Jump to content

Infected with SweetPacks


Recommended Posts

I have run Malwarebytes full scan twice and the quick scan a few times.  I can not get rid of SweetPacks.  I have found it in my documents and settings when I do a search on my computer and can not remove it. I have no clue aabout computers.

 

I have downloaded the dds.text and attach.txt.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by user1 at 8:41:57 on 2013-10-21
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.592 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe
C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\user1\Local Settings\Apps\2.0\6OGCMOWV.1XN\53Y8JWE0.2ZG\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\user1\Local Settings\Apps\2.0\6OGCMOWV.1XN\53Y8JWE0.2ZG\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyServer = hxxp=127.0.0.1:1070;https=127.0.0.1:1070;
uProxyOverride = <-loopback>
uURLSearchHooks: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} -
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\21.1.0.18\ips\IPSBHO.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} -
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton identity safe\engine\2014.6.0.27\CoIEPlg.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.6.0.27\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton identity safe\engine\2014.6.0.27\CoIEPlg.dll
TB: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} -
uRun: [iLivid] "c:\documents and settings\user1\local settings\application data\ilivid\iLivid.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [TpShocks] TpShocks.exe
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [Lexmark 3100 Series] "c:\program files\lexmark 3100 series\lxbrbmgr.exe"
mRun: [LXBRKsk] c:\progra~1\lexmar~1\LXBRKsk.exe
mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user1\startm~1\programs\startup\amazon~1.lnk - c:\documents and settings\user1\local settings\apps\2.0\6ogcmowv.1xn\53y8jwe0.2zg\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
StartupFolder: c:\docume~1\user1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HOTSYNC.EXE
StartupFolder: c:\docume~1\user1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: Interfaces\{9C1A21B0-327B-4A87-A02A-623BAD2079D6} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages =  scecli ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user1\application data\mozilla\firefox\profiles\ga58r2qj.default\



FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\user1\application data\mozilla\firefox\profiles\ga58r2qj.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\user1\application data\mozilla\firefox\profiles\ga58r2qj.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\user1\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-10-20 16:07; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\documents and settings\all users\application data\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_2014.6.0.27\coFFPlgn
FF - ExtSQL: 2013-10-20 16:08; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_21.1.0.18\IPSFF
FF - ExtSQL: 2013-10-20 17:16; {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}; c:\documents and settings\user1\application data\mozilla\firefox\profiles\ga58r2qj.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
FF - ExtSQL: !HIDDEN! 2011-02-14 07:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-8-31 24304]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1501000.012\SymDS.sys [2013-10-20 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1501000.012\SymEFA.sys [2013-10-20 935512]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 BHDrvx86;BHDrvx86;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\bashdefs\20131002.001\BHDrvx86.sys [2013-10-20 1097304]
R1 ccSet_NAV;NAV Settings Manager;c:\windows\system32\drivers\nav\1501000.012\ccSetx86.sys [2013-10-20 127064]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7de06000.01b\ccSetx86.sys [2013-10-20 127064]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-9-1 13480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1501000.012\Ironx86.sys [2013-10-20 206936]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2011-4-4 65536]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-8-31 132456]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-20 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-20 701512]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\21.1.0.18\NAV.exe [2013-10-20 262288]
R2 NCO;Norton Identity Safe;c:\program files\norton identity safe\engine\2014.6.0.27\NST.exe [2013-10-20 129424]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-8-31 53248]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-9-1 63928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-10-20 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\ipsdefs\20131018.001\IDSXpx86.sys [2013-10-18 380824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-20 22856]
R3 NAVENG;NAVENG;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\virusdefs\20131020.019\NAVENG.SYS [2013-10-21 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton antivirus\nortondata\21.1.0.18\definitions\virusdefs\20131020.019\NAVEX15.SYS [2013-10-21 1612376]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys --> c:\windows\system32\drivers\lsnfd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-9-1 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2005-11-18 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2005-8-5 73600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-10-20 21:50:54    --------    d-----w-    c:\documents and settings\user1\application data\Malwarebytes
2013-10-20 21:50:32    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-10-20 21:50:28    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-20 21:50:28    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-20 21:41:07    --------    d-----w-    c:\documents and settings\user1\application data\Systweak
2013-10-20 21:18:01    --------    d-----w-    c:\program files\Conduit
2013-10-20 21:17:54    --------    d-----w-    c:\documents and settings\all users\application data\Conduit
2013-10-20 21:17:52    --------    d-----w-    c:\documents and settings\user1\local settings\application data\Conduit
2013-10-20 21:17:06    --------    d-----w-    c:\program files\SearchProtect
2013-10-20 21:16:36    --------    d-----w-    c:\documents and settings\user1\application data\SearchProtect
2013-10-20 21:15:26    --------    d-----w-    c:\documents and settings\user1\AppData
2013-10-20 21:15:23    --------    d-----w-    c:\windows\system32\jmdp
2013-10-20 21:15:08    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-10-20 21:15:08    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-10-20 21:15:08    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-10-20 21:15:08    27136    ----a-w-    c:\windows\system32\ImHttpComm.dll
2013-10-20 21:15:08    --------    d-----w-    c:\windows\system32\ARFC
2013-10-20 21:15:01    --------    d-----w-    c:\windows\system32\WNLT
2013-10-20 20:07:20    --------    d-----w-    c:\documents and settings\all users\application data\NCOTEMP
2013-10-20 20:07:18    127064    ----a-r-    c:\windows\system32\drivers\nst\7de06000.01b\ccSetx86.sys
2013-10-20 20:07:02    --------    d-----w-    c:\windows\system32\drivers\nst\7DE06000.01B
2013-10-20 20:07:02    --------    d-----w-    c:\windows\system32\drivers\NST
2013-10-20 20:07:01    --------    d-----w-    c:\program files\Norton Identity Safe
2013-10-20 20:05:28    142936    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-10-20 20:05:06    --------    d-----w-    c:\program files\Symantec
2013-10-20 20:05:06    --------    d-----w-    c:\program files\common files\Symantec Shared
2013-10-20 20:04:59    446552    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\symnets.sys
2013-10-20 20:04:59    421592    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\symtdi.sys
2013-10-20 20:04:59    383576    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\symtdiv.sys
2013-10-20 20:04:59    21520    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\SymELAM.sys
2013-10-20 20:04:58    935512    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\SymEFA.sys
2013-10-20 20:04:58    651352    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\srtsp.sys
2013-10-20 20:04:58    367704    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\SymDS.sys
2013-10-20 20:04:58    32344    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\srtspx.sys
2013-10-20 20:04:58    206936    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\Ironx86.sys
2013-10-20 20:04:57    127064    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\ccSetx86.sys
2013-10-20 20:03:47    14818    ----a-r-    c:\windows\system32\drivers\nav\1501000.012\SymVTcer.dat
2013-10-20 20:03:46    --------    d-----w-    c:\windows\system32\drivers\nav\1501000.012
2013-10-20 20:03:46    --------    d-----w-    c:\windows\system32\drivers\NAV
2013-10-20 20:03:43    --------    d-----w-    c:\program files\Norton AntiVirus
2013-10-20 20:03:43    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2013-10-20 19:59:54    --------    d-----w-    c:\program files\NortonInstaller
2013-10-20 19:59:54    --------    d-----w-    c:\documents and settings\all users\application data\NortonInstaller
2013-10-20 12:18:32    7796464    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5bdfa7af-3933-4206-8bb8-a49dea51cb16}\mpengine.dll
2013-10-19 12:01:48    7796464    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-10-17 11:50:50    --------    d-----w-    c:\documents and settings\user1\application data\AVAST Software
2013-10-17 11:47:20    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-10-16 23:08:32    --------    d-----w-    c:\program files\uPlayer
2013-10-16 23:07:22    --------    d-----w-    c:\program files\Optimizer Pro
2013-10-16 23:05:13    --------    d-----w-    c:\documents and settings\user1\local settings\application data\WordLayers
2013-10-16 22:03:24    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2013-10-10 11:32:21    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-10 11:31:58    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2013-10-10 11:31:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 11:31:29    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-02 00:13:03    871608    ----a-w-    c:\program files\mozilla firefox\uninstall\helper.exe
2013-10-02 00:13:03    476904    ----a-w-    c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2013-10-02 00:13:03    273304    ----a-w-    c:\program files\mozilla firefox\updater.exe
2013-10-02 00:13:03    21527448    ----a-w-    c:\program files\mozilla firefox\xul.dll
2013-10-02 00:13:03    187248    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-10-02 00:13:03    170232    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-10-02 00:13:03    152984    ----a-w-    c:\program files\mozilla firefox\softokn3.dll
2013-10-02 00:13:03    1446264    ----a-w-    c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
2013-10-02 00:13:03    107416    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2013-10-02 00:13:01    27544    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-10-02 00:13:01    17816    ----a-w-    c:\program files\mozilla firefox\plugin-container.exe
2013-10-02 00:13:00    91544    ----a-w-    c:\program files\mozilla firefox\nssdbm3.dll
.
==================== Find3M  ====================
.
2013-10-21 12:42:56    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-08 19:41:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 19:41:24    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 18:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
.
============= FINISH:  8:43:38.42 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2011 3:33:05 PM
System Uptime: 10/21/2013 7:09:49 AM (1 hours ago)
.
Motherboard: LENOVO |  | 200766U
Processor: Intel® Core Duo CPU      T2500  @ 2.00GHz | None | 1994/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 108 GiB total, 74.496 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1086: 7/23/2013 12:03:33 PM - Software Distribution Service 3.0
RP1087: 7/23/2013 12:23:03 PM - Software Distribution Service 3.0
RP1088: 7/24/2013 5:12:29 PM - Software Distribution Service 3.0
RP1089: 7/25/2013 5:47:11 PM - Software Distribution Service 3.0
RP1090: 7/26/2013 8:07:28 PM - Software Distribution Service 3.0
RP1091: 7/27/2013 9:02:56 PM - Software Distribution Service 3.0
RP1092: 7/29/2013 12:00:50 AM - Software Distribution Service 3.0
RP1093: 7/30/2013 12:04:20 AM - Software Distribution Service 3.0
RP1094: 7/31/2013 1:11:27 AM - System Checkpoint
RP1095: 7/31/2013 8:01:56 AM - Software Distribution Service 3.0
RP1096: 8/1/2013 9:35:38 AM - System Checkpoint
RP1097: 8/1/2013 9:54:38 AM - Software Distribution Service 3.0
RP1098: 8/2/2013 11:01:33 AM - System Checkpoint
RP1099: 8/2/2013 1:42:47 PM - Software Distribution Service 3.0
RP1100: 8/3/2013 6:59:06 AM - Software Distribution Service 3.0
RP1101: 8/4/2013 2:15:58 AM - Software Distribution Service 3.0
RP1102: 8/4/2013 6:59:12 AM - Software Distribution Service 3.0
RP1103: 8/5/2013 6:59:18 AM - Software Distribution Service 3.0
RP1104: 8/6/2013 7:05:35 AM - System Checkpoint
RP1105: 8/6/2013 8:05:07 AM - Software Distribution Service 3.0
RP1106: 8/7/2013 9:00:01 AM - Software Distribution Service 3.0
RP1107: 8/8/2013 9:46:19 AM - System Checkpoint
RP1108: 8/8/2013 2:00:07 PM - Software Distribution Service 3.0
RP1109: 8/9/2013 3:01:24 PM - System Checkpoint
RP1110: 8/9/2013 11:52:28 PM - Software Distribution Service 3.0
RP1111: 8/10/2013 11:56:33 PM - Software Distribution Service 3.0
RP1112: 8/12/2013 6:59:26 AM - Software Distribution Service 3.0
RP1113: 8/13/2013 6:59:18 AM - Software Distribution Service 3.0
RP1114: 8/14/2013 3:00:18 AM - Software Distribution Service 3.0
RP1115: 8/14/2013 7:45:58 AM - Software Distribution Service 3.0
RP1116: 8/15/2013 6:10:35 AM - Software Distribution Service 3.0
RP1117: 8/16/2013 6:19:20 AM - System Checkpoint
RP1118: 8/16/2013 2:26:49 PM - Software Distribution Service 3.0
RP1119: 8/17/2013 4:03:31 PM - Software Distribution Service 3.0
RP1120: 8/18/2013 1:33:19 AM - Software Distribution Service 3.0
RP1121: 8/19/2013 2:02:18 AM - System Checkpoint
RP1122: 8/19/2013 6:40:10 AM - Software Distribution Service 3.0
RP1123: 8/20/2013 7:45:05 AM - Software Distribution Service 3.0
RP1124: 8/21/2013 8:34:58 AM - System Checkpoint
RP1125: 8/21/2013 1:39:49 PM - Software Distribution Service 3.0
RP1126: 8/22/2013 4:59:55 PM - Software Distribution Service 3.0
RP1127: 8/23/2013 5:38:59 PM - System Checkpoint
RP1128: 8/23/2013 7:32:46 PM - Software Distribution Service 3.0
RP1129: 8/24/2013 8:50:38 PM - System Checkpoint
RP1130: 8/25/2013 2:29:26 AM - Software Distribution Service 3.0
RP1131: 8/25/2013 2:53:12 PM - Software Distribution Service 3.0
RP1132: 8/26/2013 2:55:58 PM - System Checkpoint
RP1133: 8/26/2013 3:38:42 PM - Software Distribution Service 3.0
RP1134: 8/27/2013 3:53:11 PM - System Checkpoint
RP1135: 8/27/2013 6:16:30 PM - Software Distribution Service 3.0
RP1136: 8/28/2013 8:02:50 AM - Software Distribution Service 3.0
RP1137: 8/28/2013 6:55:22 PM - Software Distribution Service 3.0
RP1138: 8/29/2013 7:51:44 PM - System Checkpoint
RP1139: 8/30/2013 4:23:45 PM - Software Distribution Service 3.0
RP1140: 8/31/2013 7:14:07 PM - Software Distribution Service 3.0
RP1141: 9/1/2013 2:29:25 AM - Software Distribution Service 3.0
RP1142: 9/2/2013 6:36:59 AM - Software Distribution Service 3.0
RP1143: 9/3/2013 6:53:39 AM - Software Distribution Service 3.0
RP1144: 9/4/2013 8:42:14 AM - Software Distribution Service 3.0
RP1145: 9/5/2013 11:10:19 AM - System Checkpoint
RP1146: 9/5/2013 12:30:07 PM - Software Distribution Service 3.0
RP1147: 9/6/2013 8:39:10 PM - Software Distribution Service 3.0
RP1148: 9/7/2013 9:04:02 PM - System Checkpoint
RP1149: 9/8/2013 2:21:22 AM - Software Distribution Service 3.0
RP1150: 9/9/2013 6:56:44 AM - Software Distribution Service 3.0
RP1151: 9/10/2013 9:25:37 AM - System Checkpoint
RP1152: 9/10/2013 1:43:49 PM - Software Distribution Service 3.0
RP1153: 9/10/2013 7:59:20 PM - Software Distribution Service 3.0
RP1154: 9/11/2013 7:43:50 AM - Software Distribution Service 3.0
RP1155: 9/11/2013 3:39:21 PM - Software Distribution Service 3.0
RP1156: 9/12/2013 4:35:21 PM - System Checkpoint
RP1157: 9/13/2013 6:41:25 AM - Software Distribution Service 3.0
RP1158: 9/14/2013 7:55:30 AM - System Checkpoint
RP1159: 9/16/2013 5:57:36 AM - Software Distribution Service 3.0
RP1160: 9/17/2013 8:13:19 AM - System Checkpoint
RP1161: 9/17/2013 8:45:55 PM - Software Distribution Service 3.0
RP1162: 9/19/2013 8:02:13 AM - Software Distribution Service 3.0
RP1163: 9/20/2013 8:46:56 AM - System Checkpoint
RP1164: 9/20/2013 4:27:55 PM - Software Distribution Service 3.0
RP1165: 9/21/2013 4:38:34 PM - System Checkpoint
RP1166: 9/22/2013 2:02:34 AM - Software Distribution Service 3.0
RP1167: 9/23/2013 2:10:32 AM - System Checkpoint
RP1168: 9/23/2013 7:24:38 AM - Software Distribution Service 3.0
RP1169: 9/24/2013 8:41:07 AM - System Checkpoint
RP1170: 9/24/2013 3:55:43 PM - Software Distribution Service 3.0
RP1171: 9/25/2013 4:00:28 PM - System Checkpoint
RP1172: 9/25/2013 5:16:35 PM - Software Distribution Service 3.0
RP1173: 9/26/2013 5:22:55 PM - System Checkpoint
RP1174: 9/26/2013 6:29:19 PM - Software Distribution Service 3.0
RP1175: 9/27/2013 6:29:49 PM - System Checkpoint
RP1176: 9/28/2013 12:54:06 PM - Software Distribution Service 3.0
RP1177: 9/29/2013 1:51:42 AM - Software Distribution Service 3.0
RP1178: 9/29/2013 12:54:00 PM - Software Distribution Service 3.0
RP1179: 9/30/2013 1:55:14 PM - Software Distribution Service 3.0
RP1180: 10/1/2013 2:46:29 PM - Software Distribution Service 3.0
RP1181: 10/2/2013 2:52:33 PM - System Checkpoint
RP1182: 10/2/2013 2:59:20 PM - Software Distribution Service 3.0
RP1183: 10/3/2013 3:48:03 PM - System Checkpoint
RP1184: 10/3/2013 6:15:21 PM - Software Distribution Service 3.0
RP1185: 10/4/2013 6:23:59 PM - Software Distribution Service 3.0
RP1186: 10/5/2013 6:51:48 PM - Software Distribution Service 3.0
RP1187: 10/6/2013 2:09:33 AM - Software Distribution Service 3.0
RP1188: 10/7/2013 7:36:15 AM - Software Distribution Service 3.0
RP1189: 10/8/2013 11:21:22 AM - System Checkpoint
RP1190: 10/8/2013 11:26:56 AM - Software Distribution Service 3.0
RP1191: 10/9/2013 1:04:19 PM - Software Distribution Service 3.0
RP1192: 10/10/2013 1:31:09 PM - System Checkpoint
RP1193: 10/10/2013 10:56:16 PM - Software Distribution Service 3.0
RP1194: 10/11/2013 3:00:16 AM - Software Distribution Service 3.0
RP1195: 10/12/2013 3:30:30 AM - System Checkpoint
RP1196: 10/12/2013 6:58:15 AM - Software Distribution Service 3.0
RP1197: 10/13/2013 1:52:34 AM - Software Distribution Service 3.0
RP1198: 10/14/2013 2:29:16 AM - System Checkpoint
RP1199: 10/14/2013 3:00:14 AM - Software Distribution Service 3.0
RP1200: 10/14/2013 9:14:40 AM - Software Distribution Service 3.0
RP1201: 10/15/2013 9:16:42 AM - System Checkpoint
RP1202: 10/15/2013 12:56:29 PM - Software Distribution Service 3.0
RP1203: 10/16/2013 2:49:09 PM - System Checkpoint
RP1204: 10/16/2013 7:34:01 PM - Removed uPlayer
RP1205: 10/17/2013 1:16:40 AM - Software Distribution Service 3.0
RP1206: 10/17/2013 7:48:28 AM - avast! antivirus system restore point
RP1207: 10/18/2013 1:06:10 AM - Software Distribution Service 3.0
RP1208: 10/19/2013 1:18:45 AM - System Checkpoint
RP1209: 10/19/2013 8:01:43 AM - Software Distribution Service 3.0
RP1210: 10/20/2013 8:18:29 AM - Software Distribution Service 3.0
RP1211: 10/20/2013 4:01:00 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Amazing Adventures The Lost Tomb 1.0.0.5
Amazon Cloud Drive
Amazon Kindle
ATI Display Driver
Audacity 2.0
Bookworm Adventures Deluxe 1.0
BRAdmin Professional 3
Brother HL-5370DW
Canon Auto Update Service
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX150 IS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Client Security - Password Manager
Dora the Explorer - Dora Saves the Snow Princess
File Type Assistant
Hotel
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
InterActual Player
InterVideo Register Manager
InterVideo WinDVD
Java 7 Update 7
Java Auto Updater
Lenovo System Interface Driver
Lexmark 3100 Series
Logitech Vid HD
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.75.0.1300
Math 5 Teaching Textbook
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Midnight Mysteries The Edgar Allan Poe Conspiracy
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSN
NETGEAR Live Parental Controls Management Utility 2.1.5
Norton AntiVirus
Norton Identity Safe
On Screen Display
OpenOffice.org 3.3
Palm Desktop
Pre-Algebra Teaching Textbook
Productivity Center Supplement for ThinkPad
Robinson Curriculum 2.29D
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sierra Wireless MC5720 Package for Access Connections
Skype Click to Call
Skype™ 6.6
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
The Legend of Crystal Valley
The Secret of Margrave Manor
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
10/20/2013 10:58:28 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  lsnfd
10/19/2013 7:49:12 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
10/16/2013 3:37:28 PM, error: PlugPlayManager [12]  - The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and keep only avast or Microsoft Security Essentials or Norton Antivirus.

 

 

Report, when done.

Link to post
Share on other sites

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-21 13:27:41
-----------------------------
13:27:41.015    OS Version: Windows 5.1.2600 Service Pack 3
13:27:41.015    Number of processors: 2 586 0xE0C
13:27:41.015    ComputerName: LAPTOP  UserName: user1
13:27:42.781    Initialize success
13:27:59.468    AVAST engine download error: 0
13:28:55.015    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:28:55.015    Disk 0 Vendor: HITACHI_ SBDI Size: 114473MB BusType: 3
13:28:55.171    Disk 0 MBR read successfully
13:28:55.171    Disk 0 MBR scan
13:28:55.171    Disk 0 Windows VISTA default MBR code
13:28:55.187    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       110234 MB offset 2048
13:28:55.203    Disk 0 Partition 2 00     13              NTFS         4237 MB offset 225761280
13:28:55.203    Disk 0 scanning sectors +234438656
13:28:55.250    Disk 0 scanning C:\WINDOWS\system32\drivers
13:29:00.812    Service scanning
13:29:02.812    Service BHDrvx86 C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys **LOCKED** 5
13:29:03.734    Service ccSet_NAV C:\WINDOWS\system32\drivers\NAV\1501000.012\ccSetx86.sys **LOCKED** 5
13:29:04.890    Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
13:29:04.921    Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
13:29:06.796    Service IDSxpx86 C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20131018.001\IDSxpx86.sys **LOCKED** 5
13:29:09.171    Service NAVENG C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131021.001\NAVENG.SYS **LOCKED** 5
13:29:09.234    Service NAVEX15 C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131021.001\NAVEX15.SYS **LOCKED** 5
13:29:12.656    Service SRTSPX C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSPX.SYS **LOCKED** 5
13:29:13.406    Service SymDS C:\WINDOWS\system32\drivers\NAV\1501000.012\SYMDS.SYS **LOCKED** 5
13:29:13.546    Service SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
13:29:13.625    Service SymIRON C:\WINDOWS\system32\drivers\NAV\1501000.012\Ironx86.SYS **LOCKED** 5
13:29:13.656    Service SYMTDI C:\WINDOWS\system32\drivers\NAV\1501000.012\SYMTDI.SYS **LOCKED** 5
13:29:16.843    Modules scanning
13:29:27.781    Disk 0 trace - called modules:
13:29:27.812    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
13:29:27.812    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a713030]
13:29:27.812    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8a697910]
13:29:27.812    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a6e3030]
13:29:27.812    Scan finished successfully
13:30:05.937    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user1\Desktop\MBR.dat"
13:30:05.937    The log file has been saved successfully to "C:\Documents and Settings\user1\Desktop\aswMBR.txt"

 

Link to post
Share on other sites

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I am still having trouble finding the Avast on my computer.  I have no icons on my desktop, start up menu, and on my task bar.  Is there a way I can find it to turn to disable it?  When I did a search there are over 30 files avast shows in it.  I thought I was clicking on a file but it started to install it again but I stopped that.

Link to post
Share on other sites

Let´s check:

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.22.09

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Hootman :: FAMILY [administrator]

 

Protection: Enabled

 

10/23/2013 10:46:52 AM

mbam-log-2013-10-23 (10-46-52).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236149

Time elapsed: 22 minute(s), 50 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

For the ESET there were no threats found and no report was given.

Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.