View Full Version : Can not run D.D.S.
I have having an issue with a google hijack virus and have been asked to post my log, but I can not get D.D.S. to run 100%, it will start up in safe mode, but locks up before finishing. Here is a link to my original post detailing my issues.
http://forums.spybot.info/showthread.php?t=64324
Thank you for any help
I am running up to date XP 32bit
Jack&Jill
2011-11-11, 01:52
Hello gob71 :),
Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please post the logs from the tools that you have ran before; C:\ComboFix.txt and C:\TDSSKiller.Version_Date_Time_log.txt.
Hello gob71 :),
Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please post the logs from the tools that you have ran before; C:\ComboFix.txt and C:\TDSSKiller.Version_Date_Time_log.txt.
I am now subscribed, reading the rules do I need to run Erunt first thing when I get home? I can post the TDSSKILLER log, but ComboFix never ran corrrectly, it locked the computer up. I will post the TDS log asap when I get home.
Ran TDSSKILLER
12:34:44.0346 1500 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
12:34:44.0477 1500 ============================================================
12:34:44.0477 1500 Current date / time: 2011/11/12 12:34:44.0477
12:34:44.0477 1500 SystemInfo:
12:34:44.0477 1500
12:34:44.0477 1500 OS Version: 5.1.2600 ServicePack: 3.0
12:34:44.0477 1500 Product type: Workstation
12:34:44.0477 1500 ComputerName: Owner-LAPTOP
12:34:44.0477 1500 UserName: Owner
12:34:44.0477 1500 Windows directory: C:\WINDOWS
12:34:44.0477 1500 System windows directory: C:\WINDOWS
12:34:44.0477 1500 Processor architecture: Intel x86
12:34:44.0477 1500 Number of processors: 1
12:34:44.0477 1500 Page size: 0x1000
12:34:44.0477 1500 Boot type: Safe boot with network
12:34:44.0477 1500 ============================================================
12:34:48.0122 1500 Initialize success
12:34:49.0684 1516 ============================================================
12:34:49.0684 1516 Scan started
12:34:49.0684 1516 Mode: Manual;
12:34:49.0684 1516 ============================================================
12:34:51.0847 1516 26666836 - ok
12:34:51.0927 1516 Abiosdsk - ok
12:34:51.0987 1516 abp480n5 - ok
12:34:52.0088 1516 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
12:34:52.0088 1516 ac97intc - ok
12:34:52.0188 1516 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:34:52.0188 1516 ACPI - ok
12:34:52.0288 1516 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:34:52.0288 1516 ACPIEC - ok
12:34:52.0378 1516 adpu160m - ok
12:34:52.0458 1516 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:34:52.0468 1516 aec - ok
12:34:52.0588 1516 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:34:52.0588 1516 AFD - ok
12:34:52.0658 1516 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:34:52.0658 1516 agp440 - ok
12:34:52.0718 1516 Aha154x - ok
12:34:52.0799 1516 aic78u2 - ok
12:34:52.0869 1516 aic78xx - ok
12:34:52.0969 1516 AliIde - ok
12:34:53.0059 1516 amsint - ok
12:34:53.0139 1516 ApfiltrService (edafe3f9b356d227ebc031bc3fe5efaa) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
12:34:53.0139 1516 ApfiltrService - ok
12:34:53.0299 1516 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:34:53.0299 1516 Arp1394 - ok
12:34:53.0359 1516 asc - ok
12:34:53.0419 1516 asc3350p - ok
12:34:53.0460 1516 asc3550 - ok
12:34:53.0640 1516 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:34:53.0640 1516 AsyncMac - ok
12:34:53.0730 1516 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:34:53.0730 1516 atapi - ok
12:34:53.0810 1516 Atdisk - ok
12:34:53.0920 1516 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:34:53.0920 1516 Atmarpc - ok
12:34:54.0000 1516 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:34:54.0000 1516 audstub - ok
12:34:54.0110 1516 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:34:54.0110 1516 Beep - ok
12:34:54.0251 1516 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:34:54.0251 1516 cbidf2k - ok
12:34:54.0381 1516 cd20xrnt - ok
12:34:54.0491 1516 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:34:54.0491 1516 Cdaudio - ok
12:34:54.0591 1516 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:34:54.0591 1516 Cdfs - ok
12:34:54.0721 1516 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:34:54.0731 1516 Cdrom - ok
12:34:54.0781 1516 Changer - ok
12:34:54.0922 1516 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:34:54.0922 1516 CmBatt - ok
12:34:54.0992 1516 CmdIde - ok
12:34:55.0052 1516 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:34:55.0052 1516 Compbatt - ok
12:34:55.0182 1516 Cpqarray - ok
12:34:55.0272 1516 cs429x (53e6f4b94eb64438164348df7dcf35c5) C:\WINDOWS\system32\drivers\cwawdm.sys
12:34:55.0292 1516 cs429x - ok
12:34:55.0352 1516 dac2w2k - ok
12:34:55.0422 1516 dac960nt - ok
12:34:55.0563 1516 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:34:55.0563 1516 Disk - ok
12:34:55.0723 1516 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:34:55.0783 1516 dmboot - ok
12:34:55.0863 1516 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:34:55.0873 1516 dmio - ok
12:34:55.0943 1516 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:34:55.0953 1516 dmload - ok
12:34:56.0043 1516 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:34:56.0043 1516 DMusic - ok
12:34:56.0193 1516 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:34:56.0203 1516 dot4 - ok
12:34:56.0294 1516 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:34:56.0294 1516 Dot4Print - ok
12:34:56.0354 1516 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
12:34:56.0354 1516 dot4usb - ok
12:34:56.0414 1516 dpti2o - ok
12:34:56.0514 1516 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:34:56.0514 1516 drmkaud - ok
12:34:56.0634 1516 EL90XBC (8b33194d1290595fee065889374ee5f9) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
12:34:56.0634 1516 EL90XBC - ok
12:34:56.0804 1516 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:34:56.0814 1516 Fastfat - ok
12:34:56.0924 1516 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:34:56.0924 1516 Fdc - ok
12:34:57.0035 1516 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:34:57.0035 1516 Fips - ok
12:34:57.0105 1516 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:34:57.0115 1516 Flpydisk - ok
12:34:57.0315 1516 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:34:57.0325 1516 FltMgr - ok
12:34:57.0465 1516 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:34:57.0465 1516 Fs_Rec - ok
12:34:57.0505 1516 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:34:57.0535 1516 Ftdisk - ok
12:34:57.0686 1516 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:34:57.0686 1516 GEARAspiWDM - ok
12:34:57.0796 1516 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:34:57.0826 1516 Gpc - ok
12:34:57.0966 1516 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:34:57.0976 1516 HidUsb - ok
12:34:58.0076 1516 hpn - ok
12:34:58.0186 1516 HSFHWICH (c217100a04e6773cfb2d2a8b4c4ab836) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
12:34:58.0196 1516 HSFHWICH - ok
12:34:58.0327 1516 HSF_DP (757491ec8c95a3aa4814ea25cdc2b1ba) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:34:58.0407 1516 HSF_DP - ok
12:34:58.0527 1516 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:34:58.0537 1516 HTTP - ok
12:34:58.0647 1516 i2omgmt - ok
12:34:58.0707 1516 i2omp - ok
12:34:58.0787 1516 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:34:58.0787 1516 i8042prt - ok
12:34:58.0907 1516 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:34:58.0907 1516 Imapi - ok
12:34:59.0078 1516 ini910u - ok
12:34:59.0168 1516 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:34:59.0178 1516 IntelIde - ok
12:34:59.0318 1516 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:34:59.0318 1516 intelppm - ok
12:34:59.0408 1516 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:34:59.0408 1516 ip6fw - ok
12:34:59.0498 1516 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:34:59.0508 1516 IpFilterDriver - ok
12:34:59.0558 1516 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:34:59.0558 1516 IpInIp - ok
12:34:59.0658 1516 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:34:59.0688 1516 IpNat - ok
12:34:59.0779 1516 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:34:59.0779 1516 IPSec - ok
12:34:59.0859 1516 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:34:59.0859 1516 IRENUM - ok
12:34:59.0949 1516 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:34:59.0959 1516 isapnp - ok
12:35:00.0059 1516 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:35:00.0059 1516 Kbdclass - ok
12:35:00.0139 1516 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:35:00.0149 1516 kmixer - ok
12:35:00.0209 1516 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:35:00.0239 1516 KSecDD - ok
12:35:00.0339 1516 lbrtfdc - ok
12:35:00.0550 1516 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:35:00.0560 1516 mdmxsdk - ok
12:35:00.0670 1516 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:35:00.0670 1516 mnmdd - ok
12:35:00.0800 1516 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:35:00.0800 1516 Modem - ok
12:35:00.0870 1516 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:35:00.0870 1516 Mouclass - ok
12:35:00.0960 1516 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:35:00.0960 1516 MountMgr - ok
12:35:01.0090 1516 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:35:01.0101 1516 MpFilter - ok
12:35:01.0201 1516 MpKsl06753459 - ok
12:35:01.0291 1516 MpKsl06c2b7d5 - ok
12:35:01.0341 1516 MpKsl0ce97650 - ok
12:35:01.0411 1516 MpKsl104f1a89 - ok
12:35:01.0461 1516 MpKsl18b0c8f1 - ok
12:35:01.0511 1516 MpKsl1d5ce3db - ok
12:35:01.0581 1516 MpKsl2098ee12 - ok
12:35:01.0631 1516 MpKsl2c9a16f8 - ok
12:35:01.0731 1516 MpKsl2f587506 - ok
12:35:01.0781 1516 MpKsl492b9faa - ok
12:35:01.0852 1516 MpKsl5c882d1f - ok
12:35:01.0902 1516 MpKsl7c543b59 - ok
12:35:01.0952 1516 MpKsl7c8b4a62 - ok
12:35:02.0032 1516 MpKsl8b2b6408 - ok
12:35:02.0072 1516 MpKslde5af808 - ok
12:35:02.0192 1516 mraid35x - ok
12:35:02.0322 1516 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:35:02.0332 1516 MRxDAV - ok
12:35:02.0472 1516 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:35:02.0513 1516 MRxSmb - ok
12:35:02.0653 1516 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:35:02.0653 1516 Msfs - ok
12:35:02.0773 1516 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:35:02.0773 1516 MSKSSRV - ok
12:35:02.0893 1516 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:35:02.0893 1516 MSPCLOCK - ok
12:35:02.0963 1516 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:35:02.0963 1516 MSPQM - ok
12:35:03.0053 1516 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:35:03.0053 1516 mssmbios - ok
12:35:03.0163 1516 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:35:03.0173 1516 Mup - ok
12:35:03.0304 1516 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:35:03.0324 1516 NDIS - ok
12:35:03.0464 1516 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:35:03.0464 1516 NdisTapi - ok
12:35:03.0534 1516 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:35:03.0534 1516 Ndisuio - ok
12:35:03.0654 1516 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:35:03.0654 1516 NdisWan - ok
12:35:03.0724 1516 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:35:03.0754 1516 NDProxy - ok
12:35:03.0814 1516 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:35:03.0824 1516 NetBIOS - ok
12:35:03.0905 1516 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:35:03.0915 1516 NetBT - ok
12:35:04.0125 1516 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:35:04.0125 1516 NIC1394 - ok
12:35:04.0255 1516 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
12:35:04.0265 1516 NPF - ok
12:35:04.0355 1516 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:35:04.0355 1516 Npfs - ok
12:35:04.0525 1516 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:35:04.0545 1516 Ntfs - ok
12:35:04.0646 1516 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:35:04.0646 1516 Null - ok
12:35:04.0816 1516 nv (2b886df21bf0222cb0078d7d3b1f089f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:35:04.0866 1516 nv - ok
12:35:04.0976 1516 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:35:04.0976 1516 NwlnkFlt - ok
12:35:05.0036 1516 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:35:05.0046 1516 NwlnkFwd - ok
12:35:05.0116 1516 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:35:05.0126 1516 ohci1394 - ok
12:35:05.0236 1516 OMCI (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
12:35:05.0236 1516 OMCI - ok
12:35:05.0347 1516 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:35:05.0347 1516 Parport - ok
12:35:05.0497 1516 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:35:05.0497 1516 PartMgr - ok
12:35:05.0597 1516 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:35:05.0597 1516 ParVdm - ok
12:35:05.0657 1516 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:35:05.0667 1516 PCI - ok
12:35:05.0727 1516 PCIDump - ok
12:35:05.0787 1516 PCIIde - ok
12:35:05.0847 1516 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:35:05.0857 1516 Pcmcia - ok
12:35:05.0907 1516 PDCOMP - ok
12:35:05.0957 1516 PDFRAME - ok
12:35:06.0018 1516 PDRELI - ok
12:35:06.0068 1516 PDRFRAME - ok
12:35:06.0128 1516 perc2 - ok
12:35:06.0228 1516 perc2hib - ok
12:35:06.0508 1516 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:35:06.0508 1516 PptpMiniport - ok
12:35:06.0568 1516 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:35:06.0568 1516 Processor - ok
12:35:06.0669 1516 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:35:06.0669 1516 PSched - ok
12:35:06.0799 1516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:35:06.0799 1516 Ptilink - ok
12:35:06.0869 1516 ql1080 - ok
12:35:06.0919 1516 Ql10wnt - ok
12:35:06.0999 1516 ql12160 - ok
12:35:07.0059 1516 ql1240 - ok
12:35:07.0129 1516 ql1280 - ok
12:35:07.0179 1516 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:35:07.0179 1516 RasAcd - ok
12:35:07.0299 1516 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:35:07.0299 1516 Rasl2tp - ok
12:35:07.0400 1516 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:35:07.0400 1516 RasPppoe - ok
12:35:07.0430 1516 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:35:07.0430 1516 Raspti - ok
12:35:07.0480 1516 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:35:07.0490 1516 Rdbss - ok
12:35:07.0530 1516 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:35:07.0540 1516 RDPCDD - ok
12:35:07.0630 1516 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:35:07.0640 1516 RDPWD - ok
12:35:07.0690 1516 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:35:07.0700 1516 redbook - ok
12:35:07.0810 1516 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:35:07.0810 1516 Secdrv - ok
12:35:07.0870 1516 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:35:07.0870 1516 serenum - ok
12:35:07.0900 1516 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:35:07.0900 1516 Serial - ok
12:35:07.0970 1516 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:35:07.0970 1516 Sfloppy - ok
12:35:08.0000 1516 Simbad - ok
12:35:08.0071 1516 snapman (68fc62a72bd6d8e9dfe3718440be94a0) C:\WINDOWS\system32\DRIVERS\snapman.sys
12:35:08.0081 1516 snapman - ok
12:35:08.0111 1516 Sparrow - ok
12:35:08.0141 1516 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:35:08.0141 1516 splitter - ok
12:35:08.0171 1516 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:35:08.0181 1516 sr - ok
12:35:08.0281 1516 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:35:08.0301 1516 Srv - ok
12:35:08.0411 1516 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:35:08.0411 1516 swenum - ok
12:35:08.0471 1516 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:35:08.0471 1516 swmidi - ok
12:35:08.0501 1516 symc810 - ok
12:35:08.0531 1516 symc8xx - ok
12:35:08.0591 1516 sym_hi - ok
12:35:08.0621 1516 sym_u3 - ok
12:35:08.0651 1516 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:35:08.0651 1516 sysaudio - ok
12:35:08.0762 1516 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:35:08.0802 1516 Tcpip - ok
12:35:08.0872 1516 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:35:08.0872 1516 TDPIPE - ok
12:35:09.0002 1516 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
12:35:09.0012 1516 tdrpman - ok
12:35:09.0082 1516 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:35:09.0092 1516 TDTCP - ok
12:35:09.0222 1516 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:35:09.0252 1516 TermDD - ok
12:35:09.0453 1516 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
12:35:09.0453 1516 tifsfilter - ok
12:35:09.0533 1516 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
12:35:09.0553 1516 timounter - ok
12:35:09.0573 1516 TosIde - ok
12:35:09.0633 1516 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:35:09.0673 1516 Udfs - ok
12:35:09.0963 1516 ultra - ok
12:35:10.0214 1516 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:35:10.0344 1516 Update - ok
12:35:10.0524 1516 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:35:10.0544 1516 USBAAPL - ok
12:35:10.0794 1516 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:35:10.0804 1516 usbaudio - ok
12:35:10.0935 1516 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:35:10.0935 1516 usbccgp - ok
12:35:11.0025 1516 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:35:11.0025 1516 usbhub - ok
12:35:11.0095 1516 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:35:11.0115 1516 usbprint - ok
12:35:11.0285 1516 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:35:11.0295 1516 usbscan - ok
12:35:11.0435 1516 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:35:11.0435 1516 USBSTOR - ok
12:35:11.0515 1516 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:35:11.0546 1516 usbuhci - ok
12:35:11.0676 1516 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
12:35:11.0676 1516 usb_rndisx - ok
12:35:11.0766 1516 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:35:11.0786 1516 VgaSave - ok
12:35:11.0886 1516 ViaIde - ok
12:35:12.0036 1516 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:35:12.0046 1516 VolSnap - ok
12:35:12.0237 1516 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:35:12.0247 1516 Wanarp - ok
12:35:12.0307 1516 WDICA - ok
12:35:12.0417 1516 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:35:12.0417 1516 wdmaud - ok
12:35:12.0557 1516 winachsf (3085330815cb14fc740053b610f8a1d3) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:35:12.0597 1516 winachsf - ok
12:35:12.0767 1516 wlluc48 (dca17912a1926ae427537648fc0e74d5) C:\WINDOWS\system32\DRIVERS\wlluc48.sys
12:35:12.0777 1516 wlluc48 - ok
12:35:13.0148 1516 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:35:13.0348 1516 \Device\Harddisk0\DR0 - ok
12:35:13.0368 1516 Boot (0x1200) (2da6e617265b64f19022c6f7eb40675a) \Device\Harddisk0\DR0\Partition0
12:35:13.0368 1516 \Device\Harddisk0\DR0\Partition0 - ok
12:35:13.0398 1516 ============================================================
12:35:13.0398 1516 Scan finished
12:35:13.0398 1516 ============================================================
12:35:13.0468 1508 Detected object count: 0
12:35:13.0468 1508 Actual detected object count: 0
Jack&Jill
2011-11-13, 04:24
Hello gob71 :),
Please delete the previous DDS copy that you have, then download a fresh copy to the desktop. Click here. (http://download.bleepingcomputer.com/sUBs/dds.scr)
Go to Start > Run.... Copy and paste the following text into the white box:
"%userprofile%\desktop\dds.scr" /nombr
Click OK. A command window will appear and scan will commence.
Shortly after, two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you to save and post the logs.
Save the logs to a convenient location such as your desktop.
Copy the contents of both logs and post them in your next reply.
--------------------
Please download aswMBR and save it to your desktop. Click here. (http://public.avast.com/~gmerek/aswMBR.exe)
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the aswMBR.exe file to run it. If you are asked to download an antivirus software, please allow.
Click on the Scan button to start. The program will launch a scan.
When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
Please post the contents of the log in your next reply.
--------------------
Please post back:
1. the DDS logs (DDS.txt and Attach.txt)
2. aswMBR log
I still cannot get DDS to run a complete scan, even after deleting and re-downloading the new version, it still gets to the same point and freezes/lock up the computer.
Here is the ASWMBR log
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-12 23:25:41
-----------------------------
23:25:41.655 OS Version: Windows 5.1.2600 Service Pack 3
23:25:41.655 Number of processors: 1 586 0x207
23:25:41.655 ComputerName: Owner-LAPTOP UserName: Owner
23:25:41.956 Initialize success
23:28:35.505 AVAST engine defs: 11111201
23:28:53.892 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
23:28:53.912 Disk 0 Vendor: WDC_WD600VE-07HDT0 09.07D09 Size: 57231MB BusType: 3
23:28:55.944 Disk 0 MBR read successfully
23:28:55.964 Disk 0 MBR scan
23:28:56.075 Disk 0 Windows XP default MBR code
23:28:56.105 Disk 0 scanning sectors +117210240
23:28:56.175 Disk 0 scanning C:\WINDOWS\system32\drivers
23:29:13.820 Service scanning
23:29:18.637 Modules scanning
23:29:25.197 Disk 0 trace - called modules:
23:29:25.257 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:29:25.277 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8331fab8]
23:29:25.307 3 CLASSPNP.SYS[f8890fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83346b00]
23:29:27.820 AVAST engine scan C:\WINDOWS
23:30:00.307 AVAST engine scan C:\WINDOWS\system32
23:31:12.671 File: C:\WINDOWS\system32\inetcplc9.dll **INFECTED** Win32:Malware-gen
23:34:24.477 AVAST engine scan C:\WINDOWS\system32\drivers
23:34:48.111 AVAST engine scan C:\Documents and Settings\Owner
23:58:35.984 AVAST engine scan C:\Documents and Settings\All Users
23:59:02.011 Scan finished successfully
23:59:51.883 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:59:51.933 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Jack&Jill
2011-11-14, 18:32
Hello gob71 :),
DDS not running this round because using that method is not the right one. Got it mixed up with another tool.
Please download DDS and save it to your desktop. Click here. (http://download.bleepingcomputer.com/sUBs/Beta/dds.exe)
Double click on DDS.exe and a settings window will appear.
Check (tick):
dds.txt
attach.txt
Under scan options, ensure check MBR is unchecked (unticked).
Click on Start to commence.
Shortly after, two logs will appear:
DDS.txt
Attach.txt
Save the logs to a convenient location such as your desktop.
Copy the contents of both logs and post them in your next reply.
--------------------
Please post back:
1. the DDS logs (DDS.txt and Attach.txt)
NOTE- I have my comp named after me, I replaced the names with OWNER in the TXT, is that ok?
ATTACH FILE TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2009 10:42:47 PM
System Uptime: 11/14/2011 6:00:13 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | Inspiron 8200
Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz | Microprocessor | 1794/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 32.777 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 11/6/2011 6:54:59 PM - System Checkpoint
RP2: 11/6/2011 11:36:54 PM - Installed Java(TM) 6 Update 29
RP3: 11/8/2011 8:16:05 PM - Removed Java(TM) 6 Update 12
RP4: 11/8/2011 8:32:02 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AccessDirect
Acronis*True*Image*WD*Edition
Actiontec MD56ORD V92 MDC Modem
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Dell TrueMobile 1180 Internal 802.11b Mini PCI Card
Free Audio CD Burner version 1.4
Free Audio CD to MP3 Converter version 1.3
Free DVD Video Converter version 1.1
Free iPod Video Converter 1.34
Free Mp3 Wma Converter V 1.9
Free Video to iPod Converter version 3.4
Free Video to MP3 Converter version 3.4
Free YouTube Download 3 version 3.0.4.628
Free YouTube Download version 3.0.13.815
Free YouTube to MP3 Converter version 3.9.40.602
GigglePop e*valPal Plus for NADA
Google Chrome
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTC Touch Pro2 User Guide
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Live Bid Control Kit Setup
Magic MP3 Tagger 2.2.6
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 7.0.1 (x86 en-US)
MP3 Cutter 1.5
Mp3tag v2.45a
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PocketPC/Smartphone Update Wizard (remove only)
QuickTime
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Simulcast Video Plugin (Internet Explorer)
Spybot - Search & Destroy
TagScanner 5.1 build 555
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Used Car Xpress
Video Download Capture V2.4.5
Videora iPod Converter 5.04
VLC media player 1.0.3
VoiceOver Kit
Wayne Reaves Car Program
WcarUp
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 8:18:58 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
11/8/2011 7:53:04 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1367.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/8/2011 7:45:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/8/2011 7:22:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/8/2011 7:22:57 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
11/8/2011 7:22:57 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/8/2011 7:22:57 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/8/2011 7:22:57 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/8/2011 7:22:57 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/8/2011 7:22:57 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/8/2011 7:22:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/7/2011 7:58:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/7/2011 7:44:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/7/2011 12:22:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
11/7/2011 12:14:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
11/7/2011 12:14:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
11/7/2011 12:14:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
11/7/2011 12:14:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
11/7/2011 12:14:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: Owner Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
11/7/2011 12:06:10 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
11/7/2011 12:06:10 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
11/7/2011 12:06:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
11/7/2011 12:06:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: Owner Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
11/7/2011 12:06:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/7/2011 12:06:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/7/2011 12:05:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/7/2011 12:05:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
11/12/2011 12:51:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1367.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/12/2011 11:29:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1367.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
.
==== End Of File ===========================
DDS TXT
DDS (Ver_2011-09-30.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by OWNER at 18:03:48 on 2011-11-14
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.347 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\OWNER\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_Plugin.exe -update plugin
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\OWNER\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OWNER\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259161517292
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A8F57C59-9AD1-492C-B71D-2D90AD97DBA9} : DHCPNameServer = 192.168.2.1
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\OWNER\application data\mozilla\firefox\profiles\hykzwa8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AtoEu.MyDuQycydxJDNikOlG2vAI
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60848
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\OWNER\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKsl06753459;MpKsl06753459;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02065891-3f17-4033-9da0-e553f7762462}\mpksl06753459.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02065891-3f17-4033-9da0-e553f7762462}\MpKsl06753459.sys [?]
S1 MpKsl06c2b7d5;MpKsl06c2b7d5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4b9e7a3-b56b-4f6e-a395-663bc9dd2933}\mpksl06c2b7d5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4b9e7a3-b56b-4f6e-a395-663bc9dd2933}\MpKsl06c2b7d5.sys [?]
S1 MpKsl0ce97650;MpKsl0ce97650;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbb7438c-35d9-49e4-bdbe-fcc8bd52f423}\mpksl0ce97650.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbb7438c-35d9-49e4-bdbe-fcc8bd52f423}\MpKsl0ce97650.sys [?]
S1 MpKsl104f1a89;MpKsl104f1a89;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{914f958e-e732-4b4b-b0da-c71d178667e3}\mpksl104f1a89.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{914f958e-e732-4b4b-b0da-c71d178667e3}\MpKsl104f1a89.sys [?]
S1 MpKsl18b0c8f1;MpKsl18b0c8f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03dca112-2fd8-4273-bd98-239e261c787e}\mpksl18b0c8f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03dca112-2fd8-4273-bd98-239e261c787e}\MpKsl18b0c8f1.sys [?]
S1 MpKsl1d5ce3db;MpKsl1d5ce3db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8bd429-96db-4cab-807f-6af44714325e}\mpksl1d5ce3db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8bd429-96db-4cab-807f-6af44714325e}\MpKsl1d5ce3db.sys [?]
S1 MpKsl2098ee12;MpKsl2098ee12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17f40f73-b59c-4fde-aec1-2e7a0b6bd64b}\mpksl2098ee12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17f40f73-b59c-4fde-aec1-2e7a0b6bd64b}\MpKsl2098ee12.sys [?]
S1 MpKsl2c9a16f8;MpKsl2c9a16f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43bc38af-e431-4613-8113-3f07aaaa2876}\mpksl2c9a16f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43bc38af-e431-4613-8113-3f07aaaa2876}\MpKsl2c9a16f8.sys [?]
S1 MpKsl2f587506;MpKsl2f587506;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f39569a-b513-4acd-9400-79a1a6937edb}\mpksl2f587506.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f39569a-b513-4acd-9400-79a1a6937edb}\MpKsl2f587506.sys [?]
S1 MpKsl492b9faa;MpKsl492b9faa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf0f4da6-22f1-4f18-8cd9-28d9acff0766}\mpksl492b9faa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf0f4da6-22f1-4f18-8cd9-28d9acff0766}\MpKsl492b9faa.sys [?]
S1 MpKsl5c882d1f;MpKsl5c882d1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8b6adff-3c64-47e1-a50f-7fa1f6dba09d}\mpksl5c882d1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8b6adff-3c64-47e1-a50f-7fa1f6dba09d}\MpKsl5c882d1f.sys [?]
S1 MpKsl7c543b59;MpKsl7c543b59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d241811-9a84-4e70-b3a4-f4e822bb2902}\mpksl7c543b59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d241811-9a84-4e70-b3a4-f4e822bb2902}\MpKsl7c543b59.sys [?]
S1 MpKsl7c8b4a62;MpKsl7c8b4a62;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\mpksl7c8b4a62.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\MpKsl7c8b4a62.sys [?]
S1 MpKsl8b2b6408;MpKsl8b2b6408;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\mpksl8b2b6408.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\MpKsl8b2b6408.sys [?]
S1 MpKslde5af808;MpKslde5af808;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb61df90-165b-4cc5-9940-78ce104a4c80}\mpkslde5af808.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb61df90-165b-4cc5-9940-78ce104a4c80}\MpKslde5af808.sys [?]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-4-18 50704]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 26666836;26666836; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-12 41272]
.
=============== Created Last 30 ================
.
2011-11-14 23:00:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54b1e0aa-e09e-46c1-98e5-36dc11ece7a2}\offreg.dll
2011-11-13 04:32:48 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-13 04:30:33 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54b1e0aa-e09e-46c1-98e5-36dc11ece7a2}\mpengine.dll
2011-11-12 17:44:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-09 01:31:21 -------- d-----w- c:\windows\LastGood.Tmp
2011-11-08 01:06:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 00:58:36 -------- d--h--w- c:\windows\PIF
2011-11-07 04:57:34 -------- d-s---w- C:\ComboFix
2011-11-07 04:25:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 03:36:32 -------- d-sha-r- C:\cmdcons
2011-11-07 03:34:32 98816 ----a-w- c:\windows\sed.exe
2011-11-07 03:34:32 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 03:34:32 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 01:23:00 -------- d-----w- C:\WINSSLog
2011-11-06 21:54:15 69120 --sha-r- c:\windows\system32\inetcplc9.dll
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-09 16:46:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:04:52.15 ===============
Thank you again for your help and patience.
This was done in Safe Mode, does that make a difference?
Jack&Jill
2011-11-15, 17:33
Hello gob71 :),
OK to change name if you prefer it that way.
It does make a difference when running the tools in Safe Mode. Please do all the other steps in Normal Mode unles I request you to do otherwise. If you face any issue, please let me know.
--------------------
Check for additional security risks
Please download CKScanner© by askey127 and save to your desktop. Click here. (http://downloads.malwareremoval.com/CKScanner.exe)
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.
Please run the program only once.
--------------------
Please delete the ComboFix copy that you have and save a fresh copy to the desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)
Go to Start > Run.... Copy and paste the following text into the white box:
"%userprofile%\desktop\ComboFix.exe" /nombr
Click OK. ComboFix will now run a scan on your system.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
--------------------
Please post back:
1. CKScanner log
2. ComboFix log
COMBOFIX
ComboFix 11-11-15.06 - OWNER 11/15/2011 20:14:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.289 [GMT -5:00]
Running from: c:\documents and settings\Cassidy\desktop\ComboFix.exe
Command switches used :: /nombr
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\OWNER\Application Data\Adobe\plugs
c:\documents and settings\OWNER\Application Data\Adobe\shed
c:\documents and settings\OWNER\Local Settings\Application Data\{A6229D32-CF4F-46AA-B529-C0F352C72582}
c:\documents and settings\OWNER\Local Settings\Application Data\{A6229D32-CF4F-46AA-B529-C0F352C72582}\chrome.manifest
c:\documents and settings\OWNER\Local Settings\Application Data\{A6229D32-CF4F-46AA-B529-C0F352C72582}\chrome\content\overlay.xul
c:\documents and settings\OWNER\Local Settings\Application Data\{A6229D32-CF4F-46AA-B529-C0F352C72582}\install.rdf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\tsoc.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-13 04:32 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-13 04:30 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54B1E0AA-E09E-46C1-98E5-36DC11ECE7A2}\mpengine.dll
2011-11-12 17:44 . 2011-11-12 17:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-09 00:57 . 2011-11-09 00:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-11-08 01:06 . 2011-11-12 17:44 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 00:58 . 2011-11-08 00:58 -------- d--h--w- c:\windows\PIF
2011-11-07 04:38 . 2011-11-07 04:38 -------- d-----w- c:\program files\Common Files\Java
2011-11-07 04:25 . 2011-11-07 04:27 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 01:23 . 2011-11-07 01:24 -------- d-----w- C:\WINSSLog
2011-11-06 22:14 . 2011-11-06 22:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-06 21:54 . 2011-11-06 21:54 69120 --sha-r- c:\windows\system32\inetcplc9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 23:18 . 2011-05-16 05:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2009-11-25 03:31 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06 . 2010-05-26 02:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06 . 2003-03-20 21:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-04-12 08:06 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-04-12 08:06 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-04-12 08:12 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2009-12-03 16:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2004-04-12 08:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-04-12 08:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-04-12 08:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 03:12 . 2011-06-03 04:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\OWNER\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2001-11-06 131072]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2002-11-01 208560]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^Seagate 2GH26QJW Product Registration.lnk]
path=c:\documents and settings\OWNER\Start Menu\Programs\Startup\Seagate 2GH26QJW Product Registration.lnk
backup=c:\windows\pss\Seagate 2GH26QJW Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-29 13:22 136176 ----atw- c:\documents and settings\OWNER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 18:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\OWNER\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
S1 MpKsl06753459;MpKsl06753459;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02065891-3F17-4033-9DA0-E553F7762462}\MpKsl06753459.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02065891-3F17-4033-9DA0-E553F7762462}\MpKsl06753459.sys [?]
S1 MpKsl06c2b7d5;MpKsl06c2b7d5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4B9E7A3-B56B-4F6E-A395-663BC9DD2933}\MpKsl06c2b7d5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4B9E7A3-B56B-4F6E-A395-663BC9DD2933}\MpKsl06c2b7d5.sys [?]
S1 MpKsl0ce97650;MpKsl0ce97650;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBB7438C-35D9-49E4-BDBE-FCC8BD52F423}\MpKsl0ce97650.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DBB7438C-35D9-49E4-BDBE-FCC8BD52F423}\MpKsl0ce97650.sys [?]
S1 MpKsl104f1a89;MpKsl104f1a89;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{914F958E-E732-4B4B-B0DA-C71D178667E3}\MpKsl104f1a89.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{914F958E-E732-4B4B-B0DA-C71D178667E3}\MpKsl104f1a89.sys [?]
S1 MpKsl18b0c8f1;MpKsl18b0c8f1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03DCA112-2FD8-4273-BD98-239E261C787E}\MpKsl18b0c8f1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03DCA112-2FD8-4273-BD98-239E261C787E}\MpKsl18b0c8f1.sys [?]
S1 MpKsl1d5ce3db;MpKsl1d5ce3db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB8BD429-96DB-4CAB-807F-6AF44714325E}\MpKsl1d5ce3db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB8BD429-96DB-4CAB-807F-6AF44714325E}\MpKsl1d5ce3db.sys [?]
S1 MpKsl2098ee12;MpKsl2098ee12;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F40F73-B59C-4FDE-AEC1-2E7A0B6BD64B}\MpKsl2098ee12.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17F40F73-B59C-4FDE-AEC1-2E7A0B6BD64B}\MpKsl2098ee12.sys [?]
S1 MpKsl2c9a16f8;MpKsl2c9a16f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43BC38AF-E431-4613-8113-3F07AAAA2876}\MpKsl2c9a16f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{43BC38AF-E431-4613-8113-3F07AAAA2876}\MpKsl2c9a16f8.sys [?]
S1 MpKsl2f587506;MpKsl2f587506;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F39569A-B513-4ACD-9400-79A1A6937EDB}\MpKsl2f587506.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F39569A-B513-4ACD-9400-79A1A6937EDB}\MpKsl2f587506.sys [?]
S1 MpKsl492b9faa;MpKsl492b9faa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF0F4DA6-22F1-4F18-8CD9-28D9ACFF0766}\MpKsl492b9faa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF0F4DA6-22F1-4F18-8CD9-28D9ACFF0766}\MpKsl492b9faa.sys [?]
S1 MpKsl5c882d1f;MpKsl5c882d1f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8B6ADFF-3C64-47E1-A50F-7FA1F6DBA09D}\MpKsl5c882d1f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8B6ADFF-3C64-47E1-A50F-7FA1F6DBA09D}\MpKsl5c882d1f.sys [?]
S1 MpKsl7c543b59;MpKsl7c543b59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D241811-9A84-4E70-B3A4-F4E822BB2902}\MpKsl7c543b59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D241811-9A84-4E70-B3A4-F4E822BB2902}\MpKsl7c543b59.sys [?]
S1 MpKsl7c8b4a62;MpKsl7c8b4a62;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C7B35C-1996-46B8-AB2D-A6D094376DBE}\MpKsl7c8b4a62.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C7B35C-1996-46B8-AB2D-A6D094376DBE}\MpKsl7c8b4a62.sys [?]
S1 MpKsl8b2b6408;MpKsl8b2b6408;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C7B35C-1996-46B8-AB2D-A6D094376DBE}\MpKsl8b2b6408.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{74C7B35C-1996-46B8-AB2D-A6D094376DBE}\MpKsl8b2b6408.sys [?]
S1 MpKslde5af808;MpKslde5af808;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB61DF90-165B-4CC5-9940-78CE104A4C80}\MpKslde5af808.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CB61DF90-165B-4CC5-9940-78CE104A4C80}\MpKslde5af808.sys [?]
S3 26666836;26666836; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/12/2011 12:44 PM 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-492894223-1957994488-1004Core.job
- c:\documents and settings\OWNER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 13:22]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-492894223-1957994488-1004UA.job
- c:\documents and settings\OWNER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 13:22]
.
2011-11-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OWNER\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\hykzwa8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AtoEu.MyDuQycydxJDNikOlG2vAI
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60848
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-GigglePop.com evalPal Plus for NADA - c:\windows\suinsta4001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 20:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2011-11-15 20:33:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-16 01:33
.
Pre-Run: 34,540,924,928 bytes free
Post-Run: 36,535,570,432 bytes free
.
- - End Of File - - 92BBADCB600E35477D1320CFB08E05F7
CKFILES
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.RAAPTI
----- EOF -----
Note- I have read the warnings on here, I do not have any file sharing installed anymore, It was deleted long ago but shows for some reason in that report under startup, not sure why. Thanks again for any help
Jack&Jill
2011-11-17, 16:58
Hello gob71 :),
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. ESET results
2. how is the computer behaving now?
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FakeBillCourtCologne.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity69.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\OWNER\Desktop\Phone\autorun.inf Win32/AutoRun.Agent.FC worm
C:\Documents and Settings\OWNER\My Documents\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application
MSE will now load upon start up, but it remains a red box w/x and it will not allow me to start " Real Time Protection", Also each time I restart the windows firewall is turned off. I am still redirected when doing searches on google and yahoo.
OK I am mistaken, not MSE will turn green, and the redirect is gone. I did not select it to remove the threats, should I do that now? IT says 5 threats found, 0 cleaned.
Jack&Jill
2011-11-18, 18:01
Hello gob71 :),
We will deal with some of the ESET findings in this step. The remaining entries are backups from Spybot.
--------------------
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.
Run ComboFix script
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:
http://forums.spybot.info/showthread.php?t=64338
Collect::
c:\windows\system32\inetcplc9.dll
C:\Documents and Settings\OWNER\Desktop\Phone\autorun.inf
File::
c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\pss\LimeWire On Startup.lnkStartup
C:\Documents and Settings\OWNER\My Documents\Downloads\Setup_FreeConverter.exe
Driver::
26666836
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=1
Firefox::
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\hykzwa8x.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60848
Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).
http://i582.photobucket.com/albums/ss269/Cat_Byte/images/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update, please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
ComboFix will also ask to upload some bad files for analysis. Please follow the steps accordingly.
When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.
--------------------
Please post back:
1. ComboFix log
Combo Fix hangs up and the computer locks up, having to be restarted.
Jack&Jill
2011-11-19, 06:37
Hello gob71 :),
Please download MiniRegTool© by farbar and save it to your desktop.
Click here - 32-bit version. (http://download.bleepingcomputer.com/farbar/MiniRegTool.zip)
Extract the file to the desktop using 7-Zip (http://www.7-zip.org/) or a suitable archive utility that handles Zip files.
Double click on MiniRegTool.exe to run it.
Copy and paste the following text into the white box:
LimeWire
standardprofile
Please select:
Search:
Click on the Go button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.
--------------------
Upload file(s) to VirusTotal (VT) for an online scan. Click here. (http://www.virustotal.com)
Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:
c:\windows\system32\inetcplc9.dll
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
Post the results in your next response.
Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti (http://virusscan.jotti.org/) or VirScan (http://virscan.org/) (VS) with similar steps.
A result from either one of the above scanners would be sufficient.
--------------------
Please post back:
1. MiniRegTool log
2. VT result
MINIREG
MiniRegTool by Farbar
Ran by oWNER (administrator) on 2011-11-19 at 09:06:21
==========================================
Search Result For: "LimeWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
""="LimeWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
"DefaultIcon"=""C:\Program Files\LimeWire\LimeWire.exe",0"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
"Description"="LimeWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\LimeWire]
"ShellExecute"=""C:\Program Files\LimeWire\LimeWire.exe" "%URL""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\LimeWire]
[HKEY_CURRENT_USER\Software\Classes\.torrent]
""="LimeWire"
[HKEY_CURRENT_USER\Software\Classes\LimeWire]
[HKEY_CURRENT_USER\Software\Classes\LimeWire]
""="LimeWire Torrent"
[HKEY_CURRENT_USER\Software\Classes\LimeWire\DefaultIcon]
""="C:\Program Files\LimeWire\LimeWire.exe,1"
[HKEY_CURRENT_USER\Software\Classes\LimeWire\shell\open\command]
""=""C:\Program Files\LimeWire\LimeWire.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\magnet\DefaultIcon]
""=""C:\Program Files\LimeWire\LimeWire.exe",0"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
""=""C:\Program Files\LimeWire\LimeWire.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"backup"="C:\WINDOWS\pss\LimeWire On Startup.lnkStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"command"="C:\PROGRA~1\LimeWire\LimeWire.exe -startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"item"="LimeWire On Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1417001333-492894223-1957994488-1004\Components\C092FA47FB82BD113BA600313DEA14A1]
"C9B4E34C8C410BE499B85812B1E6DD16"="C?\Program Files\Common Files\Acronis\BackupScripts\limewire_4.1.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\Program Files\Common Files\Acronis\BackupScripts\limewire_4.1.xml"="1"
==========================================
Search Result For: "standardprofile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
==== End of Search ====
VirusTotal
File name:
inetcplc.dll
Submission date:
2011-11-20 01:22:05 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.11.19.00 2011.11.19 -
AntiVir 7.11.17.231 2011.11.18 -
Antiy-AVL 2.0.3.7 2011.11.19 -
Avast 6.0.1289.0 2011.11.19 -
AVG 10.0.0.1190 2011.11.19 -
BitDefender 7.2 2011.11.19 -
ByteHero 1.0.0.1 2011.11.14 -
ClamAV 0.97.3.0 2011.11.19 -
Commtouch 5.3.2.6 2011.11.19 -
Comodo 10780 2011.11.18 -
DrWeb 5.0.2.03300 2011.11.20 -
Emsisoft 5.1.0.11 2011.11.20 -
eSafe 7.0.17.0 2011.11.18 -
eTrust-Vet 37.0.9576 2011.11.19 -
F-Prot 4.6.5.141 2011.11.19 -
F-Secure 9.0.16440.0 2011.11.20 -
Fortinet 4.3.370.0 2011.11.19 -
GData 22.283/22.517 2011.11.19 -
Ikarus T3.1.1.109.0 2011.11.19 -
Jiangmin 13.0.900 2011.11.16 -
K7AntiVirus 9.119.5497 2011.11.19 -
Kaspersky 9.0.0.837 2011.11.19 -
McAfee 5.400.0.1158 2011.11.20 -
McAfee-GW-Edition 2010.1D 2011.11.20 -
Microsoft 1.7801 2011.11.19 -
NOD32 6644 2011.11.20 -
Norman 6.07.13 2011.11.19 -
nProtect 2011-11-19.01 2011.11.19 -
Panda 10.0.3.5 2011.11.19 -
PCTools 8.0.0.5 2011.11.20 -
Prevx 3.0 2011.11.20 -
Rising 23.84.04.02 2011.11.18 -
Sophos 4.71.0 2011.11.19 -
SUPERAntiSpyware 4.40.0.1006 2011.11.19 -
Symantec 20111.2.0.82 2011.11.20 -
TheHacker 6.7.0.1.345 2011.11.19 -
TrendMicro 9.500.0.1008 2011.11.19 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.20 -
VBA32 3.12.16.4 2011.11.18 -
VIPRE 11091 2011.11.19 -
ViRobot 2011.11.19.4782 2011.11.19 -
VirusBuster 14.1.73.0 2011.11.19 -
Additional information
MD5 : 60a29d924ac51a64f1bcaf6f43626915
SHA1 : 8e4640b293c32c8a6abe9de658af732cff7db6a5
SHA256: ab5b916704d481a63e9de7d74833f6658315fb08fa7270a40b53b0c746adfb31
VT Community
VirSCAN.org Scanned Report :
Scanned time : 2011/11/19 20:27:04 (EST)
Scanner results: Scanners did not find malware!
File Name : inetcplc.dll
File Size : 110592 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 60a29d924ac51a64f1bcaf6f43626915
SHA1 : 8e4640b293c32c8a6abe9de658af732cff7db6a5
Online report : http://r.virscan.org/f0026116f5444719393f5965753e3ab0
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111120090206 2011-11-20 0.26 -
AhnLab V3 2011.11.19.00 2011.11.19 2011-11-19 2.51 -
AntiVir 8.2.6.116 7.11.17.231 2011-11-18 0.27 -
Antiy 2.0.18 20111120.14290528 2011-11-20 0.02 -
Arcavir 2011 201111190120 2011-11-19 3.07 -
Authentium 5.1.1 201111191819 2011-11-19 1.44 -
AVAST! 4.7.4 111119-1 2011-11-19 0.01 -
AVG 10.0.1405 2090/4027 2011-11-19 0.08 -
BitDefender 7.90123.9170313 7.39907 2011-11-20 4.55 -
ClamAV 0.97.1 13965 2011-11-19 0.04 -
Comodo 5.1 10780 2011-11-17 1.92 -
CP Secure 1.3.0.5 2011.11.19 2011-11-19 0.05 -
Dr.Web 5.0.2.3300 2011.11.20 2011-11-20 15.74 -
F-Prot 4.6.2.117 20111119 2011-11-19 0.78 -
F-Secure 7.02.73807 2011.11.19.03 2011-11-19 0.19 -
Fortinet 4.2.257 14.373 2011-11-19 0.10 -
GData 22.2833 20111120 2011-11-20 5.40 -
ViRobot 20111119 2011.11.19 2011-11-19 0.34 -
Ikarus T3.1.32.20.0 2011.11.19.79833 2011-11-19 4.93 -
JiangMin 13.0.900 2011.11.19 2011-11-19 1.93 -
Kaspersky 5.5.10 2011.11.20 2011-11-20 0.10 -
KingSoft 2009.2.5.15 2011.11.20.9 2011-11-20 0.87 -
McAfee 5400.1158 6535 2011-11-19 11.12 -
Microsoft 1.7801 2011.11.20 2011-11-20 3.56 -
NOD32 3.0.21 6641 2011-11-18 0.01 -
Norman 6.07.11 6.07.00 2011-09-17 18.02 -
Panda 9.05.01 2011.11.19 2011-11-19 3.26 -
Trend Micro 9.500-1005 8.584.06 2011-11-19 0.03 -
Quick Heal 11.00 2011.11.18 2011-11-18 5.83 -
Rising 20.0 23.84.04.02 2011-11-18 0.98 -
Sophos 3.24.4 4.70 2011-11-20 4.45 -
Sunbelt 3.9.2515.2 11091 2011-11-19 0.67 -
Symantec 1.3.0.24 20111118.004 2011-11-18 0.05 -
nProtect 20111119.01 12993033 2011-11-19 1.17 -
The Hacker 6.7.0.1 v00345 2011-11-19 0.52 -
VBA32 3.12.16.4 20111118.1105 2011-11-18 4.66 -
VirusBuster 5.4.0.10 14.1.73.0/6835106 2011-11-20 0.01 -
Jack&Jill
2011-11-20, 06:17
Hello gob71 :),
The VT scan you did was not on the file that I specified, but no worries, we will proceed to the next step.
We need to disable Spybot S&D's Teatimer real-time protection temporarily as it will interfere with the fix. Please minimize going online when your security softwares are disabled or not active.
First step:
Right click the Spybot icon that looks like a blue/white calendar with a padlock symbol in the System Tray (lower right corner where the clock is situated).
For version 1.6, the steps are similar to either one of the below.
If you have version 1.5, click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked (unticked). The Spybot icon should now be colorless.
If you have Version 1.4, click on Exit Spybot S&D Resident.
Second step, for either version:
Open Spybot S&D.
Click Mode, choose Advanced Mode.
Go to the bottom of the vertical panel on the left, click Tools.
Then, also in left panel, click on Resident that shows a red/white shield.
If your firewall raises a question, say OK.
In the Resident protection status frame, uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
OK any prompts.
Exit Spybot S&D and reboot your machine for the changes to take effect.
Remember to enable it after the fix.
--------------------
Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.
Link 1 (http://aumha.org/downloads/erunt-setup.exe)
Link 2 (http://download.cnet.com/ERUNT/3000-2242_4-49213.html)
Link 3 (http://majorgeeks.com/Erunt_d1267.html)
Backup your registry with ERUNT
Double click on erunt-setup.exe and run the installation setup.
Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
Continue until you get prompted to run ERUNT at startup. Choose No.
Next, make sure Launch ERUNT is checked (ticked) and click Finish.
Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.
--------------------
Please download OTM© by Old Timer from one of the links below and save it to your desktop.
Link 1 (http://oldtimer.geekstogo.com/OTM.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTM.exe)
Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
:files
c:\windows\system32\inetcplc9.dll
C:\Documents and Settings\OWNER\Desktop\Phone\autorun.inf
c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk
c:\windows\pss\LimeWire On Startup.lnkStartup
C:\Documents and Settings\OWNER\My Documents\Downloads\Setup_FreeConverter.exe
C:\Program Files\LimeWire
:services
26666836
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[-HKEY_CURRENT_USER\Software\Classes\LimeWire]
[-HKEY_CURRENT_USER\Software\Classes\.torrent]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\LimeWire]
[-HKEY_CURRENT_USER\Software\Magnet]
[-HKEY_CURRENT_USER\Software\Classes\magnet]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\standardprofile]
"EnableFirewall"=1
:commands
[CREATERESTOREPOINT]
[emptytemp]
Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.
--------------------
Please post back:
1. OTM log
========== FILES ==========
LoadLibrary failed for c:\windows\system32\inetcplc9.dll
c:\windows\system32\inetcplc9.dll moved successfully.
File/Folder C:\Documents and Settings\OWNER\Desktop\Phone\autorun.inf not found.
File/Folder c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found.
c:\windows\pss\LimeWire On Startup.lnkStartup moved successfully.
File/Folder C:\Documents and Settings\OWNER\My Documents\Downloads\Setup_FreeConverter.exe not found.
File/Folder C:\Program Files\LimeWire not found.
========== SERVICES/DRIVERS ==========
Service 26666836 stopped successfully!
Service 26666836 deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\standardprofile\GloballyOpenPorts\List\\26675:TCP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\LimeWire\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.torrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\LimeWire\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Magnet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\magnet\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\standardprofile\\"EnableFirewall"|1 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)
OTM by OldTimer - Version 3.1.19.0 log created on 11202011_002151
Jack&Jill
2011-11-20, 08:14
Hello gob71 :),
We are almost done.
There are some proxy settings in Firefox:
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60848
If you did not set them, it can be cleared up with the following step.
Please download MiniToolBox© by farbar and save it to your desktop. Click here. (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe)
Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
Flush DNS
Reset FF Proxy Settings
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.
--------------------
Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.
Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Adobe Reader 9.4.6
Go to the Adobe download page. Click here. (http://get.adobe.com/reader/)
If your OS is not the same as stated, click on Do you have a different language or operating system? link.
Under the Select an operating system title, choose the OS that you have.
Change the language at the Select a language title.
Next, select the version of the reader at the Select a Version title.
Uncheck (untick) to opt out of Google Chrome installation.
Click the Download now button to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
If your OS is the same, uncheck (untick) to opt out of McAfee Security Scan Plus installation.
Click Download to proceed. Allow if prompted and save the file to a convenient location.
Run the downloaded file to continue with the installation.
Alternatively, you can try Foxit Reader Portable (http://download.cnet.com/Foxit-Reader-Portable/3000-18497_4-75157356.html) or Nuance PDF Reader (http://download.cnet.com/Nuance-PDF-Reader/3000-18497_4-75128752.html).
--------------------
Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.
Mozilla Firefox 7.0.1 (x86 en-US)
Please update your Firefox browser to the latest.
Open Firefox.
Go to Help on the pull down menu, then select About Firefox.
Click on the Check for Updates button.
Continue accordingly and close it when done.
--------------------
Rerun DDS and post back DDS.txt.
--------------------
Please post back:
1. MiniToolBox result
2. DDS.txt
3. any more problems?
MiniToolBox by Farbar
Ran by OWNER (administrator) on 20-11-2011 at 09:03:32
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
**** End of log ****
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2009 10:42:47 PM
System Uptime: 11/20/2011 8:51:11 AM (1 hours ago)
.
Motherboard: Dell Computer Corporation | | Inspiron 8200
Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz | Microprocessor | 1196/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 33.403 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2C7EC041354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2C7EC041354FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP1: 11/6/2011 6:54:59 PM - System Checkpoint
RP2: 11/6/2011 11:36:54 PM - Installed Java(TM) 6 Update 29
RP3: 11/8/2011 8:16:05 PM - Removed Java(TM) 6 Update 12
RP4: 11/8/2011 8:32:02 PM - Software Distribution Service 3.0
RP5: 11/14/2011 6:26:39 PM - Software Distribution Service 3.0
RP6: 11/18/2011 12:18:20 AM - System Checkpoint
RP7: 11/18/2011 1:37:25 AM - Software Distribution Service 3.0
RP8: 11/19/2011 9:19:01 AM - Software Distribution Service 3.0
RP9: 11/20/2011 12:22:05 AM - OTM Restore Point
RP10: 11/20/2011 8:53:27 AM - Removed Adobe Reader 9.4.6.
RP11: 11/20/2011 9:00:53 AM - Installed Adobe Reader X (10.1.1).
.
==== Installed Programs ======================
.
AccessDirect
Acronis*True*Image*WD*Edition
Actiontec MD56ORD V92 MDC Modem
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Dell TrueMobile 1180 Internal 802.11b Mini PCI Card
ERUNT 1.1j
ESET Online Scanner v3
Free Audio CD Burner version 1.4
Free Audio CD to MP3 Converter version 1.3
Free DVD Video Converter version 1.1
Free iPod Video Converter 1.34
Free Mp3 Wma Converter V 1.9
Free Video to iPod Converter version 3.4
Free Video to MP3 Converter version 3.4
Free YouTube Download 3 version 3.0.4.628
Free YouTube Download version 3.0.13.815
Free YouTube to MP3 Converter version 3.9.40.602
Google Chrome
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTC Touch Pro2 User Guide
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Live Bid Control Kit Setup
Magic MP3 Tagger 2.2.6
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 8.0 (x86 en-US)
MP3 Cutter 1.5
Mp3tag v2.45a
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PocketPC/Smartphone Update Wizard (remove only)
QuickTime
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Simulcast Video Plugin (Internet Explorer)
Spybot - Search & Destroy
TagScanner 5.1 build 555
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Used Car Xpress
Video Download Capture V2.4.5
Videora iPod Converter 5.04
VLC media player 1.0.3
VoiceOver Kit
Wayne Reaves Car Program
WcarUp
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/15/2011 8:26:22 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
11/15/2011 8:14:08 PM, error: Service Control Manager [7034] - The WLTRYSVC service terminated unexpectedly. It has done this 1 time(s).
11/14/2011 6:17:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/14/2011 6:12:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/14/2011 6:11:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1773.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2011 6:11:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/14/2011 6:02:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
.
==== End Of File ===========================
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 9:11:09 on 2011-11-20
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.235 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [cdloader] "c:\documents and settings\Owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Owner\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Owner\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259161517292
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A8F57C59-9AD1-492C-B71D-2D90AD97DBA9} : DHCPNameServer = 192.168.2.1
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Owner\application data\mozilla\firefox\profiles\hykzwa8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AtoEu.MyDuQycydxJDNikOlG2vAI
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl3c32aa1d;MpKsl3c32aa1d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\MpKsl3c32aa1d.sys [2011-11-20 28752]
S1 MpKsl03eff81e;MpKsl03eff81e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\mpksl03eff81e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\MpKsl03eff81e.sys [?]
S1 MpKsl06753459;MpKsl06753459;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02065891-3f17-4033-9da0-e553f7762462}\mpksl06753459.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02065891-3f17-4033-9da0-e553f7762462}\MpKsl06753459.sys [?]
S1 MpKsl06c2b7d5;MpKsl06c2b7d5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4b9e7a3-b56b-4f6e-a395-663bc9dd2933}\mpksl06c2b7d5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4b9e7a3-b56b-4f6e-a395-663bc9dd2933}\MpKsl06c2b7d5.sys [?]
S1 MpKsl0ce97650;MpKsl0ce97650;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbb7438c-35d9-49e4-bdbe-fcc8bd52f423}\mpksl0ce97650.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbb7438c-35d9-49e4-bdbe-fcc8bd52f423}\MpKsl0ce97650.sys [?]
S1 MpKsl104f1a89;MpKsl104f1a89;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{914f958e-e732-4b4b-b0da-c71d178667e3}\mpksl104f1a89.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{914f958e-e732-4b4b-b0da-c71d178667e3}\MpKsl104f1a89.sys [?]
S1 MpKsl18b0c8f1;MpKsl18b0c8f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03dca112-2fd8-4273-bd98-239e261c787e}\mpksl18b0c8f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03dca112-2fd8-4273-bd98-239e261c787e}\MpKsl18b0c8f1.sys [?]
S1 MpKsl1d5ce3db;MpKsl1d5ce3db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8bd429-96db-4cab-807f-6af44714325e}\mpksl1d5ce3db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8bd429-96db-4cab-807f-6af44714325e}\MpKsl1d5ce3db.sys [?]
S1 MpKsl2098ee12;MpKsl2098ee12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17f40f73-b59c-4fde-aec1-2e7a0b6bd64b}\mpksl2098ee12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17f40f73-b59c-4fde-aec1-2e7a0b6bd64b}\MpKsl2098ee12.sys [?]
S1 MpKsl2c9a16f8;MpKsl2c9a16f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43bc38af-e431-4613-8113-3f07aaaa2876}\mpksl2c9a16f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43bc38af-e431-4613-8113-3f07aaaa2876}\MpKsl2c9a16f8.sys [?]
S1 MpKsl2f587506;MpKsl2f587506;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f39569a-b513-4acd-9400-79a1a6937edb}\mpksl2f587506.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f39569a-b513-4acd-9400-79a1a6937edb}\MpKsl2f587506.sys [?]
S1 MpKsl492b9faa;MpKsl492b9faa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf0f4da6-22f1-4f18-8cd9-28d9acff0766}\mpksl492b9faa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf0f4da6-22f1-4f18-8cd9-28d9acff0766}\MpKsl492b9faa.sys [?]
S1 MpKsl5c882d1f;MpKsl5c882d1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8b6adff-3c64-47e1-a50f-7fa1f6dba09d}\mpksl5c882d1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8b6adff-3c64-47e1-a50f-7fa1f6dba09d}\MpKsl5c882d1f.sys [?]
S1 MpKsl7c543b59;MpKsl7c543b59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d241811-9a84-4e70-b3a4-f4e822bb2902}\mpksl7c543b59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d241811-9a84-4e70-b3a4-f4e822bb2902}\MpKsl7c543b59.sys [?]
S1 MpKsl7c8b4a62;MpKsl7c8b4a62;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\mpksl7c8b4a62.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\MpKsl7c8b4a62.sys [?]
S1 MpKsl8b2b6408;MpKsl8b2b6408;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\mpksl8b2b6408.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\MpKsl8b2b6408.sys [?]
S1 MpKslc5279bdf;MpKslc5279bdf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b06ed6e-003d-4efc-bd4a-2a6bacd68a39}\mpkslc5279bdf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b06ed6e-003d-4efc-bd4a-2a6bacd68a39}\MpKslc5279bdf.sys [?]
S1 MpKslca2955dd;MpKslca2955dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\mpkslca2955dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\MpKslca2955dd.sys [?]
S1 MpKslde5af808;MpKslde5af808;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb61df90-165b-4cc5-9940-78ce104a4c80}\mpkslde5af808.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb61df90-165b-4cc5-9940-78ce104a4c80}\MpKslde5af808.sys [?]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-12 41272]
.
=============== Created Last 30 ================
.
2011-11-20 14:05:01 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\MpKsl3c32aa1d.sys
2011-11-20 14:04:54 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\offreg.dll
2011-11-20 14:04:21 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\mpengine.dll
2011-11-20 05:21:51 -------- d-----w- C:\_OTM
2011-11-20 01:38:17 -------- d-s---w- C:\ComboFix
2011-11-18 04:17:27 -------- d-----w- c:\program files\ESET
2011-11-13 04:32:48 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-12 17:44:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-08 01:06:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 00:58:36 -------- d--h--w- c:\windows\PIF
2011-11-07 04:25:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 03:36:32 -------- d-sha-r- C:\cmdcons
2011-11-07 03:34:32 98816 ----a-w- c:\windows\sed.exe
2011-11-07 03:34:32 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 03:34:32 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 01:23:00 -------- d-----w- C:\WINSSLog
.
==================== Find3M ====================
.
2011-11-14 23:18:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 9:13:08.79 ===============
When I try to update FireFox it says it is already current(release 8.0), and not allowing me to update. So far everything seems to work great, MSE loads fine and turns green indicating it is working with real time protection. I no longer get yahoo or google redirects. Is it possible to run spybot's tea timer in conjunction with MSE? would that protect more? Would one protect better than the other?
Jack&Jill
2011-11-21, 02:09
Hello gob71 :),
The latest logs show Firefox is already updated.
You can run Spybot together with MSE as one is an antispyware whereas the latter is an antivirus. They complement each other. I will have some security recommendations for you after this.
--------------------
There are some unwanted or outdated add-ons / plugins in Firefox.
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
Please uninstall or disable them according to Uninstalling add-ons (http://support.mozilla.com/en-US/kb/Uninstalling%20add-ons).
--------------------
Please backup the registry with ERUNT.
Rerun OTM
Double click OTM.exe to run it.
Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
:services
MpKsl03eff81e
MpKsl06753459
MpKsl06c2b7d5
MpKsl0ce97650
MpKsl104f1a89
MpKsl18b0c8f1
MpKsl1d5ce3db
MpKsl2098ee12
MpKsl2c9a16f8
MpKsl2f587506
MpKsl492b9faa
MpKsl5c882d1f
MpKsl7c543b59
MpKsl7c8b4a62
MpKsl8b2b6408
MpKslc5279bdf
MpKslca2955dd
MpKslde5af808
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478}=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
{32683183-48a0-441b-a342-7c2a440a9478}=-
:commands
[CREATERESTOREPOINT]
[emptytemp]
Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.
--------------------
Please post back:
1. OTM log
2. fresh DDS.txt
I can't locate adobe 9.0 to uninstall in my plugin list on FF. I can find the folder manually, should I just delete it instead.
OTM
All processes killed
========== SERVICES/DRIVERS ==========
Service MpKsl03eff81e stopped successfully!
Service MpKsl03eff81e deleted successfully!
Service MpKsl06753459 stopped successfully!
Service MpKsl06753459 deleted successfully!
Service MpKsl06c2b7d5 stopped successfully!
Service MpKsl06c2b7d5 deleted successfully!
Service MpKsl0ce97650 stopped successfully!
Service MpKsl0ce97650 deleted successfully!
Service MpKsl104f1a89 stopped successfully!
Service MpKsl104f1a89 deleted successfully!
Service MpKsl18b0c8f1 stopped successfully!
Service MpKsl18b0c8f1 deleted successfully!
Service MpKsl1d5ce3db stopped successfully!
Service MpKsl1d5ce3db deleted successfully!
Service MpKsl2098ee12 stopped successfully!
Service MpKsl2098ee12 deleted successfully!
Service MpKsl2c9a16f8 stopped successfully!
Service MpKsl2c9a16f8 deleted successfully!
Service MpKsl2f587506 stopped successfully!
Service MpKsl2f587506 deleted successfully!
Service MpKsl492b9faa stopped successfully!
Service MpKsl492b9faa deleted successfully!
Service MpKsl5c882d1f stopped successfully!
Service MpKsl5c882d1f deleted successfully!
Service MpKsl7c543b59 stopped successfully!
Service MpKsl7c543b59 deleted successfully!
Service MpKsl7c8b4a62 stopped successfully!
Service MpKsl7c8b4a62 deleted successfully!
Service MpKsl8b2b6408 stopped successfully!
Service MpKsl8b2b6408 deleted successfully!
Service MpKslc5279bdf stopped successfully!
Service MpKslc5279bdf deleted successfully!
Service MpKslca2955dd stopped successfully!
Service MpKslca2955dd deleted successfully!
Service MpKslde5af808 stopped successfully!
Service MpKslde5af808 deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\\{32683183-48a0-441b-a342-7c2a440a9478} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: Cassidy
->Temp folder emptied: 86092 bytes
->Temporary Internet Files folder emptied: 636334 bytes
->FireFox cache emptied: 77270096 bytes
->Google Chrome cache emptied: 368755687 bytes
->Flash cache emptied: 241499 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 24824 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1645180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 117324 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 429.00 mb
OTM by OldTimer - Version 3.1.19.0 log created on 11202011_200004
Files moved on Reboot...
Registry entries deleted on Reboot...
DDS
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by OWNER at 20:07:55 on 2011-11-20
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.249 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [cdloader] "c:\documents and settings\OWNER\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\OWNER\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OWNER\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259161517292
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A8F57C59-9AD1-492C-B71D-2D90AD97DBA9} : DHCPNameServer = 192.168.2.1
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\OWNER\application data\mozilla\firefox\profiles\hykzwa8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AtoEu.MyDuQycydxJDNikOlG2vAI
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\OWNER\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl0edec845;MpKsl0edec845;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\MpKsl0edec845.sys [2011-11-20 28752]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-12 41272]
.
=============== Created Last 30 ================
.
2011-11-21 01:03:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\offreg.dll
2011-11-21 00:25:37 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\MpKsl0edec845.sys
2011-11-20 15:02:10 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\mpengine.dll
2011-11-20 05:21:51 -------- d-----w- C:\_OTM
2011-11-20 01:38:17 -------- d-s---w- C:\ComboFix
2011-11-18 04:17:27 -------- d-----w- c:\program files\ESET
2011-11-13 04:32:48 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-12 17:44:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-08 01:06:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 00:58:36 -------- d--h--w- c:\windows\PIF
2011-11-07 04:25:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 03:36:32 -------- d-sha-r- C:\cmdcons
2011-11-07 03:34:32 98816 ----a-w- c:\windows\sed.exe
2011-11-07 03:34:32 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 03:34:32 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 01:23:00 -------- d-----w- C:\WINSSLog
.
==================== Find3M ====================
.
2011-11-14 23:18:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:09:09.90 ===============
Did you want the attach.txt too?
Jack&Jill
2011-11-21, 05:12
Hello gob71 :),
Yes, you can delete this folder:
c:\program files\adobe\reader 9.0
You might want to remove this and get a newer version as well:
Japanese Fonts Support For Adobe Reader 9
Attach.txt not needed.
--------------------
Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Run OTM by double clicking on OTM.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the aswMBR, DDS, CKScanner, MiniRegTool and MiniToolBox files on your desktop.
Delete any logs on the desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.
3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.
4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications. You need to choose between WinPatrol and Spybot and keep only one of them installed.
5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.
6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.
7. Protect your computer from removable or USB drive infections with MCShield (http://amf.mycity.rs/programs/mc/mcshield/), an effective method to prevent malware from spreading.
8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.
9. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)
Stay safe.
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)
THANK YOU THANK YOU THANK YOU.....I have taken your advice and installed those programs,except I kept Spybot S&D and activated the tea timer. I appreciate all your help. Will be making a spybot donation.
Jack&Jill
2011-11-21, 06:17
Glad to be of help and you are welcome :).
And thank you for the donation.
I will keep the topic open for another day in case you have any questions, then it will be archived.
Jack&Jill
2011-11-23, 02:00
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)