Can not run D.D.S.

[gob71]

========== FILES ==========
LoadLibrary failed for c:\windows\system32\inetcplc9.dll
c:\windows\system32\inetcplc9.dll moved successfully.
File/Folder C:\Documents and Settings\OWNER\Desktop\Phone\autorun.inf not found.
File/Folder c:\documents and settings\OWNER\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found.
c:\windows\pss\LimeWire On Startup.lnkStartup moved successfully.
File/Folder C:\Documents and Settings\OWNER\My Documents\Downloads\Setup_FreeConverter.exe not found.
File/Folder C:\Program Files\LimeWire not found.
========== SERVICES/DRIVERS ==========
Service 26666836 stopped successfully!
Service 26666836 deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\standardprofile\GloballyOpenPorts\List\\26675:TCP deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^OWNER^Start Menu^Programs^Startup^LimeWire On Startup.lnk\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\LimeWire\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\.torrent\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\LimeWire\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Magnet\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\magnet\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\standardprofile\\"EnableFirewall"|1 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.19.0 log created on 11202011_002151

 

[Jack&Jill]

Hello gob71 ,

We are almost done.

There are some proxy settings in Firefox:
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60848

If you did not set them, it can be cleared up with the following step.

Please download MiniToolBox© by farbar and save it to your desktop. Click here.

• Double click on MiniToolBox.exe to run it.
  Please check (tick) the following options:
  • Flush DNS
  • Reset FF Proxy Settings
• Click on the GO button. A log will open.
• Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 9.4.6

• Go to the Adobe download page. Click here.
• If your OS is not the same as stated, click on Do you have a different language or operating system? link.
  • Under the Select an operating system title, choose the OS that you have.
  • Change the language at the Select a language title.
  • Next, select the version of the reader at the Select a Version title.
  • Uncheck (untick) to opt out of Google Chrome installation.
  • Click the Download now button to proceed. Allow if prompted and save the file to a convenient location.
  • Run the downloaded file to continue with the installation.
• If your OS is the same, uncheck (untick) to opt out of McAfee Security Scan Plus installation.
• Click Download to proceed. Allow if prompted and save the file to a convenient location.
• Run the downloaded file to continue with the installation.

Alternatively, you can try Foxit Reader Portable or Nuance PDF Reader.

--------------------

Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.

Mozilla Firefox 7.0.1 (x86 en-US)

Please update your Firefox browser to the latest.

• Open Firefox.
• Go to Help on the pull down menu, then select About Firefox.
• Click on the Check for Updates button.
• Continue accordingly and close it when done.

--------------------

Rerun DDS and post back DDS.txt.

--------------------

Please post back:
1. MiniToolBox result
2. DDS.txt
3. any more problems?

 

[gob71]

MiniToolBox by Farbar
Ran by OWNER (administrator) on 20-11-2011 at 09:03:32
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


**** End of log ****

 

[gob71]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2009 10:42:47 PM
System Uptime: 11/20/2011 8:51:11 AM (1 hours ago)
.
Motherboard: Dell Computer Corporation | | Inspiron 8200
Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz | Microprocessor | 1196/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 33.403 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2C7EC041354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2C7EC041354FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP1: 11/6/2011 6:54:59 PM - System Checkpoint
RP2: 11/6/2011 11:36:54 PM - Installed Java(TM) 6 Update 29
RP3: 11/8/2011 8:16:05 PM - Removed Java(TM) 6 Update 12
RP4: 11/8/2011 8:32:02 PM - Software Distribution Service 3.0
RP5: 11/14/2011 6:26:39 PM - Software Distribution Service 3.0
RP6: 11/18/2011 12:18:20 AM - System Checkpoint
RP7: 11/18/2011 1:37:25 AM - Software Distribution Service 3.0
RP8: 11/19/2011 9:19:01 AM - Software Distribution Service 3.0
RP9: 11/20/2011 12:22:05 AM - OTM Restore Point
RP10: 11/20/2011 8:53:27 AM - Removed Adobe Reader 9.4.6.
RP11: 11/20/2011 9:00:53 AM - Installed Adobe Reader X (10.1.1).
.
==== Installed Programs ======================
.
AccessDirect
Acronis*True*Image*WD*Edition
Actiontec MD56ORD V92 MDC Modem
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Dell TrueMobile 1180 Internal 802.11b Mini PCI Card
ERUNT 1.1j
ESET Online Scanner v3
Free Audio CD Burner version 1.4
Free Audio CD to MP3 Converter version 1.3
Free DVD Video Converter version 1.1
Free iPod Video Converter 1.34
Free Mp3 Wma Converter V 1.9
Free Video to iPod Converter version 3.4
Free Video to MP3 Converter version 3.4
Free YouTube Download 3 version 3.0.4.628
Free YouTube Download version 3.0.13.815
Free YouTube to MP3 Converter version 3.9.40.602
Google Chrome
Help and Support Customization
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTC Touch Pro2 User Guide
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Live Bid Control Kit Setup
Magic MP3 Tagger 2.2.6
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 8.0 (x86 en-US)
MP3 Cutter 1.5
Mp3tag v2.45a
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7
PocketPC/Smartphone Update Wizard (remove only)
QuickTime
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Simulcast Video Plugin (Internet Explorer)
Spybot - Search & Destroy
TagScanner 5.1 build 555
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Used Car Xpress
Video Download Capture V2.4.5
Videora iPod Converter 5.04
VLC media player 1.0.3
VoiceOver Kit
Wayne Reaves Car Program
WcarUp
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/15/2011 8:26:22 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
11/15/2011 8:14:08 PM, error: Service Control Manager [7034] - The WLTRYSVC service terminated unexpectedly. It has done this 1 time(s).
11/14/2011 6:17:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/14/2011 6:12:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/14/2011 6:11:06 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1773.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2011 6:11:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/14/2011 6:02:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
.
==== End Of File ===========================

 

[gob71]

DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 9:11:09 on 2011-11-20
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.235 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [cdloader] "c:\documents and settings\Owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Owner\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Owner\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259161517292
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A8F57C59-9AD1-492C-B71D-2D90AD97DBA9} : DHCPNameServer = 192.168.2.1
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Owner\application data\mozilla\firefox\profiles\hykzwa8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AtoEu.MyDuQycydxJDNikOlG2vAI
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Owner\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl3c32aa1d;MpKsl3c32aa1d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\MpKsl3c32aa1d.sys [2011-11-20 28752]
S1 MpKsl03eff81e;MpKsl03eff81e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\mpksl03eff81e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\MpKsl03eff81e.sys [?]
S1 MpKsl06753459;MpKsl06753459;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02065891-3f17-4033-9da0-e553f7762462}\mpksl06753459.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{02065891-3f17-4033-9da0-e553f7762462}\MpKsl06753459.sys [?]
S1 MpKsl06c2b7d5;MpKsl06c2b7d5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4b9e7a3-b56b-4f6e-a395-663bc9dd2933}\mpksl06c2b7d5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c4b9e7a3-b56b-4f6e-a395-663bc9dd2933}\MpKsl06c2b7d5.sys [?]
S1 MpKsl0ce97650;MpKsl0ce97650;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbb7438c-35d9-49e4-bdbe-fcc8bd52f423}\mpksl0ce97650.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dbb7438c-35d9-49e4-bdbe-fcc8bd52f423}\MpKsl0ce97650.sys [?]
S1 MpKsl104f1a89;MpKsl104f1a89;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{914f958e-e732-4b4b-b0da-c71d178667e3}\mpksl104f1a89.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{914f958e-e732-4b4b-b0da-c71d178667e3}\MpKsl104f1a89.sys [?]
S1 MpKsl18b0c8f1;MpKsl18b0c8f1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03dca112-2fd8-4273-bd98-239e261c787e}\mpksl18b0c8f1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03dca112-2fd8-4273-bd98-239e261c787e}\MpKsl18b0c8f1.sys [?]
S1 MpKsl1d5ce3db;MpKsl1d5ce3db;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8bd429-96db-4cab-807f-6af44714325e}\mpksl1d5ce3db.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb8bd429-96db-4cab-807f-6af44714325e}\MpKsl1d5ce3db.sys [?]
S1 MpKsl2098ee12;MpKsl2098ee12;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17f40f73-b59c-4fde-aec1-2e7a0b6bd64b}\mpksl2098ee12.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17f40f73-b59c-4fde-aec1-2e7a0b6bd64b}\MpKsl2098ee12.sys [?]
S1 MpKsl2c9a16f8;MpKsl2c9a16f8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43bc38af-e431-4613-8113-3f07aaaa2876}\mpksl2c9a16f8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43bc38af-e431-4613-8113-3f07aaaa2876}\MpKsl2c9a16f8.sys [?]
S1 MpKsl2f587506;MpKsl2f587506;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f39569a-b513-4acd-9400-79a1a6937edb}\mpksl2f587506.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2f39569a-b513-4acd-9400-79a1a6937edb}\MpKsl2f587506.sys [?]
S1 MpKsl492b9faa;MpKsl492b9faa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf0f4da6-22f1-4f18-8cd9-28d9acff0766}\mpksl492b9faa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf0f4da6-22f1-4f18-8cd9-28d9acff0766}\MpKsl492b9faa.sys [?]
S1 MpKsl5c882d1f;MpKsl5c882d1f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8b6adff-3c64-47e1-a50f-7fa1f6dba09d}\mpksl5c882d1f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8b6adff-3c64-47e1-a50f-7fa1f6dba09d}\MpKsl5c882d1f.sys [?]
S1 MpKsl7c543b59;MpKsl7c543b59;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d241811-9a84-4e70-b3a4-f4e822bb2902}\mpksl7c543b59.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d241811-9a84-4e70-b3a4-f4e822bb2902}\MpKsl7c543b59.sys [?]
S1 MpKsl7c8b4a62;MpKsl7c8b4a62;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\mpksl7c8b4a62.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\MpKsl7c8b4a62.sys [?]
S1 MpKsl8b2b6408;MpKsl8b2b6408;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\mpksl8b2b6408.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{74c7b35c-1996-46b8-ab2d-a6d094376dbe}\MpKsl8b2b6408.sys [?]
S1 MpKslc5279bdf;MpKslc5279bdf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b06ed6e-003d-4efc-bd4a-2a6bacd68a39}\mpkslc5279bdf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b06ed6e-003d-4efc-bd4a-2a6bacd68a39}\MpKslc5279bdf.sys [?]
S1 MpKslca2955dd;MpKslca2955dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\mpkslca2955dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{29feb160-0bbf-41ba-b3d8-de9c736f9065}\MpKslca2955dd.sys [?]
S1 MpKslde5af808;MpKslde5af808;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb61df90-165b-4cc5-9940-78ce104a4c80}\mpkslde5af808.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cb61df90-165b-4cc5-9940-78ce104a4c80}\MpKslde5af808.sys [?]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-12 41272]
.
=============== Created Last 30 ================
.
2011-11-20 14:05:01 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\MpKsl3c32aa1d.sys
2011-11-20 14:04:54 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\offreg.dll
2011-11-20 14:04:21 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2e695903-c654-49cd-a260-ded98b702486}\mpengine.dll
2011-11-20 05:21:51 -------- d-----w- C:\_OTM
2011-11-20 01:38:17 -------- d-s---w- C:\ComboFix
2011-11-18 04:17:27 -------- d-----w- c:\program files\ESET
2011-11-13 04:32:48 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-12 17:44:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-08 01:06:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 00:58:36 -------- d--h--w- c:\windows\PIF
2011-11-07 04:25:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 03:36:32 -------- d-sha-r- C:\cmdcons
2011-11-07 03:34:32 98816 ----a-w- c:\windows\sed.exe
2011-11-07 03:34:32 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 03:34:32 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 01:23:00 -------- d-----w- C:\WINSSLog
.
==================== Find3M ====================
.
2011-11-14 23:18:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
.
============= FINISH: 9:13:08.79 ===============

 

[gob71]

When I try to update FireFox it says it is already current(release 8.0), and not allowing me to update. So far everything seems to work great, MSE loads fine and turns green indicating it is working with real time protection. I no longer get yahoo or google redirects. Is it possible to run spybot's tea timer in conjunction with MSE? would that protect more? Would one protect better than the other?

 

[Jack&Jill]

Hello gob71 ,

The latest logs show Firefox is already updated.

You can run Spybot together with MSE as one is an antispyware whereas the latter is an antivirus. They complement each other. I will have some security recommendations for you after this.

--------------------

There are some unwanted or outdated add-ons / plugins in Firefox.

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

Please uninstall or disable them according to Uninstalling add-ons.

--------------------

Please backup the registry with ERUNT.

Rerun OTM

• Double click OTM.exe to run it.
• Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
  

  :services
  MpKsl03eff81e
  MpKsl06753459
  MpKsl06c2b7d5
  MpKsl0ce97650
  MpKsl104f1a89
  MpKsl18b0c8f1
  MpKsl1d5ce3db
  MpKsl2098ee12
  MpKsl2c9a16f8
  MpKsl2f587506
  MpKsl492b9faa
  MpKsl5c882d1f
  MpKsl7c543b59
  MpKsl7c8b4a62
  MpKsl8b2b6408
  MpKslc5279bdf
  MpKslca2955dd
  MpKslde5af808
  
  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars]
  {32683183-48a0-441b-a342-7c2a440a9478}=-
  
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
  {32683183-48a0-441b-a342-7c2a440a9478}=-
  
  :commands
  [CREATERESTOREPOINT]
  [emptytemp]

• Click the red MoveIt! button. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
• The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. OTM log
2. fresh DDS.txt

 

[gob71]

I can't locate adobe 9.0 to uninstall in my plugin list on FF. I can find the folder manually, should I just delete it instead.

 

[gob71]

OTM

All processes killed
========== SERVICES/DRIVERS ==========
Service MpKsl03eff81e stopped successfully!
Service MpKsl03eff81e deleted successfully!
Service MpKsl06753459 stopped successfully!
Service MpKsl06753459 deleted successfully!
Service MpKsl06c2b7d5 stopped successfully!
Service MpKsl06c2b7d5 deleted successfully!
Service MpKsl0ce97650 stopped successfully!
Service MpKsl0ce97650 deleted successfully!
Service MpKsl104f1a89 stopped successfully!
Service MpKsl104f1a89 deleted successfully!
Service MpKsl18b0c8f1 stopped successfully!
Service MpKsl18b0c8f1 deleted successfully!
Service MpKsl1d5ce3db stopped successfully!
Service MpKsl1d5ce3db deleted successfully!
Service MpKsl2098ee12 stopped successfully!
Service MpKsl2098ee12 deleted successfully!
Service MpKsl2c9a16f8 stopped successfully!
Service MpKsl2c9a16f8 deleted successfully!
Service MpKsl2f587506 stopped successfully!
Service MpKsl2f587506 deleted successfully!
Service MpKsl492b9faa stopped successfully!
Service MpKsl492b9faa deleted successfully!
Service MpKsl5c882d1f stopped successfully!
Service MpKsl5c882d1f deleted successfully!
Service MpKsl7c543b59 stopped successfully!
Service MpKsl7c543b59 deleted successfully!
Service MpKsl7c8b4a62 stopped successfully!
Service MpKsl7c8b4a62 deleted successfully!
Service MpKsl8b2b6408 stopped successfully!
Service MpKsl8b2b6408 deleted successfully!
Service MpKslc5279bdf stopped successfully!
Service MpKslc5279bdf deleted successfully!
Service MpKslca2955dd stopped successfully!
Service MpKslca2955dd deleted successfully!
Service MpKslde5af808 stopped successfully!
Service MpKslde5af808 deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\\{32683183-48a0-441b-a342-7c2a440a9478} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32683183-48a0-441b-a342-7c2a440a9478}\ not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Cassidy
->Temp folder emptied: 86092 bytes
->Temporary Internet Files folder emptied: 636334 bytes
->FireFox cache emptied: 77270096 bytes
->Google Chrome cache emptied: 368755687 bytes
->Flash cache emptied: 241499 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 24824 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1645180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 117324 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 429.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11202011_200004

Files moved on Reboot...

Registry entries deleted on Reboot...

 

[gob71]

DDS


DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by OWNER at 20:07:55 on 2011-11-20
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.249 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [cdloader] "c:\documents and settings\OWNER\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\OWNER\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\OWNER\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll
DPF: {2EA5DD45-9254-4B0D-9F48-E92FEC3A9754} - hxxps://simulcast.manheim.com/simulcast_docs/av/SimulcastAVPlugin-win-ie.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259161517292
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} - hxxp://adus1.liveglobalbid.com/container_repository/laiexec.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A8F57C59-9AD1-492C-B71D-2D90AD97DBA9} : DHCPNameServer = 192.168.2.1
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\OWNER\application data\mozilla\firefox\profiles\hykzwa8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AtoEu.MyDuQycydxJDNikOlG2vAI
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\OWNER\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl0edec845;MpKsl0edec845;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\MpKsl0edec845.sys [2011-11-20 28752]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-12 41272]
.
=============== Created Last 30 ================
.
2011-11-21 01:03:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\offreg.dll
2011-11-21 00:25:37 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\MpKsl0edec845.sys
2011-11-20 15:02:10 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a3963894-758f-4625-9058-6abbd48dbe97}\mpengine.dll
2011-11-20 05:21:51 -------- d-----w- C:\_OTM
2011-11-20 01:38:17 -------- d-s---w- C:\ComboFix
2011-11-18 04:17:27 -------- d-----w- c:\program files\ESET
2011-11-13 04:32:48 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-11-12 17:44:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-08 01:06:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-08 00:58:36 -------- d--h--w- c:\windows\PIF
2011-11-07 04:25:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-07 03:36:32 -------- d-sha-r- C:\cmdcons
2011-11-07 03:34:32 98816 ----a-w- c:\windows\sed.exe
2011-11-07 03:34:32 256000 ----a-w- c:\windows\PEV.exe
2011-11-07 03:34:32 208896 ----a-w- c:\windows\MBR.exe
2011-11-07 01:23:00 -------- d-----w- C:\WINSSLog
.
==================== Find3M ====================
.
2011-11-14 23:18:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:09:09.90 ===============

 

[gob71]

Did you want the attach.txt too?

 

[Jack&Jill]

Hello gob71 ,

Yes, you can delete this folder:
c:\program files\adobe\reader 9.0

You might want to remove this and get a newer version as well:
Japanese Fonts Support For Adobe Reader 9

Attach.txt not needed.

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running . If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

• Go to Start > Run.... Copy and paste the following text into the white box:
  ComboFix /uninstall
  Click OK.
• Run OTM by double clicking on OTM.exe. Click on CleanUp, proceed to reboot if prompted.
• Delete the aswMBR, DDS, CKScanner, MiniRegTool and MiniToolBox files on your desktop.
• Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. You need to choose between WinPatrol and Spybot and keep only one of them installed.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with MCShield, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

Stay safe.

Your donation helps in improving Spybot-S&D!

 

[gob71]

THANK YOU THANK YOU THANK YOU.....I have taken your advice and installed those programs,except I kept Spybot S&D and activated the tea timer. I appreciate all your help. Will be making a spybot donation.

 

[Jack&Jill]

Glad to be of help and you are welcome .

And thank you for the donation.

I will keep the topic open for another day in case you have any questions, then it will be archived.

 

[Jack&Jill]

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!