Jump to content

IE 7 is hijacked, mbam will not update and scans clean, but I am still infected.


rmosby

Recommended Posts

I have a virus that seems to have replaced my IE 7 with a virus duplicate. Microsoft Sec. Ess. picks up pieces of it from time to time and deletes them as trojans. Mbam declares the computer clean. This virus hijacks Google searches and when I click on a link like for... virus delete or google redirect virus... it redirects me to real estate site, vacation sites etc. This virus/malware will not let me update Microsoft Sec. Ess., Avira Antivir, Malwarebytes. Additionally, I tried to run Google Chrome and Firefox and it prevents either of them from working as well.

The page it redirects to the most is something caller Consumer News Reporter. This page will pop up and the only way to close it is through Task Manager.

I have tried to use ComboFix to root this virus out....It reports Root Kit activity and erases some stuff, but the corrupt IE is still active and on the machine.

Any ideas?

Link to post
Share on other sites

Hello rmosby

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /90

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

Dude... Thank you very much. I followed your instructions to the letter. Here are the results:

OTL logfile created on: 10/12/2010 9:10:27 AM - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\rbowen\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 503.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.83 Gb Total Space | 26.74 Gb Free Space | 47.89% Space Free | Partition Type: NTFS

Drive E: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 14.92 Gb Total Space | 12.16 Gb Free Space | 81.53% Space Free | Partition Type: FAT32

Computer Name: PATEITLAP01 | User Name: rbowen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\rbowen\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)

PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\rbowen\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Control Microsystems\ClearSCADA\ServerIcon.exe (Control Microsystems)

PRC - C:\Program Files\Control Microsystems\ClearSCADA\LicenceServer.exe (Control Microsystems)

PRC - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe (Boingo Wireless, Inc.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)

PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\rbowen\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (LICENCESERVER) -- C:\Program Files\Control Microsystems\ClearSCADA\LicenceServer.exe (Control Microsystems)

SRV - (DBSERVER) -- C:\Program Files\Control Microsystems\ClearSCADA\DBServer.exe (Control Microsystems)

SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)

SRV - (OpcEnum) -- C:\WINDOWS\system32\OpcEnum.exe (OPC Foundation)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)

SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (Tosrfusb) -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys File not found

DRV - (tosrfnds) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys File not found

DRV - (Tosrfhid) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys File not found

DRV - (Tosrfcom) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys File not found

DRV - (tosrfbnp) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys File not found

DRV - (tosrfbd) -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys File not found

DRV - (tosporte) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys File not found

DRV - (PCTINDIS5) -- C:\WINDOWS\System32\PCTINDIS5.SYS File not found

DRV - (OMCI) -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS File not found

DRV - (Nmea) -- C:\WINDOWS\System32\DRIVERS\pctnullport.sys File not found

DRV - (catchme) -- C:\DOCUME~1\rbowen\LOCALS~1\Temp\catchme.sys File not found

DRV - (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) -- C:\WINDOWS\system32\drivers\SWNC5E00.sys (Sierra Wireless Inc.)

DRV - (swmx00) Sierra Wireless USB MUX Driver (#00) -- C:\WINDOWS\system32\drivers\swmx00.sys (Sierra Wireless Inc.)

DRV - (swmsflt) -- C:\WINDOWS\system32\drivers\swmsflt.sys ()

DRV - (NWADI) -- C:\WINDOWS\system32\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)

DRV - (SNTNLUSB) -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (PTDMWWAN) -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys (DEVGURU Co,LTD.)

DRV - (PTDMVsp) -- C:\WINDOWS\system32\drivers\PTDMVsp.sys (DEVGURU Co,LTD.)

DRV - (PTDMMdm) -- C:\WINDOWS\system32\drivers\PTDMMdm.sys (DEVGURU Co,LTD.)

DRV - (PTDMBus) -- C:\WINDOWS\system32\drivers\PTDMBus.sys (DEVGURU Co,LTD.)

DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc)

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel

Link to post
Share on other sites

OTL Extras logfile created on: 10/12/2010 9:10:27 AM - Run 1

OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\rbowen\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 503.00 Mb Available Physical Memory | 49.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.83 Gb Total Space | 26.74 Gb Free Space | 47.89% Space Free | Partition Type: NTFS

Drive E: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 14.92 Gb Total Space | 12.16 Gb Free Space | 81.53% Space Free | Partition Type: FAT32

Computer Name: PATEITLAP01 | User Name: rbowen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Control Microsystems\ClearSCADA\ServerIcon.exe" = C:\Program Files\Control Microsystems\ClearSCADA\ServerIcon.exe:*:Disabled:ClearSCADA Database Server Status Icon -- (Control Microsystems)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 21

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3047A276-7A9C-40B3-A3D7-0F9B9839FA8C}" = VisualAnalysis Edu 7.0

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{5C91E90B-DE81-405E-93A1-7B655D43CDFC}" = Newforma Web Control

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020

"{8B09FB29-1F0A-42E0-A994-52FB7B80CF68}" = Flyps 3.1

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services

"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio

"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software

"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C6AED51F-9C8F-4403-AAB9-CF6CCEB9D266}" = LCC

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CD47820E-E861-4F55-B43B-F957F6671F7D}" = Control Microsystems ClearSCADA 2009 Edition R2.2

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF2CE2A4-6A99-4F97-AD7C-302002A67B38}" = Alltel Wi-Fi Connection Software

"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D9A0940B-E17E-4B28-897E-59D531670A30}" = Canon DR-2050C Scanner Driver

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DE63F6F3-094A-4004-99CF-694304C554C0}" = VisualAnalysis 7.0 Tutorials

"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center

"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center

"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ACI 318-08 & PCA Notes" = ACI 318-08 & PCA Notes

"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.1

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem

"EPSON Scanner" = EPSON Scan

"Exifer_is1" = Exifer

"G-Force" = G-Force

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{C6AED51F-9C8F-4403-AAB9-CF6CCEB9D266}" = LCC

"InterActual Player" = InterActual Player

"Ken Ward's Makeup_is1" = Ken Ward's Makeup 0.901

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PROPLUS" = Microsoft Office Professional Plus 2007

"QuickLink Mobile" = QuickLink Mobile

"Slice" = Slice Audio File Splitter

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"ST6UNST #1" = VandM

"Stamp" = Stamp ID3 Tag Editor

"Switch" = Switch Sound File Converter

"ToolBox" = NCH Toolbox

"WavePad" = WavePad Sound Editor

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ASDM on 172.16.10.1" = ASDM on 172.16.10.1

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 4.5.0.457

"myHomey" = Homey

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/11/2010 10:06:12 PM | Computer Name = PATEITLAP01 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 10/11/2010 10:15:40 PM | Computer Name = PATEITLAP01 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 10/11/2010 10:28:07 PM | Computer Name = PATEITLAP01 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 10/12/2010 12:55:08 AM | Computer Name = PATEITLAP01 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/12/2010 12:57:10 AM | Computer Name = PATEITLAP01 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 10/12/2010 1:38:37 AM | Computer Name = PATEITLAP01 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/12/2010 9:03:42 AM | Computer Name = PATEITLAP01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/12/2010 9:03:43 AM | Computer Name = PATEITLAP01 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 10/12/2010 9:05:50 AM | Computer Name = PATEITLAP01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/12/2010 9:05:56 AM | Computer Name = PATEITLAP01 | Source = UserInit | ID = 1000

Description = Could not execute the following script \\glynncounty-ga.gov\SysVol\glynncounty-ga.gov\scripts\ClientReport.vbs.

The network location cannot be reached. For information about network troubleshooting,

see Windows Help. .

[ Application Events ]

Error - 10/11/2010 10:06:12 PM | Computer Name = PATEITLAP01 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 10/11/2010 10:15:40 PM | Computer Name = PATEITLAP01 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 10/11/2010 10:28:07 PM | Computer Name = PATEITLAP01 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 10/12/2010 12:55:08 AM | Computer Name = PATEITLAP01 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/12/2010 12:57:10 AM | Computer Name = PATEITLAP01 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 10/12/2010 1:38:37 AM | Computer Name = PATEITLAP01 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/12/2010 9:03:42 AM | Computer Name = PATEITLAP01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/12/2010 9:03:43 AM | Computer Name = PATEITLAP01 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 10/12/2010 9:05:50 AM | Computer Name = PATEITLAP01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/12/2010 9:05:56 AM | Computer Name = PATEITLAP01 | Source = UserInit | ID = 1000

Description = Could not execute the following script \\glynncounty-ga.gov\SysVol\glynncounty-ga.gov\scripts\ClientReport.vbs.

The network location cannot be reached. For information about network troubleshooting,

see Windows Help. .

[ Application Events ]

Error - 10/11/2010 10:06:12 PM | Computer Name = PATEITLAP01 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 10/11/2010 10:15:40 PM | Computer Name = PATEITLAP01 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80072efe, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 10/11/2010 10:28:07 PM | Computer Name = PATEITLAP01 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 10/12/2010 12:55:08 AM | Computer Name = PATEITLAP01 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/12/2010 12:57:10 AM | Computer Name = PATEITLAP01 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 10/12/2010 1:38:37 AM | Computer Name = PATEITLAP01 | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting

module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 10/12/2010 9:03:42 AM | Computer Name = PATEITLAP01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/12/2010 9:03:43 AM | Computer Name = PATEITLAP01 | Source = AutoEnrollment | ID = 15

Description = Automatic certificate enrollment for local system failed to contact

the active directory (0x8007054b). The specified domain either does not exist

or could not be contacted. Enrollment will not be performed.

Error - 10/12/2010 9:05:50 AM | Computer Name = PATEITLAP01 | Source = Userenv | ID = 1054

Description = Windows cannot obtain the domain controller name for your computer

network. (The specified domain either does not exist or could not be contacted.

). Group Policy processing aborted.

Error - 10/12/2010 9:05:56 AM | Computer Name = PATEITLAP01 | Source = UserInit | ID = 1000

Description = Could not execute the following script \\glynncounty-ga.gov\SysVol\glynncounty-ga.gov\scripts\ClientReport.vbs.

The network location cannot be reached. For information about network troubleshooting,

see Windows Help. .

[ System Events ]

Error - 10/11/2010 5:42:23 PM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 59 minutes. NtpClient has no source of accurate

time.

Error - 10/11/2010 6:42:24 PM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 119 minutes. NtpClient has no source of accurate

time.

Error - 10/11/2010 8:42:27 PM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 239 minutes. NtpClient has no source of accurate

time.

Error - 10/11/2010 10:15:38 PM | Computer Name = PATEITLAP01 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.91.1566.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error

code: 0x80072efe Error description: The connection with the server was terminated

abnormally

Error - 10/12/2010 12:42:36 AM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 479 minutes. NtpClient has no source of accurate

time.

Error - 10/12/2010 1:52:46 AM | Computer Name = PATEITLAP01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain GLYNNCOUNTY-GA due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.

Error - 10/12/2010 7:59:24 AM | Computer Name = PATEITLAP01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain GLYNNCOUNTY-GA due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.

Error - 10/12/2010 8:00:30 AM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/12/2010 8:00:30 AM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/12/2010 9:03:41 AM | Computer Name = PATEITLAP01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain GLYNNCOUNTY-GA due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.

[ System Events ]

Error - 10/11/2010 5:42:23 PM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 59 minutes. NtpClient has no source of accurate

time.

Error - 10/11/2010 6:42:24 PM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 119 minutes. NtpClient has no source of accurate

time.

Error - 10/11/2010 8:42:27 PM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 239 minutes. NtpClient has no source of accurate

time.

Error - 10/11/2010 10:15:38 PM | Computer Name = PATEITLAP01 | Source = Microsoft Antimalware | ID = 2001

Description = %%861 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.91.1566.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6201.0 Error

code: 0x80072efe Error description: The connection with the server was terminated

abnormally

Error - 10/12/2010 12:42:36 AM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 479 minutes. NtpClient has no source of accurate

time.

Error - 10/12/2010 1:52:46 AM | Computer Name = PATEITLAP01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain GLYNNCOUNTY-GA due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.

Error - 10/12/2010 7:59:24 AM | Computer Name = PATEITLAP01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain GLYNNCOUNTY-GA due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.

Error - 10/12/2010 8:00:30 AM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/12/2010 8:00:30 AM | Computer Name = PATEITLAP01 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 10/12/2010 9:03:41 AM | Computer Name = PATEITLAP01 | Source = NETLOGON | ID = 5719

Description = No Domain Controller is available for domain GLYNNCOUNTY-GA due to

the following: %%1311. Make sure that the computer is connected to the network and

try again. If the problem persists, please contact your domain administrator.

< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xF5876000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3211264 bytes (Intel

Link to post
Share on other sites

You are welcome :(

Please post this log in your next reply.

C:\ComboFix.txt

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

I need this computer for work and school. I guess I will wipe it and start again.... No real choice..

What kind of virus/malware did I get? I had mbam installed and ran about once a week. What else can be done to stop this type of insidous infection?

This makes me wonder... If the authors of this virus had not let me know that the computer was infected with popups and redirect to stupid sites, then I would have been happy as a clam... done my banking, paid bills... they would have had all my stuff at that point. As soon as I saw the funky stuff, I never logged on anything that needed a password.

Is any computer "safe"? Hell, this makes me want to resume old school banking with a teller.

Thank You for your time.

Respectfully,

R. Mosby

Link to post
Share on other sites

You have an infection called TDL3 it infects a random system driver and it is usually involved in or attaches your system to a botnet.

This is how it feeds info to it's servers silently.

No really no computer is safe because of criminals that make so much much by ripping off people that actually work for a living.

These are the reason's why it is like this.

You would be more secure to do it old school unfortunately.

Mbam does not detect this as it is a patch type of infection most nothing detects it honestly.

To get better protection that does not run the risk of getting infected at this point is buying a macintosh :(

Seriously they only don't get infected right now because most of the market share is Windows.

Lucky Windows users.

There is nothing that is 100% effective against malware nowadays never was and I am doubtful there ever will be.

Having a good antivirus and antimalware program running at all times and keeping all programs up to date will help but again nothing is 100%

Sorry for the grim news but thought I should let you know.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.