Jump to content

XP Security 2012


Recommended Posts

I saw a previous poster contracted this same bug today. The previous poster was unable to run Malwarebytes, but I was able to run it in Safe Mode. It found six infected items and seemed to clean them normally. It then asked for a restart and everything seemed fine.

That's when the proverbial Other Shoe dropped. Nothing works. Whenever I try to open a program I am hit with the message "Choose the program you want to use to open this file," and that includes Malwarebytes as well.

When I try and open Excell, I get an "Application not found" message. Same thing with Word. If I try System Restore, I receive the message Choose the program you want to use to open this file. File: rstrui.exe.

Oddly enough, Internet Explorer will open.

Any ideas?

Thanks in advance.

Ken

Link to post
Share on other sites

Hi Ken

:welcome:

  • Download FixPolicies.exe by Bill Castner and save it to your desktop.
  • Double click on FixPolicies.exe to run it.
  • Click on Install. It will create a folder named FixPolicies on your desktop.
  • Open the FixPolicies folder.
  • Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly this is normal.
  • Reboot your computer after it runs

It will repair any policies that have been affected by malware.

Next

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Hi, Kenny. Since I posted my issue, I thought to boot the PC back into Safe Mode and try running System Recovery. To my surprise, it actually came up and ran. Once the computer booted back up, it appeared my problem was solved as my programs once again opened normally.

I am currently running another full scan with Malwarebytes and will follow that up with a full scan with ESET. I can run the DDS program and forward the logs if you still think it is warrented.

I really thought it might be a hidden files issue, but that may not be it at all.

That's twice in seven months I have had an issue like this. First time was when I clicked on a Sports Illustrated article on the World Series, and this time it was a news site.

These bugs sure don't mess around. Both times I have known instantly that something was wrong.

Regards,

Ken.

Link to post
Share on other sites

Running a System Recovery is a band aid fix most of the time. Yes please post the logs... :)

Kenny, Malwarebytes ran and found one infected file, in the System Restore of all places. I then ran ESET and came up negative.

I then ran the FixPolicies tool, rebooted and ran the DDS software. The two logs are copied below:

First the DDS.txt, then the Attach.txt.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by KRIS at 17:45:57 on 2011-06-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.189 [GMT -7:00]

.

AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: ESET Smart Security 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Disabled*

FW: ZoneAlarm Security Suite Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe

C:\Program Files\QuickBooks Online Backup\OnlineBackup.exe

C:\WINDOWS\DOWNLO~1\MyWebEx\319\raagtx.exe

svchost.exe

C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe

C:\WINDOWS\system32\BrmfBAgS.exe

C:\WINDOWS\DOWNLO~1\MyWebEx\319\RAAGTAPP.EXE

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = wmplayer.exe

BHO: CSMHelperObj Class: {0f660f64-f4c9-477f-8529-44181b717472} - c:\program files\at&t\wnclient\programs\CSMBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [Google Update] "c:\documents and settings\kris\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [OnlineBackupScheduler] c:\program files\quickbooks online backup\OnlineBackup.exe

mRun: [QuickCare] c:\program files\qwest\quickcare\bin\sprtcmd.exe /P QuickCare

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{a9255718-8a40-45f9-b738-93655fbd4f6f}\_C90BDFE323B95CEE248723.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\windows\downlo~1\mywebex\319\raagtx.exe

IE: {0264505A-6793-44E0-AC75-9DCE3B13185C} - c:\program files\at&t\wnclient\programs\AnyWho.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: download.com

DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} - file://e:\content\include\XPPatchInstaller.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226808827270

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{C2106976-A27B-4CDF-9FC2-B2E37BC2D027} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]

R2 atnthost;WebEx Remote Access Agent;c:\windows\downlo~1\mywebex\319\atnthost.exe [2009-4-8 16792]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-3-12 724152]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-3-12 724152]

R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]

R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-10-6 206120]

R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-10-6 185640]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]

S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\kris\locals~1\temp\aticdsdr.sys --> c:\docume~1\kris\locals~1\temp\ATICDSDr.sys [?]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2008-11-17 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2008-11-17 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2008-11-17 39552]

S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2008-11-17 61440]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-2 22712]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-2 39984]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-2 366640]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-06-20 21:16:24 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-06-20 21:16:24 -------- d-----w- c:\windows\system32\wbem\Repository

2011-06-17 15:11:08 105472 -c----w- c:\windows\system32\dllcache\mup.sys

.

==================== Find3M ====================

.

2011-06-13 14:53:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 17:46:13.42 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-12.02)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/15/2003 7:41:40 PM

System Uptime: 6/20/2011 5:26:13 PM (0 hours ago)

.

Motherboard: Intel Corporation | | D850EMVR

Processor: Intel® Pentium® 4 CPU 2.53GHz | J4K2 | 2540/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 55.11 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: U.S. Robotics 56K Fax PCI

Device ID: PCI\VEN_12B9&DEV_1008&SUBSYS_00D312B9&REV_01\4&11CD5334&0&58F0

Manufacturer: U.S. Robotics Corporation

Name: U.S. Robotics 56K Fax PCI

PNP Device ID: PCI\VEN_12B9&DEV_1008&SUBSYS_00D312B9&REV_01\4&11CD5334&0&58F0

Service: Modem

.

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}

Description: Communications Port

Device ID: ACPI\PNP0501\1

Manufacturer: (Standard port types)

Name: Communications Port (COM1)

PNP Device ID: ACPI\PNP0501\1

Service: Serial

.

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}

Description: Communications Port

Device ID: ACPI\PNP0501\2

Manufacturer: (Standard port types)

Name: Communications Port (COM2)

PNP Device ID: ACPI\PNP0501\2

Service: Serial

.

==== System Restore Points ===================

.

RP808: 3/23/2011 4:39:53 PM - System Checkpoint

RP809: 3/24/2011 7:48:37 AM - Software Distribution Service 3.0

RP810: 3/25/2011 9:27:46 AM - System Checkpoint

RP811: 3/28/2011 11:11:02 AM - System Checkpoint

RP812: 3/29/2011 11:13:18 AM - System Checkpoint

RP813: 3/30/2011 11:53:01 AM - System Checkpoint

RP814: 3/31/2011 11:56:03 AM - System Checkpoint

RP815: 4/1/2011 12:20:24 PM - System Checkpoint

RP816: 4/4/2011 9:34:53 AM - System Checkpoint

RP817: 4/5/2011 11:43:31 AM - System Checkpoint

RP818: 4/7/2011 11:19:27 AM - System Checkpoint

RP819: 4/8/2011 11:37:23 AM - System Checkpoint

RP820: 4/11/2011 9:01:17 AM - System Checkpoint

RP821: 4/12/2011 11:18:15 AM - System Checkpoint

RP822: 4/13/2011 8:26:08 AM - Software Distribution Service 3.0

RP823: 4/14/2011 9:34:45 AM - System Checkpoint

RP824: 4/15/2011 9:44:18 AM - System Checkpoint

RP825: 4/18/2011 10:14:06 AM - System Checkpoint

RP826: 4/19/2011 10:52:08 AM - System Checkpoint

RP827: 4/20/2011 11:21:34 AM - System Checkpoint

RP828: 4/21/2011 9:47:28 AM - Software Distribution Service 3.0

RP829: 4/25/2011 11:18:09 AM - System Checkpoint

RP830: 4/26/2011 2:27:52 PM - System Checkpoint

RP831: 4/27/2011 8:06:27 AM - Software Distribution Service 3.0

RP832: 4/28/2011 11:36:32 AM - System Checkpoint

RP833: 4/29/2011 11:48:08 AM - System Checkpoint

RP834: 5/2/2011 12:00:47 PM - System Checkpoint

RP835: 5/3/2011 1:00:36 PM - System Checkpoint

RP836: 5/4/2011 2:37:02 PM - System Checkpoint

RP837: 5/6/2011 10:26:28 AM - System Checkpoint

RP838: 5/9/2011 11:17:37 AM - System Checkpoint

RP839: 5/11/2011 8:34:51 AM - Software Distribution Service 3.0

RP840: 5/12/2011 11:09:52 AM - System Checkpoint

RP841: 5/16/2011 11:58:01 AM - System Checkpoint

RP842: 5/17/2011 12:16:31 PM - System Checkpoint

RP843: 5/18/2011 12:45:54 PM - System Checkpoint

RP844: 5/20/2011 11:57:55 AM - System Checkpoint

RP845: 5/23/2011 11:11:17 AM - System Checkpoint

RP846: 5/24/2011 11:29:32 AM - System Checkpoint

RP847: 5/25/2011 11:30:05 AM - System Checkpoint

RP848: 5/26/2011 1:59:01 PM - System Checkpoint

RP849: 5/31/2011 11:10:11 AM - System Checkpoint

RP850: 6/1/2011 12:23:23 PM - System Checkpoint

RP851: 6/3/2011 10:42:54 AM - System Checkpoint

RP852: 6/6/2011 11:53:35 AM - System Checkpoint

RP853: 6/7/2011 11:56:51 AM - System Checkpoint

RP854: 6/8/2011 12:46:20 PM - System Checkpoint

RP855: 6/9/2011 12:51:25 PM - System Checkpoint

RP856: 6/10/2011 1:41:19 PM - System Checkpoint

RP857: 6/13/2011 11:20:04 AM - System Checkpoint

RP858: 6/14/2011 12:03:22 PM - System Checkpoint

RP859: 6/15/2011 12:05:03 PM - System Checkpoint

RP860: 6/17/2011 8:25:40 AM - Software Distribution Service 3.0

RP861: 6/20/2011 12:20:10 PM - System Checkpoint

RP862: 6/20/2011 2:13:39 PM - Restore Operation

RP863: 6/20/2011 5:14:00 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

7-Zip 9.19 beta

Acrobat.com

Actiontec Gateway

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.4

Ahead Nero Burning ROM

AT&T WorldNet Service

ATI Display Driver

Brother MFL-Pro Suite

Civilization II Multiplayer Gold Edition

Compatibility Pack for the 2007 Office system

Easy CD Creator 5 Basic

ESET Smart Security

GE Lighting Catalog 1.3

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

HD Tach version 3

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB981793)

InstallMgr

iolo technologies' System Mechanic

Java Auto Updater

Java 6 Update 18

Malwarebytes' Anti-Malware version 1.51.0.1200

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Default Manager

Microsoft Office 2000 Disc 2

Microsoft Office 2000 Small Business

Microsoft Office Word Viewer 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSN Toolbar

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

Nero - Burning Rom

Octoshape add-in for Adobe Flash Player

OGA Notifier 2.0.0048.0

PaperPort

QB Connection Diagnostic Tool

QuickBooks

QuickBooks Online Backup

QuickBooks Pro 2009

QuickBooks Remote Access

QuickConnect

Qwest QuickAssist Desktop Tools

Qwest Quickcare 2.7

Rootkit Unhooker LE 3.8 SR 2

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Sierra Utilities

SoundMAX

SupportSoft Assisted Service

TValue 5

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB971029)

VC 9.0 Runtime

WebFldrs XP

Whitesmoke Translator

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Zeus

.

==== Event Viewer Messages From Past Week ========

.

6/20/2011 9:17:49 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm

6/20/2011 9:16:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/20/2011 2:19:41 PM, error: System Error [1003] - Error code 000000ea, parameter1 824343e0, parameter2 82f33470, parameter3 82f1e2b0, parameter4 00000001.

6/20/2011 2:19:39 PM, error: System Error [1003] - Error code 000000ea, parameter1 8258bc28, parameter2 82f2fa60, parameter3 82ef2340, parameter4 00000001.

6/20/2011 2:19:36 PM, error: System Error [1003] - Error code 000000ea, parameter1 8253aaa0, parameter2 82e69968, parameter3 82f2b0d8, parameter4 00000001.

6/20/2011 2:19:34 PM, error: System Error [1003] - Error code 000000ea, parameter1 82a30020, parameter2 82c9e130, parameter3 82f03528, parameter4 00000001.

6/20/2011 2:19:31 PM, error: System Error [1003] - Error code 000000ea, parameter1 826543d8, parameter2 83219f60, parameter3 82f88560, parameter4 00000001.

6/20/2011 2:19:26 PM, error: System Error [1003] - Error code 000000ea, parameter1 825e8100, parameter2 82fa2930, parameter3 82fb7640, parameter4 00000001.

6/20/2011 2:19:13 PM, error: System Error [1003] - Error code 000000ea, parameter1 82688c98, parameter2 82ff3750, parameter3 82ffa648, parameter4 00000001.

6/20/2011 2:12:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

6/20/2011 11:40:01 AM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00055D53050B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

6/20/2011 10:32:10 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv

6/20/2011 10:32:10 AM, error: Service Control Manager [7000] - The ehdrv service failed to start due to the following error: A device attached to the system is not functioning.

6/20/2011 10:24:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

6/15/2011 8:01:40 AM, error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

6/15/2011 8:01:40 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.

6/14/2011 8:39:13 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\ESET\ESET Smart Security\MFC80U.DLL. Reference error message: The operation completed successfully. .

6/14/2011 8:39:13 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\ESET\ESET Smart Security\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.

6/14/2011 8:39:13 AM, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested

6/14/2011 8:36:33 AM, error: ati2mtag [108] - The driver ati2dvag for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.

6/13/2011 2:40:49 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .

6/13/2011 2:40:49 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL. Reference error message: The operation completed successfully. .

6/13/2011 2:40:49 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

.

==== End Of File ===========================

Link to post
Share on other sites

Your logs looks good. There are some older versions of Java and Adobe Acrobat Reader on your computer. These can be a source of the infection/infections.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel

Adobe Reader 9.4.4

Java

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.