Virus - "Microsoft Security Essentials Alert"

[FlaCajun]

A seperate window has opened titled, "Microsoft Security Essentials Alert".
None of the buttons have been clicked.

I have read the 'Forum' instructions.
The virus is on the kid's laptop which runs very slow.
Laptop is an Acer, AMD Processor 3400+, 1.79 GHz, 448 MB RAM,
MS Windows XP Media Center Edition, Version 2002, Service Pack 2

Laptop has Malware, Spybot and McAfee.

Currently the laptop is not connected to the network.
I am using my desktop to communicate with the Spybot Forum.

Erunt & DDS have been run on the laptop.
DDS.txt is 11kb in size and Attach.txt is 6kb.
Attach.txt has not been compressed.

Files were transfered via flash drive back and forth from my desktop to kid's laptop and vice versa.
McAfee virus scan was run on the flash drive with the files and they are clean.

Please advise if you would like the files uploaded and if Attach.txt needs to be compressed.
Thanks.

[Blade81]

Hi,

Post contents of fresh dds.txt & attach.txt to your reply.

[FlaCajun]

Here are the logs. Also the computer is running very slow.


DDS (Ver_10-11-10.01) - FAT32x86
Run by Admin at 14:23:52.20 on Fri 11/26/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.73 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Windows PC Defender *On-access scanning enabled* (Updated) {E9258D2E-6595-49AF-A259-6C6D1654D33F}
FW: Windows PC Defender *enabled* {28910011-2B0A-49CA-8C49-831540C7A686}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\Desktop\dds.scr
C:\Program Files\Common Files\McAfee\HackerWatch\HWUpdChk.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\1.1.25.0\GoogleUpdate.exe" /lang en
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [<NO NAME>]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\youtub~1.lnk - c:\documents and settings\admin\local settings\application data\youtube\uploader\youtubeuploader.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\imvu.lnk - c:\documents and settings\admin\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Cmdsub - {69CB7877-A624-457E-A1A2-12BA24BEEB36} - c:\windows\system32\cerusb.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts:

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-11 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-11 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-11 144704]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-9 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-23 38224]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-11 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-11 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-11 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-11 40552]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-11 34248]

=============== Created Last 30 ================

2010-11-26 16:49:00 54016 ----a-w- c:\windows\system32\drivers\rbbaykj.sys
2010-11-11 19:34:30 -------- d-sh--w- C:\FOUND.000

==================== Find3M ====================

2010-11-26 15:55:54 138566 ----a-w- c:\windows\system32\winstats32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9AT00 rev.MB4OA60A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x84D60446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84d66504]; MOV EAX, [0x84d66580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x84D73750]
3 CLASSPNP[0xF76DF05B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\000000ac[0x84DC83B8]
5 ACPI[0xF74B5620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x84DC8030]
\Driver\atapi[0x84CEAE70] -> IRP_MJ_CREATE -> 0x84D60446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskHTS541080G9AT00_________________________MB4OA60A#5&2b182631&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x84D60292
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:28:36.67 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2006 1:05:58 PM
System Uptime: 11/26/2010 10:57:01 AM (4 hours ago)

Motherboard: Acer | | Navarro
Processor: Mobile AMD Sempron(tm) Processor 3400+ | Socket M2/S1G1 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 35 GiB total, 6.561 GiB free.
D: is FIXED (FAT32) - 35 GiB total, 10.035 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP838: 8/29/2010 3:31:31 AM - System Checkpoint
RP839: 8/30/2010 4:31:32 AM - System Checkpoint
RP840: 8/31/2010 5:31:34 AM - System Checkpoint
RP841: 9/1/2010 6:31:37 AM - System Checkpoint
RP842: 9/2/2010 6:31:46 AM - System Checkpoint
RP843: 9/3/2010 7:31:47 AM - System Checkpoint
RP844: 9/4/2010 11:35:49 AM - System Checkpoint
RP845: 9/6/2010 7:47:44 PM - System Checkpoint
RP846: 9/7/2010 8:19:11 PM - System Checkpoint
RP847: 9/8/2010 8:19:23 PM - System Checkpoint
RP848: 9/9/2010 9:19:06 PM - System Checkpoint
RP849: 9/10/2010 9:19:41 PM - System Checkpoint
RP850: 9/11/2010 10:19:30 PM - System Checkpoint
RP851: 9/12/2010 11:19:35 PM - System Checkpoint
RP852: 9/14/2010 12:19:31 AM - System Checkpoint
RP853: 9/15/2010 1:19:35 AM - System Checkpoint
RP854: 9/16/2010 2:19:37 AM - System Checkpoint
RP855: 9/17/2010 3:19:40 AM - System Checkpoint
RP856: 9/18/2010 4:19:43 AM - System Checkpoint
RP857: 9/19/2010 5:19:45 AM - System Checkpoint
RP858: 9/20/2010 6:19:47 AM - System Checkpoint
RP859: 9/21/2010 7:19:51 AM - System Checkpoint
RP860: 9/22/2010 8:19:54 AM - System Checkpoint
RP861: 9/23/2010 8:31:26 AM - System Checkpoint
RP862: 9/24/2010 9:20:05 AM - System Checkpoint
RP863: 9/25/2010 10:20:06 AM - System Checkpoint
RP864: 9/26/2010 11:20:11 AM - System Checkpoint
RP865: 9/27/2010 12:20:19 PM - System Checkpoint
RP866: 9/29/2010 10:57:13 PM - System Checkpoint
RP867: 9/30/2010 11:14:07 PM - System Checkpoint
RP868: 10/2/2010 12:13:54 AM - System Checkpoint
RP869: 10/3/2010 1:12:09 AM - System Checkpoint
RP870: 10/4/2010 2:12:11 AM - System Checkpoint
RP871: 10/5/2010 2:14:57 AM - System Checkpoint
RP872: 10/6/2010 2:41:56 AM - System Checkpoint
RP873: 10/7/2010 2:42:39 AM - System Checkpoint
RP874: 10/8/2010 3:41:08 AM - System Checkpoint
RP875: 10/9/2010 3:42:28 AM - System Checkpoint
RP876: 10/10/2010 4:41:53 AM - System Checkpoint
RP877: 10/11/2010 4:42:14 AM - System Checkpoint
RP878: 10/12/2010 5:42:09 AM - System Checkpoint
RP879: 10/13/2010 6:42:16 AM - System Checkpoint
RP880: 10/14/2010 7:42:16 AM - System Checkpoint
RP881: 10/15/2010 8:42:19 AM - System Checkpoint
RP882: 10/16/2010 9:42:22 AM - System Checkpoint
RP883: 10/17/2010 10:42:24 AM - System Checkpoint
RP884: 10/18/2010 11:42:26 AM - System Checkpoint
RP885: 10/19/2010 12:42:30 PM - System Checkpoint
RP886: 10/20/2010 1:42:34 PM - System Checkpoint
RP887: 11/11/2010 4:36:33 PM - System Checkpoint
RP888: 11/13/2010 12:35:29 AM - System Checkpoint
RP889: 11/14/2010 1:15:06 AM - System Checkpoint
RP890: 11/15/2010 2:12:37 AM - System Checkpoint
RP891: 11/16/2010 3:11:54 AM - System Checkpoint
RP892: 11/17/2010 3:29:01 AM - System Checkpoint
RP893: 11/18/2010 4:26:02 AM - System Checkpoint
RP894: 11/19/2010 5:14:42 AM - System Checkpoint
RP895: 11/20/2010 5:18:03 AM - System Checkpoint
RP896: 11/21/2010 5:21:29 AM - System Checkpoint
RP897: 11/22/2010 5:37:35 AM - System Checkpoint
RP898: 11/23/2010 5:39:01 AM - System Checkpoint
RP899: 11/24/2010 8:47:55 PM - System Checkpoint
RP900: 11/25/2010 9:18:22 PM - System Checkpoint

==== Installed Programs ======================

Acer Screensaver
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Advanced Grapher 2.11
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
ATI Parental Control & Encoder
Bonjour
ERUNT 1.1j
GemMaster Mystic
Graphmatica
HandyGraph 2.0
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
iTunes
Java(TM) 6 Update 5
Launch Manager
LightScribe 1.4.74.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Norton PC Checkup
NTI CD & DVD-Maker
OTOY
Otto
Photo Organizer
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sentinel Protection Installer 7.3.2
Sibelius Scorch (ActiveX Only)
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update Manager
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
YouTube Uploader

==== Event Viewer Messages From Past Week ========

11/26/2010 11:09:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/26/2010 11:09:45 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2010 11:08:29 AM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
11/26/2010 10:30:51 AM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/23/2010 9:40:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
11/23/2010 6:28:43 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2696.
11/23/2010 4:13:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
11/23/2010 4:13:30 PM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
11/23/2010 4:13:30 PM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

[Blade81]

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[FlaCajun]

We are unable to turn off the anti-virus application.

The computer is infected with "Windows PC Defender" spyware.

What is the best way to get rid of this spyware?

Thanks

[Blade81]

Hi,

I recommend to uninstall antivirus program temporarily (you may reinstall after we've cleaned the system) and run ComboFix after that.

[FlaCajun]

DDS was run.
A DOS window screen appeared momentarily, then closed.
No logs.
DDS was run again, but same result.


ComboFix 10-11-30.09 - Admin 12/01/2010 20:19:25.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.99 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Recent\cid.sys
c:\documents and settings\Admin\Recent\CLSV.exe
c:\documents and settings\Admin\Recent\CLSV.sys
c:\documents and settings\Admin\Recent\DBOLE.dll
c:\documents and settings\Admin\Recent\DBOLE.tmp
c:\documents and settings\Admin\Recent\ddv.exe
c:\documents and settings\Admin\Recent\energy.dll
c:\documents and settings\Admin\Recent\energy.tmp
c:\documents and settings\Admin\Recent\exec.drv
c:\documents and settings\Admin\Recent\fix.sys
c:\documents and settings\Admin\Recent\FS.tmp
c:\documents and settings\Admin\Recent\kernel32.tmp
c:\documents and settings\Admin\Recent\PE.exe
c:\documents and settings\Admin\Recent\PE.tmp
c:\documents and settings\Admin\Recent\ppal.drv
c:\documents and settings\Admin\Recent\runddlkey.exe
c:\documents and settings\Admin\Recent\sld.tmp
c:\program files\Common
c:\program files\Shared
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-11-02 to 2010-12-02 )))))))))))))))))))))))))))))))
.

2010-12-02 01:03 . 2010-12-02 01:03 -------- d-----w- C:\FOUND.001
2010-11-17 01:25 . 2010-11-17 01:25 -------- d-----w- c:\program files\ERUNT
2010-11-11 19:34 . 2010-11-11 19:34 -------- d-----w- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-11 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-11 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-11 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-06-23 602112]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

c:\documents and settings\Admin\Start Menu\Programs\Startup\
YouTube Uploader.lnk - c:\documents and settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe [2007-11-9 71152]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Cmdsub"= {69CB7877-A624-457E-A1A2-12BA24BEEB36} - c:\windows\system32\cerusb.dll [2006-07-05 1044480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe [12/9/2009 8:34 PM 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe [12/9/2009 8:34 PM 126392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [8/22/2006 1:00 AM 316992]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/23/2009 12:14 AM 38224]
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-11 17:22]

2010-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-11 17:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Admin\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 20:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-01 20:33:44
ComboFix-quarantined-files.txt 2010-12-02 01:33

Pre-Run: 7,250,247,680 bytes free
Post-Run: 7,853,506,560 bytes free

- - End Of File - - 722092879CB743AB450A2D3380115FB1

[Blade81]

Please reboot and try to run DDS after that.

[FlaCajun]

Unable to open web page about zipping 'Attach.txt'.
Computer has 'hung up' twice visiting the web page.


DDS (Ver_10-11-10.01) - FAT32x86
Run by Admin at 2:24:23.79 on Thu 12/02/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.70 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\1.1.25.0\GoogleUpdate.exe" /lang en
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\youtub~1.lnk - c:\documents and settings\admin\local settings\application data\youtube\uploader\youtubeuploader.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\imvu.lnk - c:\documents and settings\admin\application data\imvuclient\IMVUQualityAgent.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Cmdsub - {69CB7877-A624-457E-A1A2-12BA24BEEB36} - c:\windows\system32\cerusb.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-11 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-11 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-11 144704]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-9 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2006-8-22 316992]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-11 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-11 35272]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\elock2burnerlockdriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\elock2fsctldriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-23 38224]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-11 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-11 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-11 606736]

=============== Created Last 30 ================

2010-12-02 01:37:30 -------- d-sh--w- C:\Recycled
2010-12-02 01:03:44 -------- d-----w- C:\FOUND.001
2010-12-02 00:56:41 -------- d-sha-r- C:\cmdcons
2010-12-02 00:51:33 89088 ----a-w- c:\windows\MBR.exe
2010-12-02 00:51:33 256512 ----a-w- c:\windows\PEV.exe
2010-12-02 00:51:33 161792 ----a-w- c:\windows\SWREG.exe
2010-12-02 00:51:32 98816 ----a-w- c:\windows\sed.exe
2010-11-11 19:34:30 -------- d-----w- C:\FOUND.000

==================== Find3M ====================


============= FINISH: 2:25:43.98 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2006 1:05:58 PM
System Uptime: 12/2/2010 2:20:02 AM (0 hours ago)

Motherboard: Acer | | Navarro
Processor: Mobile AMD Sempron(tm) Processor 3400+ | Socket M2/S1G1 | 1795/200mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 35 GiB total, 7.303 GiB free.
D: is FIXED (FAT32) - 35 GiB total, 10.11 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP840: 8/31/2010 5:31:34 AM - System Checkpoint
RP841: 9/1/2010 6:31:37 AM - System Checkpoint
RP842: 9/2/2010 6:31:46 AM - System Checkpoint
RP843: 9/3/2010 7:31:47 AM - System Checkpoint
RP844: 9/4/2010 11:35:49 AM - System Checkpoint
RP845: 9/6/2010 7:47:44 PM - System Checkpoint
RP846: 9/7/2010 8:19:11 PM - System Checkpoint
RP847: 9/8/2010 8:19:23 PM - System Checkpoint
RP848: 9/9/2010 9:19:06 PM - System Checkpoint
RP849: 9/10/2010 9:19:41 PM - System Checkpoint
RP850: 9/11/2010 10:19:30 PM - System Checkpoint
RP851: 9/12/2010 11:19:35 PM - System Checkpoint
RP852: 9/14/2010 12:19:31 AM - System Checkpoint
RP853: 9/15/2010 1:19:35 AM - System Checkpoint
RP854: 9/16/2010 2:19:37 AM - System Checkpoint
RP855: 9/17/2010 3:19:40 AM - System Checkpoint
RP856: 9/18/2010 4:19:43 AM - System Checkpoint
RP857: 9/19/2010 5:19:45 AM - System Checkpoint
RP858: 9/20/2010 6:19:47 AM - System Checkpoint
RP859: 9/21/2010 7:19:51 AM - System Checkpoint
RP860: 9/22/2010 8:19:54 AM - System Checkpoint
RP861: 9/23/2010 8:31:26 AM - System Checkpoint
RP862: 9/24/2010 9:20:05 AM - System Checkpoint
RP863: 9/25/2010 10:20:06 AM - System Checkpoint
RP864: 9/26/2010 11:20:11 AM - System Checkpoint
RP865: 9/27/2010 12:20:19 PM - System Checkpoint
RP866: 9/29/2010 10:57:13 PM - System Checkpoint
RP867: 9/30/2010 11:14:07 PM - System Checkpoint
RP868: 10/2/2010 12:13:54 AM - System Checkpoint
RP869: 10/3/2010 1:12:09 AM - System Checkpoint
RP870: 10/4/2010 2:12:11 AM - System Checkpoint
RP871: 10/5/2010 2:14:57 AM - System Checkpoint
RP872: 10/6/2010 2:41:56 AM - System Checkpoint
RP873: 10/7/2010 2:42:39 AM - System Checkpoint
RP874: 10/8/2010 3:41:08 AM - System Checkpoint
RP875: 10/9/2010 3:42:28 AM - System Checkpoint
RP876: 10/10/2010 4:41:53 AM - System Checkpoint
RP877: 10/11/2010 4:42:14 AM - System Checkpoint
RP878: 10/12/2010 5:42:09 AM - System Checkpoint
RP879: 10/13/2010 6:42:16 AM - System Checkpoint
RP880: 10/14/2010 7:42:16 AM - System Checkpoint
RP881: 10/15/2010 8:42:19 AM - System Checkpoint
RP882: 10/16/2010 9:42:22 AM - System Checkpoint
RP883: 10/17/2010 10:42:24 AM - System Checkpoint
RP884: 10/18/2010 11:42:26 AM - System Checkpoint
RP885: 10/19/2010 12:42:30 PM - System Checkpoint
RP886: 10/20/2010 1:42:34 PM - System Checkpoint
RP887: 11/11/2010 4:36:33 PM - System Checkpoint
RP888: 11/13/2010 12:35:29 AM - System Checkpoint
RP889: 11/14/2010 1:15:06 AM - System Checkpoint
RP890: 11/15/2010 2:12:37 AM - System Checkpoint
RP891: 11/16/2010 3:11:54 AM - System Checkpoint
RP892: 11/17/2010 3:29:01 AM - System Checkpoint
RP893: 11/18/2010 4:26:02 AM - System Checkpoint
RP894: 11/19/2010 5:14:42 AM - System Checkpoint
RP895: 11/20/2010 5:18:03 AM - System Checkpoint
RP896: 11/21/2010 5:21:29 AM - System Checkpoint
RP897: 11/22/2010 5:37:35 AM - System Checkpoint
RP898: 11/23/2010 5:39:01 AM - System Checkpoint
RP899: 11/24/2010 8:47:55 PM - System Checkpoint
RP900: 11/25/2010 9:18:22 PM - System Checkpoint
RP901: 11/26/2010 11:06:53 PM - System Checkpoint
RP902: 11/28/2010 3:01:41 AM - System Checkpoint

==== Installed Programs ======================

Acer Screensaver
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Advanced Grapher 2.11
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
ATI Parental Control & Encoder
Bonjour
ERUNT 1.1j
GemMaster Mystic
Graphmatica
HandyGraph 2.0
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
iTunes
Java(TM) 6 Update 5
Launch Manager
LightScribe 1.4.74.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Norton PC Checkup
NTI CD & DVD-Maker
OTOY
Otto
Photo Organizer
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sentinel Protection Installer 7.3.2
Sibelius Scorch (ActiveX Only)
SMSC IrCC V5.1.3600.7
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update Manager
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
YouTube Uploader

==== Event Viewer Messages From Past Week ========

12/1/2010 8:07:24 PM, error: System Error [1003] - Error code 000000e2, parameter1 00000000, parameter2 00000000, parameter3 00000000, parameter4 00000000.
12/1/2010 7:50:15 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/1/2010 7:46:28 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/28/2010 4:25:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
11/28/2010 4:25:41 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2010 4:23:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
11/28/2010 4:02:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
11/28/2010 4:01:59 PM, error: Service Control Manager [7000] - The eLock2FSCTLDriver service failed to start due to the following error: The system cannot find the file specified.
11/28/2010 4:01:59 PM, error: Service Control Manager [7000] - The eLock2BurnerLockDriver service failed to start due to the following error: The system cannot find the file specified.
11/26/2010 11:09:45 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/26/2010 11:09:45 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2010 11:08:29 AM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
11/26/2010 10:30:51 AM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/25/2010 2:28:27 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2696.

==== End Of File ===========================

[Blade81]

Hi again,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

• Run Spybot-S&D in Advanced Mode
• If it is not already set to do this, go to the Mode menu
  select
  Advanced Mode
  
• On the left hand side, click on Tools
• Then click on the Resident icon in the list
• Uncheck
  Resident TeaTimer
  and OK any prompts.
• Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.4+ 9.4.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 22.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.