Jump to content

XP Total Security 2012


Recommended Posts

Hi,

My computer was recently infected with this virus. I followed many of the recommendations in the various posts and have recovered substantially from the virus but several problems remain. I can get free version of Malwarebytes to load but when I try and launch the utility - nothing happens. I am interest in the PRO version but I don't have any confidence at this point I could get that to run. Also, I cannot get DDS to run until completion. It locks after about 3 minutes and I have to re-boot.

I was able to run GMER, OTL and TDSSKiller and have enclosed their logs. Any help would be appreciated. Thank You

OTL

OTL logfile created on: 7/20/2011 8:32:52 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = E:\Documents and Settings\eric\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.54 Mb Total Physical Memory | 346.93 Mb Available Physical Memory | 54.25% Memory free

1.53 Gb Paging File | 1.23 Gb Available in Paging File | 80.77% Paging File free

Paging file location(s): E:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files

Drive E: | 74.52 Gb Total Space | 60.36 Gb Free Space | 81.00% Space Free | Partition Type: NTFS

Computer Name: JOHNSONPC | User Name: eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/20 20:29:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\eric\Desktop\OTL.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- e:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- E:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/08/25 13:23:04 | 000,368,640 | ---- | M] () -- E:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/10/07 08:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe

PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

========== Modules (SafeList) ==========

MOD - [2011/07/20 20:29:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\eric\Desktop\OTL.exe

MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- e:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- E:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/02/11 20:12:38 | 000,167,936 | ---- | M] () [Auto | Stopped] -- E:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe -- (WLSVC)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKslb263ba33)

DRV - File not found [Kernel | System | Running] -- -- (MpKsl451fb389)

DRV - [2011/07/20 20:26:54 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- e:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4583119E-1359-4ADA-A116-B2E6F9E7C375}\MpKsl7fc8e0fe.sys -- (MpKsl7fc8e0fe)

DRV - [2010/03/22 23:53:12 | 000,816,672 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\AE1000XP.sys -- (AE1000)

DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mf.sys -- (mf)

DRV - [2008/02/27 11:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)

DRV - [2007/07/19 01:40:08 | 000,264,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)

DRV - [2005/11/23 23:45:45 | 000,371,349 | ---- | M] (Illusion & Hope.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\BT848.sys -- (BT848)

DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)

DRV - [2003/03/31 05:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\vdmindvd.sys -- (vdmindvd)

DRV - [2002/08/28 16:00:48 | 000,010,880 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\admjoy.sys -- (admjoy)

DRV - [2001/10/05 15:13:46 | 000,702,080 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\adm8830.sys -- (wdm_au8830) Aureal Vortex 8830 Audio Driver (WDM)

DRV - [2001/08/17 07:02:48 | 000,272,640 | ---- | M] (RAVISENT Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\cinemclc.sys -- (cinemclc)

DRV - [2001/08/17 06:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)

DRV - [2001/08/17 05:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)

DRV - [2000/02/08 11:33:28 | 000,016,288 | ---- | M] () [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\SCFBPNT.SYS -- (ScFBPNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: E:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: e:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=5: E:\Documents and Settings\eric\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/07/17 16:36:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/06/26 18:03:16 | 000,000,000 | ---D | M]

[2009/05/18 19:55:31 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\eric\Application Data\Mozilla\Extensions

[2011/07/19 21:57:18 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\waqkodpo.default\extensions

[2010/04/26 16:36:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\waqkodpo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/05/15 13:52:03 | 000,000,000 | ---D | M] (ReloadEvery) -- E:\Documents and Settings\eric\Application Data\Mozilla\Firefox\Profiles\waqkodpo.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2009/05/18 19:55:17 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/03/31 05:00:00 | 000,000,734 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Photo Downloader] E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [MSC] e:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [search Protection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKCU..\Run: [YSearchProtection] E:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk = E:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} E:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec.com/techsupp/activedata/nprdtinf.cab (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131841980016 (WUWebControl Class)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: E:\Documents and Settings\eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: E:\Documents and Settings\eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 20:30:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\eric\Desktop\OTL.exe

[2011/07/20 18:12:05 | 000,606,738 | R--- | C] (Swearware) -- E:\Documents and Settings\eric\Desktop\dds.scr

[2011/07/20 17:50:49 | 000,000,000 | R--D | C] -- E:\Documents and Settings\eric\Start Menu\Programs\Administrative Tools

[2011/07/20 17:49:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/20 17:49:33 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/20 17:49:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/20 17:49:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys

[2011/07/20 17:49:21 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware

[2011/07/19 19:51:58 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware(2)

[2011/07/19 18:06:18 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\NtmsData

[2011/07/19 17:54:28 | 000,000,000 | ---D | C] -- E:\Program Files\Avira

[2011/07/19 17:54:28 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Avira

[2011/07/17 18:26:07 | 000,000,000 | ---D | C] -- E:\Documents and Settings\eric\Desktop\Downloads

[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

[4 E:\WINDOWS\System32\dllcache\*.tmp files -> E:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/20 20:31:39 | 001,383,430 | ---- | M] () -- E:\Documents and Settings\eric\Desktop\tdsskiller.zip

[2011/07/20 20:30:58 | 000,000,424 | -H-- | M] () -- E:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/07/20 20:29:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\eric\Desktop\OTL.exe

[2011/07/20 20:25:48 | 000,013,646 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl

[2011/07/20 20:24:51 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat

[2011/07/20 20:24:47 | 670,670,848 | -HS- | M] () -- E:\hiberfil.sys

[2011/07/20 20:24:47 | 000,256,656 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT

[2011/07/20 19:26:16 | 000,001,192 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUser.job

[2011/07/20 19:08:34 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK

[2011/07/20 18:12:09 | 000,606,738 | R--- | M] (Swearware) -- E:\Documents and Settings\eric\Desktop\dds.scr

[2011/07/20 17:49:37 | 000,000,784 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/19 20:48:56 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\eric\defogger_reenable

[2011/07/18 20:08:39 | 000,016,800 | -HS- | M] () -- E:\Documents and Settings\All Users\Application Data\wr82dta03sn337opb5168r31

[2011/07/18 20:08:38 | 000,016,800 | -HS- | M] () -- E:\Documents and Settings\eric\Local Settings\Application Data\wr82dta03sn337opb5168r31

[2011/07/17 17:48:41 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\eric\Desktop\settings.dat

[2011/07/16 17:03:46 | 000,001,744 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys

[2011/06/25 21:22:15 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

[4 E:\WINDOWS\System32\dllcache\*.tmp files -> E:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/20 20:31:41 | 001,383,430 | ---- | C] () -- E:\Documents and Settings\eric\Desktop\tdsskiller.zip

[2011/07/20 17:49:36 | 000,000,784 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/19 21:32:36 | 670,670,848 | -HS- | C] () -- E:\hiberfil.sys

[2011/07/19 20:48:56 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\eric\defogger_reenable

[2011/07/17 17:48:41 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\eric\Desktop\settings.dat

[2011/07/16 17:10:57 | 000,016,800 | -HS- | C] () -- E:\Documents and Settings\eric\Local Settings\Application Data\wr82dta03sn337opb5168r31

[2011/07/16 17:10:57 | 000,016,800 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\wr82dta03sn337opb5168r31

[2011/03/28 05:49:13 | 001,048,408 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/03/12 12:45:53 | 000,020,480 | ---- | C] () -- E:\WINDOWS\System32\drivers\WLNdis50.sys

[2011/03/11 20:01:59 | 000,013,931 | R--- | C] () -- E:\WINDOWS\System32\RaCoInst.dat

[2010/03/28 11:11:43 | 000,001,744 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat

[2009/05/18 19:55:33 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat

[2008/04/06 09:40:14 | 000,000,000 | ---- | C] () -- E:\WINDOWS\QuickInstall.INI

[2007/11/21 06:28:04 | 000,001,759 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/01/09 22:37:24 | 000,004,608 | ---- | C] () -- E:\Documents and Settings\eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/12/27 13:18:39 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\eric\Application Data\dm.ini

[2005/12/18 16:46:09 | 000,000,052 | ---- | C] () -- E:\WINDOWS\KA.INI

[2005/11/12 22:14:18 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI

[2005/11/12 18:43:20 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat

[2005/11/12 17:27:30 | 000,016,288 | ---- | C] () -- E:\WINDOWS\System32\drivers\SCFBPNT.SYS

[2005/11/12 17:13:53 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat

[2005/11/12 17:03:38 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat

[2005/11/12 08:54:33 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI

[2005/11/12 08:53:03 | 000,256,656 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT

[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin

[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat

[2003/03/31 05:00:00 | 000,432,778 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat

[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat

[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat

[2003/03/31 05:00:00 | 000,067,734 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat

[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin

[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat

[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat

[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\dcache.bin

[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat

[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- E:\WINDOWS\System32\REGOBJ.DLL

< End of report >

Extras:

OTL Extras logfile created on: 7/20/2011 8:32:52 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = E:\Documents and Settings\eric\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.54 Mb Total Physical Memory | 346.93 Mb Available Physical Memory | 54.25% Memory free

1.53 Gb Paging File | 1.23 Gb Available in Paging File | 80.77% Paging File free

Paging file location(s): E:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files

Drive E: | 74.52 Gb Total Space | 60.36 Gb Free Space | 81.00% Space Free | Partition Type: NTFS

Computer Name: JOHNSONPC | User Name: eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "E:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\Program Files\Schwab\SSPro\SSPro.exe" = E:\Program Files\Schwab\SSPro\SSPro.exe:*:Enabled:StreetSmart Pro® -- (Charles Schwab & Co., Inc.)

"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"E:\Program Files\Yahoo!\Messenger\YServer.exe" = E:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

"E:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe" = E:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"E:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe" = E:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"E:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = E:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"E:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = E:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"E:\Documents and Settings\eric\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = E:\Documents and Settings\eric\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)

"E:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = E:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)

"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NMRK" = NetMeeting Resource Kit 3.0

"ScanCraft CS-P" = ScanCraft CS-P

"ST6UNST #1" = SoaringPilot Terminal 1.3.4

"ST6UNST #2" = SoaringPilot Terminal 1.3.4 (E:\Program Files\SPTERM\)

"ST6UNST #3" = SoaringPilot Terminal 1.3.4 (E:\Program Files\SPTERM\) #3

"ST6UNST #4" = SoaringPilot Terminal 1.3.4 (E:\Program Files\SPTERM\) #4

"TradeLog" = TradeLog

"TradeLog Demo" = TradeLog Demo

"TradeLog Tutorial" = TradeLog Tutorial

"TradeLog_is1" = Tradelog

"TurboTax 2008" = TurboTax 2008

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"TurboTax Premier 2005" = TurboTax Premier 2005

"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Extras" = Yahoo! Browser Services

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/7/2011 10:12:54 PM | Computer Name = JOHNSONPC | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2011 8:56:26 PM | Computer Name = JOHNSONPC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 4/15/2011 7:16:24 PM | Computer Name = JOHNSONPC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 4/16/2011 12:38:45 PM | Computer Name = JOHNSONPC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,

P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/16/2011 8:11:18 PM | Computer Name = JOHNSONPC | Source = Application Error | ID = 1000

Description = Faulting application plugin-container.exe, version 1.9.2.4182, faulting

module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 7/16/2011 8:12:31 PM | Computer Name = JOHNSONPC | Source = MPSampleSubmission | ID = 5000

Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P2 1.1.7000.0, P3 1.107.1931.0, P4 1.107.1931.0, P5 200057b3e8c763af_a9df69bbc40969f7c73e019b22bc50360b3cba4f,

P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 7/17/2011 9:35:46 AM | Computer Name = JOHNSONPC | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 7/17/2011 9:35:47 AM | Computer Name = JOHNSONPC | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 7/17/2011 7:05:35 PM | Computer Name = JOHNSONPC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 7/18/2011 10:08:35 PM | Computer Name = JOHNSONPC | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

[ System Events ]

Error - 7/19/2011 8:52:25 PM | Computer Name = JOHNSONPC | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error

message: The referenced assembly is not installed on your system. .

Error - 7/19/2011 8:52:25 PM | Computer Name = JOHNSONPC | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for E:\DOCUME~1\eric\LOCALS~1\Temp\RarSFX0\redist.dll.

Reference

error message: The operation completed successfully. .

Error - 7/19/2011 11:56:52 PM | Computer Name = JOHNSONPC | Source = Service Control Manager | ID = 7022

Description = The Avira AntiVir Guard service hung on starting.

Error - 7/20/2011 12:25:54 AM | Computer Name = JOHNSONPC | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/20/2011 12:26:55 AM | Computer Name = JOHNSONPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

avgio avipbb Fips MpFilter Processor ssmdrv

Error - 7/20/2011 12:51:29 AM | Computer Name = JOHNSONPC | Source = Service Control Manager | ID = 7022

Description = The Avira AntiVir Guard service hung on starting.

Error - 7/20/2011 1:00:25 AM | Computer Name = JOHNSONPC | Source = Microsoft Antimalware | ID = 2003

Description = %%860 has encountered an error trying to update the engine. New Engine

Version: 1.1.5502.0 Previous Engine Version: Engine Type: %%802 User: NT AUTHORITY\SYSTEM

Error

Code: 0x80070666 Error description: Another version of this product is already installed.

Installation of this version cannot continue. To configure or remove the existing

version of this product, use Add/Remove Programs on the Control Panel.

Error - 7/20/2011 1:00:25 AM | Computer Name = JOHNSONPC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: 1.89.1521.0 Previous Signature Version: Update Source: %%817 Update Stage:

%%854 Source Path: Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: 1.1.5502.0 Previous Engine Version: Error code: 0x80070666 Error

description: Another version of this product is already installed. Installation

of this version cannot continue. To configure or remove the existing version of

this product, use Add/Remove Programs on the Control Panel.

Error - 7/20/2011 1:00:25 AM | Computer Name = JOHNSONPC | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: 1.89.1521.0 Previous Signature Version: Update Source: %%817 Update Stage:

%%854 Source Path: Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: 1.1.5502.0 Previous Engine Version: Error code: 0x80070666 Error

description: Another version of this product is already installed. Installation

of this version cannot continue. To configure or remove the existing version of

this product, use Add/Remove Programs on the Control Panel.

Error - 7/20/2011 1:00:26 AM | Computer Name = JOHNSONPC | Source = Microsoft Antimalware | ID = 2004

Description = %%860 has encountered an error trying to load signatures and will

attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error

Code: 0x80070002 Error description: The system cannot find the file specified. Signature

version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

< End of report >

ark.txt

TDSSKiller.2.5.11.0_20.07.2011_20.40.16_log.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello screen317,

Thank You for your help. Unfortunately, ComboFix hangs up during the scan and I usually give up after an hour or so. DDS also hangs up during it's scan and I have to reboot also. Malwarbytes still won't run either. Everything else is seems decent. I ran Super Anti-Virus and it found several items and sent them to quarantine. But that did not solve my other problems. Any other ideas would be appreciated.

Thank You

Link to post
Share on other sites

  • Staff

Hi,

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.