2013-07-24 18:08 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\My Documents\TFC.exe

 

2013-07-24 17:49 - 2013-07-24 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

 

2013-07-24 16:45 - 2013-07-24 16:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\mbar

 

2013-07-24 16:42 - 2013-06-25 21:12 - 00012129 _____ C:\WINDOWS\setupapi.log

 

2013-07-24 16:32 - 2013-07-24 16:44 - 13399154 _____ C:\Documents and Settings\Administrator\My Documents\mbar-1.06.0.1004.zip

 

2013-07-24 16:24 - 2007-12-26 14:35 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Desktop

 

2013-07-24 14:34 - 2013-07-24 14:34 - 00022530 _____ C:\Documents and Settings\Administrator\My Documents\attach.txt

 

2013-07-24 14:34 - 2013-07-24 14:34 - 00011418 _____ C:\Documents and Settings\Administrator\My Documents\dds.txt

 

2013-07-24 14:33 - 2013-07-24 14:33 - 00022530 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt

 

2013-07-24 14:33 - 2013-07-24 14:33 - 00011418 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt

 

2013-07-24 14:32 - 2013-07-24 14:32 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\My Documents\dds.com

 

2013-07-24 14:06 - 2012-02-09 15:06 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job

 

2013-07-24 09:11 - 2013-07-24 08:40 - 00046640 _____ (Symantec Corporation) C:\WINDOWS\system32\msln.exe

 

2013-07-24 08:45 - 2013-07-23 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SMR322

 

2013-07-24 08:40 - 2013-07-23 22:17 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\NPE

 

2013-07-24 08:28 - 2013-07-24 08:28 - 00006928 _____ C:\{3805D55E-7B97-4D4A-AE9D-DE9BBAB343FD}

 

2013-07-24 02:53 - 2011-08-06 18:27 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006Core.job

 

2013-07-23 22:23 - 2007-12-27 16:51 - 00000000 ____D C:\Program Files\WCG BOINC

 

2013-07-23 22:23 - 2007-12-26 14:35 - 00000000 ____D C:\Documents and Settings\Dad and Mom

 

2013-07-23 22:18 - 2009-04-18 13:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton

 

2013-07-23 22:11 - 2013-07-23 22:11 - 02986440 _____ (Symantec Corporation) C:\Documents and Settings\Dad and Mom\Desktop\NPE.exe

 

2013-07-23 20:22 - 2009-03-30 19:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

 

2013-07-23 16:45 - 2009-12-25 11:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

 

2013-07-22 11:12 - 2012-08-27 14:54 - 00000000 ___RD C:\Documents and Settings\Dad and Mom\My Documents\Dropbox

 

2013-07-22 11:12 - 2012-08-27 14:48 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Application Data\Dropbox

 

2013-07-22 08:30 - 2008-06-15 12:42 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

 

2013-07-20 13:22 - 2007-12-31 17:10 - 01106186 _____ C:\WINDOWS\system32\TEST.log

 

2013-07-13 04:05 - 2013-07-13 04:01 - 00000000 ____D C:\WINDOWS\system32\MRT

 

2013-07-13 02:56 - 2011-08-06 18:28 - 00002368 _____ C:\Documents and Settings\Dad and Mom\Desktop\Google Chrome.lnk

 

2013-07-11 04:58 - 2004-08-10 14:57 - 00198552 _____ C:\WINDOWS\system32\FNTCACHE.DAT

 

2013-07-11 04:43 - 2004-08-10 15:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET

 

2013-07-11 04:37 - 2004-08-10 14:57 - 00603956 _____ C:\WINDOWS\system32\PerfStringBackup.INI

 

2013-07-11 04:34 - 2013-07-11 04:34 - 00021806 _____ C:\WINDOWS\KB2834904.log

 

2013-07-11 04:34 - 2013-07-11 04:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00030794 _____ C:\WINDOWS\FaxSetup.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00014780 _____ C:\WINDOWS\ocgen.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00011795 _____ C:\WINDOWS\tsoc.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00010267 _____ C:\WINDOWS\comsetup.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00006222 _____ C:\WINDOWS\ntdtcsetup.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00004884 _____ C:\WINDOWS\iis6.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00001710 _____ C:\WINDOWS\ocmsn.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00001545 _____ C:\WINDOWS\msgsocm.log

 

2013-07-11 04:34 - 2013-07-11 04:19 - 00001374 _____ C:\WINDOWS\imsins.log

 

2013-07-11 04:33 - 2013-07-11 04:33 - 00021841 _____ C:\WINDOWS\KB2834886.log

 

2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$

 

2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$

 

2013-07-11 04:33 - 2013-07-11 04:19 - 00001374 _____ C:\WINDOWS\imsins.BAK

 

2013-07-11 04:33 - 2013-07-11 01:43 - 00039963 _____ C:\WINDOWS\KB2850851.log

 

2013-07-11 04:32 - 2013-07-11 04:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$

 

2013-07-11 04:32 - 2013-07-11 01:43 - 00039828 _____ C:\WINDOWS\KB2845187.log

 

2013-07-11 04:20 - 2007-11-27 02:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

 

2013-07-11 04:19 - 2013-07-11 04:19 - 00002763 _____ C:\WINDOWS\updspapi.log

 

2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setuperr.log

 

2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setupact.log

 

2013-07-11 04:19 - 2013-07-11 04:16 - 00024535 _____ C:\WINDOWS\KB2846071-IE8.log

 

2013-07-11 04:19 - 2009-09-19 10:47 - 00000000 ____D C:\WINDOWS\ie8updates

 

2013-07-11 04:01 - 2007-12-27 10:46 - 00000000 ____D C:\WINDOWS\system32\XPSViewer

 

2013-07-01 12:52 - 2013-07-01 12:52 - 00000000 ____D C:\Program Files\Dropbox

 

2013-07-01 12:52 - 2012-08-27 14:54 - 00001080 _____ C:\Documents and Settings\Dad and Mom\Desktop\Dropbox.lnk

 

2013-06-28 23:06 - 2007-12-30 23:12 - 00000000 ____D C:\Program Files\Mozilla Firefox

 

2013-06-28 12:51 - 2008-04-14 21:53 - 00042496 _____ C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

2013-06-24 00:37 - 2007-12-27 01:11 - 75733144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

 

 

 

==================== Bamital & volsnap Check =================

 

 

 

C:\Windows\explorer.exe => MD5 is legit

 

C:\Windows\System32\winlogon.exe => MD5 is legit

 

C:\Windows\System32\svchost.exe => MD5 is legit

 

C:\Windows\System32\services.exe => MD5 is legit

 

C:\Windows\System32\User32.dll => MD5 is legit

 

C:\Windows\System32\userinit.exe => MD5 is legit

 

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

 

==================== End Of Log ============================

 

 

and

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2013

 

Ran by Administrator at 2013-07-24 19:43:41

 

Running from C:\Documents and Settings\Administrator\My Documents

 

Boot Mode: Safe Mode (with Networking)

 

==========================================================

 

 

 

 

 

==================== Installed Programs =======================

 

 

 

32 Bit HP CIO Components Installer (Version: 2.1.5)

 

7-zip v9.20 (Version: v9.20)

 

Acrobat.com (Version: 0.0.0)

 

Acrobat.com (Version: 1.1.377)

 

Adobe AIR (Version: 3.1.0.4880)

 

Adobe Digital Editions

 

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)

 

Adobe Flash Player 11 Plugin (Version: 11.7.700.224)

 

Adobe Photoshop Elements 7.0 (Version: 7.0)

 

Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)

 

Adobe Photoshop.com Inspiration Browser (Version: 2.61)

 

Adobe Reader XI (11.0.03) (Version: 11.0.03)

 

Adobe Shockwave Player 11.5 (Version: 11.5.8.612)

 

AIM 7

 

AIO_Scan (Version: 90.0.189.000)

 

Apple Application Support (Version: 2.3.3)

 

Apple Mobile Device Support (Version: 6.1.0.13)

 

Apple Software Update (Version: 2.1.3.127)

 

aspi (Version: 3.00.0008.0000)

 

Bonjour (Version: 3.0.0.10)

 

Books That Work 3DLAND2 version 2.0.1

 

Browser Address Error Redirector (Version: 1.00.0000)

 

BufferChm (Version: 90.0.146.000)

 

C7200 (Version: 90.0.189.000)

 

C7200_doccd (Version: 90.0.189.000)

 

c7200_Help (Version: 90.0.189.000)

 

Canon MG6200 series On-screen Manual

 

CCHelp (Version: 3.00.0010.0000)

 

CCleaner (Version: 4.01)

 

CCScore (Version: 3.00.0020.0001)

 

Coastal Explorer Express

 

Conexant D850 PCI V.92 Modem

 

Copy (Version: 90.0.146.000)

 

Critical Update for Windows Media Player 11 (KB959772)

 

CustomerResearchQFolder (Version: 1.00.0000)

 

DB2000V3 (Version: 7.00.0004)

 

DB2000V3 (Version: 9.05.007)

 

Dell DataSafe Online (Version: 1.0.15)

 

Dell Driver Reset Tool (Version: 1.02.0000)

 

Dell Support Center (Support Software) (Version: 2.2.09085)

 

Dell System Restore (Version: 2.00.0000)

 

Destination Component (Version: 090.000.091.086)

 

DeviceDiscovery (Version: 110.0.180.000)

 

DeviceManagementQFolder (Version: 1.00.0000)

 

Digital Line Detect (Version: 1.21)

 

DivX Web Player (Version: 1.4.2)

 

DocProc (Version: 9.0.0.0)

 

DocProcQFolder (Version: 1.00.0000)

 

Documentation & Support Launcher (Version: 1.00.0000)

 

Download Updater (AOL LLC)

 

ESSAdpt (Version: 3.00.0011.0000)

 

ESSANUP (Version: 3.00.0004.0000)

 

ESSCAM (Version: 3.00.0010.0000)

 

ESSCDBK (Version: 3.00.0012.0000)

 

ESScore (Version: 3.00.0019.0000)

 

ESSgui (Version: 3.00.0017.0000)

 

ESShelp (Version: 3.00.0011.0000)

 

ESSini (Version: 3.00.0017.0001)

 

ESSPCD (Version: 3.00.0020.0001)

 

ESSvpaht (Version: 3.00.0017.0000)

 

ESSvpot (Version: 3.00.0017.0002)

 

eSupportQFolder (Version: 1.00.0000)

 

Fax (Version: 120.0.194.000)

 

Games, Music, & Photos Launcher (Version: 1.00.0000)

 

Garmin Communicator Plugin (Version: 3.0.1)

 

Garmin USB Drivers (Version: 2.3.0.0)

 

Garmin WebUpdater (Version: 2.5.2)

 

Google Earth (Version: 7.0.3.8542)

 

Google Toolbar for Internet Explorer (Version: 1.0.0)

 

Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)

 

Google Update Helper (Version: 1.3.21.153)

 

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)

 

High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)

 

HP Customer Participation Program 9.0 (Version: 9.0)

 

HP Imaging Device Functions 9.0 (Version: 9.0)

 

HP OCR Software 9.0 (Version: 9.0)

 

HP Photosmart All-In-One Software 9.0 (Version: 9.0)

 

HP Photosmart Essential 2.01 (Version: 2.01)

 

HP Photosmart Essential2.01 (Version: 1.01.0000)

 

HP Product Assistant (Version: 100.000.001.000)

 

HP Product Detection (Version: 11.14.0001)

 

HP Smart Web Printing 4.60 (Version: 4.60)

 

HP Solution Center 9.0 (Version: 9.0)

 

HP Update (Version: 5.003.001.001)

 

HPDiagnosticAlert (Version: 1.00.0000)

 

HPProductAssistant (Version: 90.0.146.000)

 

HPSSupply (Version: 2.2.0.0000)

 

IBM MQSeries Client V5.2.1

 

Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000)

 

Intel® PRO Network Connections 12.1.12.0 (Version: )

 

Internet Service Offers Launcher (Version: 1.00.0000)

 

iTunes (Version: 11.0.2.26)

 

J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)

 

Java 7 Update 25 (Version: 7.0.250)

 

Java Auto Updater (Version: 2.1.9.5)

 

Java 6 Update 24 (Version: 6.0.240)

 

JavaFX 2.1.1 (Version: 2.1.1)

 

Kodak EasyShare software

 

KSU (Version: 612.7.0008.0000)

 

LeadTool (Version: 3.00.0001.0000)

 

LG United Mobile Drivers (Version: 3.3.0.0)

 

Linksys Wireless-G USB Network Adapter

 

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

 

MarketResearch (Version: 90.0.146.000)

 

Merriam-Webster's Reference Library

 

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

 

Microsoft .NET Framework 1.1 Security Update (KB2698023)

 

Microsoft .NET Framework 1.1 Security Update (KB2833941)

 

Microsoft .NET Framework 1.1 Security Update (KB979906)

 

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

 

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

 

Microsoft .NET Framework 3.5 SP1

 

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

 

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

 

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

 

Microsoft Automated Troubleshooting Services Shim

 

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

 

Microsoft Fix it Center (Version: 1.0.0100)

 

Microsoft Internationalized Domain Names Mitigation APIs

 

Microsoft National Language Support Downlevel APIs

 

Microsoft Office 2007 Service Pack 3 (SP3)

 

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

 

Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)

 

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

 

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

 

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

 

Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)

 

Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)

 

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)

 

Microsoft User-Mode Driver Framework Feature Pack 1.0

 

Microsoft VC9 runtime libraries (Version: 1.0.0)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

 

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

 

MobileMe Control Panel (Version: 2.6.0.29)

 

Modem Diagnostic Tool (Version: 1.0.17.2)

 

Mouse Suite for Desktop Computers (Version: 2.50.025)

 

Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)

 

Mozilla Maintenance Service (Version: 15.0.1)

 

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

 

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

 

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

 

MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)

 

Musicmatch for Windows Media Player (Version: 0.00.000)

 

Musicnotes Player V1.23.2 (Version: 1.23.2)

 

NetAssistant (Version: 3.8.3)

 

NetWaiting (Version: 2.5.44)

 

Norton 360 (Version: 20.4.0.40)

 

Notifier (Version: 3.00.0006.0000)

 

OneClickdigital Media Manager (Version: 61.0.0.0)

 

OTtBP (Version: 3.00.0007.0000)

 

OverDrive Media Console (Version: 3.2.20)

 

Pando Media Booster (Version: 2.3.3.6)

 

PanoStandAlone (Version: 90.0.146.000)

 

PCDADDIN (Version: 3.00.0001.0008)

 

PCDHELP (Version: 3.00.0001.0000)

 

PCDLNCH (Version: 3.00.0001.0002)

 

PCDrdsho (Version: 3.00.0001.0001)

 

PhotoshopdotcomInspirationBrowser (Version: 0.0.0)

 

PowerDVD (Version: 7.0)

 

PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)

 

PS_AIO_02_ProductContext (Version: 90.0.189.000)

 

PS_AIO_02_Software (Version: 90.0.189.000)

 

PS_AIO_02_Software_min (Version: 90.0.189.000)

 

PSSWCORE (Version: 2.01.0000)

 

QuickTime (Version: 7.73.80.64)

 

Realtek High Definition Audio Driver (Version: 5.10.0.5548)

 

Roxio Creator Audio (Version: 3.3.0)

 

Roxio Creator BDAV Plugin (Version: 3.3.0)

 

Roxio Creator Copy (Version: 3.3.0)

 

Roxio Creator Data (Version: 3.3.0)

 

Roxio Creator DE (Version: 3.3.0)

 

Roxio Creator Tools (Version: 3.3.0)

 

Roxio Drag-to-Disc (Version: 9.0)

 

Roxio Express Labeler (Version: 2.1.0)

 

Roxio MyDVD DE (Version: 9.0.116)

 

Roxio Update Manager (Version: 3.0.0)

 

Scan (Version: 9.0.0.0)

 

SearchAssist

 

SFR (Version: 3.01.0002.0001)

 

SFR2 (Version: 3.00.0004.0000)

 

SmartWebPrinting (Version: 140.0.186.000)

 

SolutionCenter (Version: 90.0.146.000)

 

Sonic Activation Module (Version: 1.0)

 

Status (Version: 110.0.180.000)

 

System Requirements Lab for Intel (Version: 4.4.22.0)

 

Toolbox (Version: 90.0.146.000)

 

TrayApp (Version: 110.0.180.000)

 

UnloadSupport (Version: 9.0.0)

 

Update for 2007 Microsoft Office System (KB967642)

 

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

 

Update for Microsoft Office 2007 Help for Common Features (KB957244)

 

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

 

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

 

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

 

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

 

Update for Microsoft Office Excel 2007 Help (KB957242)

 

Update for Microsoft Office PowerPoint 2007 Help (KB957247)

 

Update for Microsoft Office Word 2007 Help (KB957252)

 

Update for Windows Internet Explorer 8 (KB976749) (Version: 1)

 

Update for Windows XP (KB2141007) (Version: 1)

 

Update for Windows XP (KB2345886) (Version: 1)

 

Update for Windows XP (KB2616676) (Version: 1)

 

Update for Windows XP (KB2641690) (Version: 1)

 

Update for Windows XP (KB2661254-v2) (Version: 2)

 

Update for Windows XP (KB2718704) (Version: 1)

 

Update for Windows XP (KB2736233) (Version: 1)

 

Update for Windows XP (KB2749655) (Version: 1)

 

Update for Windows XP (KB951978) (Version: 1)

 

Update for Windows XP (KB955759) (Version: 1)

 

Update for Windows XP (KB967715) (Version: 1)

 

Update for Windows XP (KB973687) (Version: 1)

 

USB MassStorage CardReader

 

VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)

 

Verizon V CAST Media Manager

 

VideoToolkit01 (Version: 90.0.146.000)

 

Viewpoint Media Player

 

Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)

 

Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)

 

WebFldrs XP (Version: 9.50.7523)

 

WebReg (Version: 90.0.146.000)

 

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)

 

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

 

Windows Imaging Component (Version: 3.0.0.0)

 

Windows Internet Explorer 7 (Version: 20070813.185237)

 

Windows Internet Explorer 8 (Version: 20090308.140743)

 

Windows Media Format 11 runtime

 

Windows Media Player 10 (Version: 9.00.3636)

 

Windows Presentation Foundation (Version: 3.0.6920.0)

 

Windows XP Service Pack 3 (Version: 20080414.031525)

 

World Community Grid - BOINC Agent (Version: 5.10.30)

 

XML Paper Specification Shared Components Pack 1.0

 

Zeus

 

Zoo Tycoon 2 (Version: 1.0)

 

Zoo Tycoon Expanded

 

 

 

 

 

==================== Restore Points =========================

 

 

 

26-04-2013 20:42:49 System Checkpoint

 

30-04-2013 13:57:18 System Checkpoint

 

01-05-2013 14:19:50 System Checkpoint

 

02-05-2013 14:29:59 System Checkpoint

 

03-05-2013 15:05:58 System Checkpoint

 

11-05-2013 03:30:00 System Checkpoint

 

13-05-2013 01:53:20 System Checkpoint

 

14-05-2013 17:00:48 System Checkpoint

 

15-05-2013 08:00:22 Software Distribution Service 3.0

 

16-05-2013 08:42:24 System Checkpoint

 

17-05-2013 09:42:24 System Checkpoint

 

17-05-2013 15:39:13 Norton 360 Registry Clean

 

21-05-2013 22:08:46 System Checkpoint

 

22-05-2013 22:59:20 System Checkpoint

 

25-05-2013 10:37:25 System Checkpoint

 

29-05-2013 00:54:48 System Checkpoint

 

30-05-2013 00:57:00 System Checkpoint

 

04-06-2013 00:34:32 System Checkpoint

 

05-06-2013 01:06:14 System Checkpoint

 

06-06-2013 02:05:03 System Checkpoint

 

08-06-2013 07:50:49 System Checkpoint

 

11-06-2013 17:41:20 System Checkpoint

 

12-06-2013 13:13:37 Installed OneClickdigital Media Manager.

 

13-06-2013 08:00:16 Software Distribution Service 3.0

 

14-06-2013 08:39:05 System Checkpoint

 

15-06-2013 08:41:34 System Checkpoint

 

16-06-2013 08:52:35 System Checkpoint

 

20-06-2013 02:37:00 Installed Java 7 Update 25

 

21-06-2013 02:45:29 System Checkpoint

 

25-06-2013 13:28:20 System Checkpoint

 

26-06-2013 13:42:18 System Checkpoint

 

27-06-2013 14:41:13 System Checkpoint

 

30-06-2013 02:38:07 System Checkpoint

 

01-07-2013 03:22:52 System Checkpoint

 

02-07-2013 03:45:53 System Checkpoint

 

06-07-2013 09:08:49 System Checkpoint

 

07-07-2013 09:20:29 System Checkpoint

 

08-07-2013 20:15:10 System Checkpoint

 

09-07-2013 20:45:40 System Checkpoint

 

10-07-2013 21:15:01 System Checkpoint

 

11-07-2013 08:00:34 Software Distribution Service 3.0

 

12-07-2013 08:02:59 System Checkpoint

 

13-07-2013 08:00:19 Software Distribution Service 3.0

 

14-07-2013 08:14:18 System Checkpoint

 

15-07-2013 16:03:38 System Checkpoint

 

16-07-2013 23:48:48 System Checkpoint

 

18-07-2013 00:13:15 System Checkpoint

 

19-07-2013 12:39:59 System Checkpoint

 

20-07-2013 17:40:00 System Checkpoint

 

21-07-2013 18:27:09 System Checkpoint

 

22-07-2013 19:21:03 System Checkpoint

 

23-07-2013 20:14:58 System Checkpoint

 

24-07-2013 12:08:40 Norton_Power_Eraser_20130724075820406

 

 

 

==================== Hosts content: ==========================

 

 

 

2004-08-10 14:51 - 2012-04-26 15:19 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

 

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

 

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => ?

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

 

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

 

Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\WINDOWS\system32\rundll32.exe

 

Task: C:\WINDOWS\Tasks\DataUpload.job => C:\WINDOWS\system32\rundll32.exe

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006Core.job => C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006UA.job => C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

 

 

 

==================== Faulty Device Manager Devices =============

 

 

 

 

 

==================== Event log errors: =========================

 

 

 

Application errors:

 

==================

 

Error: (07/24/2013 11:22:02 AM) (Source: Application Hang) (User: )

 

Description: Fault bucket 734562961.

 

 

 

Error: (07/24/2013 11:14:59 AM) (Source: Application Hang) (User: )

 

Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 

 

 

Error: (07/24/2013 10:21:48 AM) (Source: ESENT) (User: )

 

Description: wuaueng.dll (2168) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

 

 

 

Error: (07/24/2013 10:21:48 AM) (Source: ESENT) (User: )

 

Description: wuauclt (2168) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

 

 

 

Error: (07/24/2013 10:21:38 AM) (Source: ESENT) (User: )

 

Description: wuaueng.dll (2168) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

 

 

 

Error: (07/24/2013 10:21:38 AM) (Source: ESENT) (User: )

 

Description: wuauclt (2168) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

 

 

 

Error: (07/22/2013 06:21:00 PM) (Source: ESENT) (User: )

 

Description: wuaueng.dll (992) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

 

 

 

Error: (07/22/2013 06:21:00 PM) (Source: ESENT) (User: )

 

Description: wuauclt (992) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

 

 

 

Error: (07/22/2013 06:20:50 PM) (Source: ESENT) (User: )

 

Description: wuaueng.dll (992) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

 

 

 

Error: (07/22/2013 06:20:50 PM) (Source: ESENT) (User: )

 

Description: wuauclt (992) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

 

 

 

 

 

System errors:

 

=============

 

Error: (07/24/2013 07:36:25 PM) (Source: DCOM) (User: FAMILYROOM)

 

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

 

in order to run the server:

 

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

 

 

Error: (07/24/2013 07:34:10 PM) (Source: DCOM) (User: FAMILYROOM)

 

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

 

in order to run the server:

 

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

 

 

Error: (07/24/2013 07:33:48 PM) (Source: Service Control Manager) (User: )

 

Description: The following boot-start or system-start driver(s) failed to load:

 

BHDrvx86

 

ccSet_N360

 

eeCtrl

 

Fips

 

intelppm

 

Lbd

 

SRTSP

 

SRTSPX

 

SymIRON

 

SYMTDI

 

 

 

Error: (07/24/2013 07:33:06 PM) (Source: DCOM) (User: FAMILYROOM)

 

Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""

 

in order to run the server:

 

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

 

 

Error: (07/24/2013 07:32:38 PM) (Source: DCOM) (User: NT AUTHORITY)

 

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

 

in order to run the server:

 

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

 

Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: )

 

Description: \Device\Harddisk0\D

 

 

 

Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: )

 

Description: \Device\Harddisk0\D

 

 

 

Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: )

 

Description: \Device\Harddisk0\D

 

 

 

Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: )

 

Description: \Device\Harddisk0\D

 

 

 

Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: )

 

Description: \Device\Harddisk0\D

 

 

 

 

 

Microsoft Office Sessions:

 

=========================

 

Error: (02/21/2010 00:09:01 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25145 seconds with 9480 seconds of active time. This session ended with a crash.

 

 

 

Error: (10/25/2009 06:17:15 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15085 seconds with 3660 seconds of active time. This session ended with a crash.

 

 

 

Error: (09/28/2009 06:35:16 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28772 seconds with 480 seconds of active time. This session ended with a crash.

 

 

 

Error: (06/26/2008 06:32:42 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 192024 seconds with 4020 seconds of active time. This session ended with a crash.

 

 

 

Error: (06/07/2008 09:44:15 AM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

 

 

 

Error: (04/13/2008 09:37:26 PM) (Source: Microsoft Office 12 Sessions)(User: )

 

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

 

 

 

 

 

==================== Memory info ===========================

 

 

 

Percentage of memory in use: 14%

 

Total physical RAM: 3061.1 MB

 

Available physical RAM: 2623.56 MB

 

Total Pagefile: 4427.82 MB

 

Available Pagefile: 4194.17 MB

 

Total Virtual: 2047.88 MB

 

Available Virtual: 1956.47 MB

 

 

 

==================== Drives ================================

 

 

 

Drive c: () (Fixed) (Total:294.71 GB) (Free:202.64 GB) NTFS ==>[Drive with boot components (Windows XP)]

 

Drive j: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:451.3 GB) NTFS

 

 

 

==================== MBR & Partition Table ==================

 

 

 

========================================================

 

Disk: 0 (Size: 298 GB) (Disk ID: D0F4738C)

 

Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)

 

Partition 2: (Active) - (Size=295 GB) - (Type=07 NTFS)

 

Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

 

 

 

========================================================

 

Disk: 6 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 357DB846)

 

Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

 

 

 

==================== End Of Log ============================

[CatByte]

Please run the following:

Please download Farbar Service Scanner and run it

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[Swegnson]

FSS report, run in Safe Mode ==>

Farbar Service Scanner Version: 26-07-2013
Ran by Dad and Mom (administrator) on 26-07-2013 at 16:14:42
Running from "C:\Documents and Settings\Dad and Mom\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000800000005000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****

[CatByte]

Hello,

Please run the following:

NOTE: Make certain that you run the "FixDamage.exe" tool

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

~~~~~~~~~~~~~~~~~~~~~~~

Note: <<<< Do not miss this step

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.

Verify that your system is now functioning normally.

[AdvancedSetup]

Are you still with us?

[Swegnson]

Let us close out this thread. About the time I posted to this forum I also made a plea to Malwarebytes Customer Support. I should have closed this thread then but thought perhaps folk here might be able to add something. To make a long story short, over 6 days I believe we tried everything in the Malwarebytes Customer Support toolkit. At that point I threw up my hands and took the machine in to a local Staples. They were able to uncover 2 items malware that had not been removed to this point - hijacked.browseui, and a trojan, js/redirector.nbx.  I struggle to understand how they have better malware removal tools but there it is. It also turns out that the hard drive on this system is apparently beginning to fail which no doubt added to the slowness issues.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!