Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant run OTL


  • Please log in to reply

#1
snowysdad43

snowysdad43

    Member

  • Member
  • PipPipPip
  • 233 posts
hello geeks to go techs
i have a pc and am using xp service pack 3 i have avira antivirus and also have spybot installed as well as malware bytes,and super anti spyware
the problem i encountered is when trying to remove a program called search settings v1.2.3 it will not uninstall it seems to reverse the unistall process ! and will not leave my computer < i tried running otl but there is a dialog box stating otl has to close should i rename it and try again ?
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Try one of these if renaming doesn't help:

for users that cannot run executables. You can now download OTL either as a .com, or a .scr file.

Links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

or:
www.itxassociates.com/OT-Tools/OTL.com
www.itxassociates.com/OT-Tools/OTL.scr

Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.


If you can get it to work try DDS. Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Ron
  • 0

#3
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
thank you for your help r
here is the dds file
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Compaq_Owner at 15:38:08 on 2011-11-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.50 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.yahoo.com/
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No File
BHO: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
IE: Save with Download Manager... - file://c:\program files\f.y.e. downloads unlimited\DMDownload.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230133906203
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39992.2864351852
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.0.1 192.168.3.1
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{8AB7525D-E207-499F-AC67-CBE186DE2CB5} : DhcpNameServer = 192.168.0.1 192.168.3.1
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\paq1dsxb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tbff50-chromesbox-en-us&tb_uuid=20100906020516255&tb_oid=25-12-2008&tb_mrud=06-09-2010
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92541752902152546
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92541752902152546&search=
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\paq1dsxb.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\paq1dsxb.default\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\paq1dsxb.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\1\NP_wtapp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: IncrediMail MediaBar 4 Community Toolbar: {90eee664-34b1-422a-a782-779af65cdf6d} - %profile%\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\compaq_owner\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: protocol-handler.warn-external.dnUpdate - false
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-5 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-5 66616]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-12-22 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-28 136176]
S2 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-28 136176]
.
=============== Created Last 30 ================
.
2011-10-27 21:52:22 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Conduit
2011-10-27 21:51:38 -------- d-----w- c:\documents and settings\compaq_owner\application data\KompoZer
2011-10-27 21:51:03 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\IM
2011-10-27 21:50:19 -------- d-----w- c:\documents and settings\all users\application data\IncrediMail
2011-10-27 21:50:19 -------- d-----w- c:\documents and settings\all users\application data\IM
.
==================== Find3M ====================
.
2011-10-25 18:06:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-04 01:23:19 20533281 -c--a-w- c:\program files\VLC.exe
.
============= FINISH: 15:40:24.39 ===============
  • 0

#4
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
how do i zip the attach txt file ?or can i just attach it as is?
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
just attach it
  • 0

#6
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
attach txt. file


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/6/2008 5:04:33 PM
System Uptime: 11/6/2011 2:32:45 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI2L
Processor: AMD Sempron™ Processor 3400+ | Socket 939 | 2003/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 99.429 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.371 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP313: 8/9/2011 11:08:36 AM - System Checkpoint
RP314: 8/10/2011 3:01:03 AM - Software Distribution Service 3.0
RP315: 8/11/2011 3:10:34 AM - System Checkpoint
RP316: 8/12/2011 3:30:20 AM - System Checkpoint
RP317: 8/13/2011 4:32:54 AM - System Checkpoint
RP318: 8/14/2011 4:40:14 AM - System Checkpoint
RP319: 8/15/2011 4:49:16 AM - System Checkpoint
RP320: 8/16/2011 5:42:21 AM - System Checkpoint
RP321: 8/16/2011 2:25:31 PM - Software Distribution Service 3.0
RP322: 8/17/2011 6:03:36 PM - System Checkpoint
RP323: 8/18/2011 8:17:34 PM - System Checkpoint
RP324: 8/20/2011 1:35:25 AM - System Checkpoint
RP325: 8/21/2011 3:17:30 AM - System Checkpoint
RP326: 8/22/2011 4:02:46 AM - System Checkpoint
RP327: 8/23/2011 4:06:30 AM - System Checkpoint
RP328: 8/24/2011 3:00:27 AM - Software Distribution Service 3.0
RP329: 8/25/2011 3:39:08 AM - System Checkpoint
RP330: 8/26/2011 3:48:58 AM - System Checkpoint
RP331: 8/27/2011 3:49:22 AM - System Checkpoint
RP332: 8/28/2011 3:52:31 AM - System Checkpoint
RP333: 8/28/2011 10:08:02 AM - Configured Microsoft Office Professional 2007 Trial
RP334: 8/29/2011 10:49:42 AM - System Checkpoint
RP335: 8/30/2011 12:00:29 PM - System Checkpoint
RP336: 8/31/2011 3:07:18 PM - System Checkpoint
RP337: 9/1/2011 3:17:02 PM - System Checkpoint
RP338: 9/2/2011 3:36:19 PM - System Checkpoint
RP339: 9/3/2011 5:03:38 PM - System Checkpoint
RP340: 9/4/2011 5:50:12 PM - System Checkpoint
RP341: 9/5/2011 6:02:22 PM - System Checkpoint
RP342: 9/6/2011 6:44:47 PM - System Checkpoint
RP343: 9/7/2011 10:03:44 AM - Software Distribution Service 3.0
RP344: 9/8/2011 9:28:55 PM - System Checkpoint
RP345: 9/9/2011 9:50:47 PM - System Checkpoint
RP346: 9/10/2011 11:12:14 PM - System Checkpoint
RP347: 9/12/2011 2:28:38 AM - System Checkpoint
RP348: 9/13/2011 2:53:16 AM - System Checkpoint
RP349: 9/13/2011 6:45:05 PM - Configured Microsoft Office Professional 2007 Trial
RP350: 9/14/2011 1:11:52 AM - Software Distribution Service 3.0
RP351: 9/15/2011 1:55:36 AM - System Checkpoint
RP352: 9/16/2011 2:16:50 AM - System Checkpoint
RP353: 9/17/2011 5:26:12 AM - System Checkpoint
RP354: 9/18/2011 6:04:17 AM - System Checkpoint
RP355: 9/18/2011 8:47:34 AM - Configured Microsoft Office Professional 2007 Trial
RP356: 9/18/2011 8:52:56 AM - Configured Microsoft Office Professional 2007 Trial
RP357: 9/19/2011 10:14:42 AM - System Checkpoint
RP358: 9/20/2011 7:37:57 PM - System Checkpoint
RP359: 9/21/2011 7:40:12 PM - System Checkpoint
RP360: 9/23/2011 7:03:18 AM - System Checkpoint
RP361: 9/24/2011 10:24:07 AM - System Checkpoint
RP362: 9/25/2011 2:20:30 PM - System Checkpoint
RP363: 9/26/2011 6:13:47 PM - System Checkpoint
RP364: 9/27/2011 6:14:03 PM - System Checkpoint
RP365: 9/28/2011 3:00:25 AM - Software Distribution Service 3.0
RP366: 9/29/2011 3:30:15 AM - System Checkpoint
RP367: 9/30/2011 3:50:09 AM - System Checkpoint
RP368: 10/1/2011 5:20:33 AM - System Checkpoint
RP369: 10/2/2011 5:41:28 AM - System Checkpoint
RP370: 10/3/2011 5:52:58 AM - System Checkpoint
RP371: 10/4/2011 5:56:45 AM - System Checkpoint
RP372: 10/5/2011 6:22:02 AM - System Checkpoint
RP373: 10/6/2011 6:26:49 AM - System Checkpoint
RP374: 10/7/2011 6:44:56 AM - System Checkpoint
RP375: 10/8/2011 6:56:47 AM - System Checkpoint
RP376: 10/9/2011 6:58:11 AM - System Checkpoint
RP377: 10/10/2011 7:39:15 AM - System Checkpoint
RP378: 10/11/2011 7:55:13 AM - System Checkpoint
RP379: 10/12/2011 9:03:25 AM - System Checkpoint
RP380: 10/13/2011 9:45:34 AM - System Checkpoint
RP381: 10/13/2011 12:26:08 PM - Software Distribution Service 3.0
RP382: 10/14/2011 7:02:17 PM - System Checkpoint
RP383: 10/15/2011 9:06:03 PM - System Checkpoint
RP384: 10/16/2011 10:10:30 PM - System Checkpoint
RP385: 10/17/2011 5:22:54 PM - Configured Microsoft Office Professional 2007 Trial
RP386: 10/18/2011 7:56:04 PM - System Checkpoint
RP387: 10/19/2011 9:20:36 PM - System Checkpoint
RP388: 10/20/2011 9:42:45 PM - System Checkpoint
RP389: 10/21/2011 11:08:26 PM - System Checkpoint
RP390: 10/23/2011 6:07:40 AM - System Checkpoint
RP391: 10/24/2011 6:55:47 AM - System Checkpoint
RP392: 10/25/2011 7:21:58 AM - System Checkpoint
RP393: 10/26/2011 8:41:03 AM - System Checkpoint
RP394: 10/27/2011 9:35:51 AM - System Checkpoint
RP395: 10/27/2011 5:59:34 PM - Removed IncrediMail.
RP396: 10/27/2011 6:03:58 PM - Removed TestDrive Client.
RP397: 10/28/2011 8:46:35 AM - Configured Microsoft Office Professional 2007 Trial
RP398: 10/29/2011 3:09:09 PM - System Checkpoint
RP399: 10/30/2011 2:27:03 PM - Configured Microsoft Office Professional 2007 Trial
RP400: 10/30/2011 2:30:55 PM - Configured Microsoft Office Professional 2007 Trial
RP401: 10/30/2011 2:33:44 PM - Configured Microsoft Office Professional 2007 Trial
RP402: 10/30/2011 4:27:17 PM - Configured Microsoft Office Professional 2007 Trial
RP403: 10/31/2011 8:55:28 PM - System Checkpoint
RP404: 11/1/2011 10:07:13 PM - System Checkpoint
RP405: 11/2/2011 10:51:15 PM - System Checkpoint
RP406: 11/3/2011 11:51:52 PM - System Checkpoint
RP407: 11/5/2011 12:35:03 AM - System Checkpoint
RP408: 11/5/2011 11:47:06 PM - System Checkpoint
RP409: 11/6/2011 1:03:59 PM - Removed Ask Toolbar.
RP410: 11/6/2011 1:05:35 PM - Removed Compaq Organize
RP411: 11/6/2011 1:12:25 PM - Removed Search Settings v1.2.3.
RP412: 11/6/2011 1:27:23 PM - Removed Search Settings v1.2.3.
RP413: 11/6/2011 1:28:12 PM - Removed Search Settings v1.2.3.
RP414: 11/6/2011 2:19:10 PM - Removed Search Settings v1.2.3.
RP415: 11/6/2011 2:20:06 PM - Removed Search Settings v1.2.3.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Akamai NetSession Interface
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
BufferChm
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner
Cisco Network Magic
Compaq Connections (remove only)
Content Transfer
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DNA
Download Updater (AOL LLC)
Easy Internet Sign-up
FullDPAppQFolder
Garmin City Navigator North America NT 2009.11 Update
Garmin Communicator Plugin
Garmin USB Drivers
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Games
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Support Overview
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
iTunes
Java Auto Updater
Java™ 6 Update 21
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Media Player
MovieEdit Task
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Network Magic
Notepad++
NVIDIA Drivers
NWZ-S540 WALKMAN Guide
OptionalContentQFolder
Outspark Sharp Launcher
Pando Media Booster
PC-Doctor 5 for Windows
PhotoGallery
PhotoStitch
Pure Networks Platform
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RAW Image Task 1.2
RealPlayer
Realtek High Definition Audio Driver
RemoteCapture Task 1.1
Remove WeatherBug Installer
Search Settings v1.2.3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982802)
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SUPERAntiSpyware
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Installer for WildTangent Games App
WebEx Support Manager for Internet Explorer
WebFldrs XP
WildTangent Games App (HP Games)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/6/2011 3:38:19 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
11/6/2011 2:29:59 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 2:29:51 PM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 2:29:51 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 2:29:51 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 2:29:51 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 2:29:51 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/6/2011 2:29:51 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/6/2011 2:29:51 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/6/2011 1:12:37 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/3/2011 7:00:46 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 001731A669A8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/30/2011 6:17:01 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
10/30/2011 6:17:01 PM, error: Service Control Manager [7022] - The Avira AntiVir Guard service hung on starting.
10/30/2011 6:14:55 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/30/2011 6:14:55 PM, error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.
10/30/2011 6:14:55 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
  • 0

#7
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ok thank R
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.


1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Try OTL again.
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#9
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8104

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/6/2011 9:34:35 PM
mbam-log-2011-11-06 (21-34-35).txt

Scan type: Quick scan
Objects scanned: 242649
Time elapsed: 11 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ComboFix 11-11-06.02 - Compaq_Owner 11/06/2011 22:02:34.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.185 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.COURTNEYSROOM.000\WINDOWS
c:\documents and settings\Administrator.COURTNEYSROOM\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\new script a1 .txt
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Courtney's\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\myaccount\WINDOWS
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Toolbar_Updater_Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 02:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-27 21:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit
2011-10-27 21:51 . 2011-10-27 21:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\KompoZer
2011-10-27 21:51 . 2011-10-27 21:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\IM
2011-10-27 21:50 . 2011-10-27 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 18:06 . 2011-06-04 03:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2008-12-22 18:35 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-12-22 18:33 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-12-22 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-12-22 18:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2008-12-22 18:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-12-22 18:36 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-12-22 18:33 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-04 01:23 . 2011-07-04 01:06 20533281 -c--a-w- c:\program files\VLC.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-04-22 323392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 180269]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
c:\documents and settings\Administrator.COURTNEYSROOM\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
c:\documents and settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.COURTNEYSROOM.000^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-07-30 21:05 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1230249116\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-30 22:31 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{4C224901-74F3-4B9A-ACF7-21DFFA1188AB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-11-06 c:\windows\Tasks\User_Feed_Synchronization-{D9D5C556-3AD4-4C82-80C4-51CB5F825CF8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.yahoo.com/
IE: Save with Download Manager... - file://c:\program files\f.y.e. downloads unlimited\DMDownload.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.0.1 192.168.3.1
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\paq1dsxb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tbff50-chromesbox-en-us&tb_uuid=20100906020516255&tb_oid=25-12-2008&tb_mrud=06-09-2010
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb59?u=92541752902152546
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/mb59/?loc=ff_address_bar&u=92541752902152546&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: AOL Toolbar: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1} - %profile%\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: IncrediMail MediaBar 4 Community Toolbar: {90eee664-34b1-422a-a782-779af65cdf6d} - %profile%\extensions\{90eee664-34b1-422a-a782-779af65cdf6d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Compaq_Owner\Application Data\Move Networks
FF - user.js: protocol-handler.warn-external.dnUpdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2011-11-06 22:41:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 03:41
ComboFix2.txt 2010-09-13 23:58
.
Pre-Run: 106,636,873,728 bytes free
Post-Run: 106,526,965,760 bytes free
.
- - End Of File - - 1B8B4C2AB22FDA7D51473BCC535F7850
  • 0

Advertisements


#11
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
23:01:22.0046 1348 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
23:01:23.0843 1348 ============================================================
23:01:23.0843 1348 Current date / time: 2011/11/06 23:01:23.0843
23:01:23.0843 1348 SystemInfo:
23:01:23.0843 1348
23:01:23.0843 1348 OS Version: 5.1.2600 ServicePack: 3.0
23:01:23.0843 1348 Product type: Workstation
23:01:23.0843 1348 ComputerName: COURTNEYSROOM
23:01:23.0843 1348 UserName: Compaq_Owner
23:01:23.0843 1348 Windows directory: C:\WINDOWS
23:01:23.0843 1348 System windows directory: C:\WINDOWS
23:01:23.0843 1348 Processor architecture: Intel x86
23:01:23.0843 1348 Number of processors: 1
23:01:23.0843 1348 Page size: 0x1000
23:01:23.0843 1348 Boot type: Normal boot
23:01:23.0843 1348 ============================================================
23:01:29.0046 1348 Initialize success
23:01:52.0453 3248 ============================================================
23:01:52.0453 3248 Scan started
23:01:52.0453 3248 Mode: Manual;
23:01:52.0453 3248 ============================================================
23:02:00.0406 3248 Abiosdsk - ok
23:02:00.0593 3248 abp480n5 - ok
23:02:00.0828 3248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:02:00.0828 3248 ACPI - ok
23:02:00.0906 3248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:02:00.0906 3248 ACPIEC - ok
23:02:01.0000 3248 adfs - ok
23:02:01.0171 3248 adpu160m - ok
23:02:01.0390 3248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:02:01.0421 3248 aec - ok
23:02:01.0765 3248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:02:01.0828 3248 AFD - ok
23:02:02.0140 3248 Aha154x - ok
23:02:02.0359 3248 aic78u2 - ok
23:02:02.0609 3248 aic78xx - ok
23:02:02.0843 3248 AliIde - ok
23:02:03.0031 3248 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:02:03.0046 3248 AmdK8 - ok
23:02:03.0171 3248 amsint - ok
23:02:03.0687 3248 asc - ok
23:02:04.0078 3248 asc3350p - ok
23:02:04.0500 3248 asc3550 - ok
23:02:05.0312 3248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:02:05.0359 3248 AsyncMac - ok
23:02:05.0984 3248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:02:06.0015 3248 atapi - ok
23:02:06.0468 3248 Atdisk - ok
23:02:07.0453 3248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:02:10.0703 3248 Atmarpc - ok
23:02:11.0453 3248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:02:12.0218 3248 audstub - ok
23:02:12.0546 3248 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:02:13.0687 3248 avgio - ok
23:02:14.0218 3248 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:02:15.0593 3248 avgntflt - ok
23:02:16.0031 3248 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:02:17.0687 3248 avipbb - ok
23:02:18.0296 3248 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
23:02:18.0390 3248 bb-run - ok
23:02:18.0781 3248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:02:18.0796 3248 Beep - ok
23:02:19.0265 3248 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
23:02:19.0468 3248 BrScnUsb - ok
23:02:19.0515 3248 catchme - ok
23:02:19.0875 3248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:02:20.0062 3248 cbidf2k - ok
23:02:20.0312 3248 cd20xrnt - ok
23:02:20.0593 3248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:02:20.0687 3248 Cdaudio - ok
23:02:21.0187 3248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:02:21.0312 3248 Cdfs - ok
23:02:21.0593 3248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:02:21.0765 3248 Cdrom - ok
23:02:21.0984 3248 Changer - ok
23:02:22.0187 3248 CmdIde - ok
23:02:22.0437 3248 Cpqarray - ok
23:02:22.0812 3248 dac2w2k - ok
23:02:23.0062 3248 dac960nt - ok
23:02:23.0500 3248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:02:23.0718 3248 Disk - ok
23:02:24.0156 3248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:02:24.0625 3248 dmboot - ok
23:02:25.0000 3248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:02:25.0312 3248 dmio - ok
23:02:25.0671 3248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:02:25.0718 3248 dmload - ok
23:02:25.0921 3248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:02:26.0078 3248 DMusic - ok
23:02:26.0406 3248 dpti2o - ok
23:02:26.0656 3248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:02:26.0703 3248 drmkaud - ok
23:02:27.0078 3248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:02:27.0171 3248 Fastfat - ok
23:02:27.0375 3248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:02:27.0453 3248 Fdc - ok
23:02:27.0812 3248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:02:27.0859 3248 Fips - ok
23:02:27.0984 3248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:02:28.0250 3248 Flpydisk - ok
23:02:28.0515 3248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:02:28.0656 3248 FltMgr - ok
23:02:28.0968 3248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:02:29.0078 3248 Fs_Rec - ok
23:02:29.0390 3248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:02:29.0546 3248 Ftdisk - ok
23:02:29.0734 3248 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
23:02:29.0921 3248 ftsata2 - ok
23:02:30.0437 3248 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:02:30.0671 3248 GEARAspiWDM - ok
23:02:31.0031 3248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:02:31.0140 3248 Gpc - ok
23:02:31.0593 3248 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:02:31.0687 3248 HDAudBus - ok
23:02:32.0031 3248 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:02:32.0156 3248 HidUsb - ok
23:02:32.0421 3248 hpn - ok
23:02:32.0531 3248 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
23:02:32.0609 3248 HSXHWBS2 - ok
23:02:33.0218 3248 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
23:02:33.0703 3248 HSX_DP - ok
23:02:34.0156 3248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:02:34.0203 3248 HTTP - ok
23:02:34.0375 3248 i2omgmt - ok
23:02:34.0437 3248 i2omp - ok
23:02:34.0609 3248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:02:34.0656 3248 i8042prt - ok
23:02:34.0937 3248 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:02:35.0187 3248 iaStor - ok
23:02:35.0453 3248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:02:35.0515 3248 Imapi - ok
23:02:35.0609 3248 ini910u - ok
23:02:36.0046 3248 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:02:37.0734 3248 IntcAzAudAddService - ok
23:02:38.0140 3248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:02:38.0234 3248 IntelIde - ok
23:02:38.0531 3248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:02:38.0640 3248 intelppm - ok
23:02:38.0953 3248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:02:38.0968 3248 Ip6Fw - ok
23:02:39.0046 3248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:02:39.0156 3248 IpFilterDriver - ok
23:02:39.0500 3248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:02:39.0562 3248 IpInIp - ok
23:02:39.0812 3248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:02:39.0859 3248 IpNat - ok
23:02:40.0281 3248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:02:40.0328 3248 IPSec - ok
23:02:40.0656 3248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:02:40.0718 3248 IRENUM - ok
23:02:41.0062 3248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:02:41.0125 3248 isapnp - ok
23:02:41.0937 3248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:02:41.0953 3248 Kbdclass - ok
23:02:42.0843 3248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:02:42.0984 3248 kbdhid - ok
23:02:43.0609 3248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:02:44.0328 3248 kmixer - ok
23:02:44.0875 3248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:02:44.0890 3248 KSecDD - ok
23:02:45.0296 3248 lbrtfdc - ok
23:02:45.0781 3248 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:02:45.0875 3248 mdmxsdk - ok
23:02:46.0093 3248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:02:46.0296 3248 mnmdd - ok
23:02:46.0531 3248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:02:46.0531 3248 Modem - ok
23:02:46.0640 3248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:02:46.0671 3248 Mouclass - ok
23:02:47.0125 3248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:02:47.0156 3248 mouhid - ok
23:02:47.0250 3248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:02:47.0343 3248 MountMgr - ok
23:02:47.0437 3248 mraid35x - ok
23:02:47.0609 3248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:02:47.0812 3248 MRxDAV - ok
23:02:48.0234 3248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:02:48.0312 3248 MRxSmb - ok
23:02:48.0562 3248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:02:48.0687 3248 Msfs - ok
23:02:48.0968 3248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:02:49.0000 3248 MSKSSRV - ok
23:02:49.0093 3248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:02:49.0171 3248 MSPCLOCK - ok
23:02:49.0546 3248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:02:49.0609 3248 MSPQM - ok
23:02:49.0921 3248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:02:49.0953 3248 mssmbios - ok
23:02:50.0140 3248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:02:50.0156 3248 Mup - ok
23:02:50.0671 3248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:02:50.0718 3248 NDIS - ok
23:02:51.0031 3248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:02:51.0046 3248 NdisTapi - ok
23:02:51.0296 3248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:02:51.0343 3248 Ndisuio - ok
23:02:51.0687 3248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:02:51.0859 3248 NdisWan - ok
23:02:52.0171 3248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:02:52.0187 3248 NDProxy - ok
23:02:52.0515 3248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:02:52.0656 3248 NetBIOS - ok
23:02:53.0218 3248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:02:53.0453 3248 NetBT - ok
23:02:53.0796 3248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:02:53.0843 3248 Npfs - ok
23:02:54.0187 3248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:02:54.0453 3248 Ntfs - ok
23:02:54.0859 3248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:02:54.0906 3248 Null - ok
23:02:57.0390 3248 nv (ce58f42b11be20a47c3d8d2f38da254e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:03:02.0203 3248 nv - ok
23:03:03.0015 3248 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:03:03.0421 3248 NVENETFD - ok
23:03:03.0890 3248 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:03:03.0984 3248 nvnetbus - ok
23:03:04.0406 3248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:03:04.0468 3248 NwlnkFlt - ok
23:03:04.0906 3248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:03:05.0093 3248 NwlnkFwd - ok
23:03:05.0656 3248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:03:05.0750 3248 Parport - ok
23:03:06.0078 3248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:03:06.0265 3248 PartMgr - ok
23:03:06.0656 3248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:03:06.0750 3248 ParVdm - ok
23:03:07.0203 3248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:03:07.0281 3248 PCI - ok
23:03:07.0546 3248 PCIDump - ok
23:03:07.0750 3248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:03:07.0812 3248 PCIIde - ok
23:03:08.0109 3248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:03:08.0156 3248 Pcmcia - ok
23:03:08.0281 3248 PDCOMP - ok
23:03:08.0328 3248 PDFRAME - ok
23:03:08.0437 3248 PDRELI - ok
23:03:08.0593 3248 PDRFRAME - ok
23:03:08.0796 3248 perc2 - ok
23:03:08.0843 3248 perc2hib - ok
23:03:09.0078 3248 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
23:03:09.0156 3248 pnarp - ok
23:03:09.0468 3248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:03:09.0578 3248 PptpMiniport - ok
23:03:09.0890 3248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
23:03:10.0062 3248 Processor - ok
23:03:10.0296 3248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:03:10.0328 3248 PSched - ok
23:03:10.0437 3248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:03:10.0562 3248 Ptilink - ok
23:03:10.0828 3248 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
23:03:10.0921 3248 purendis - ok
23:03:11.0234 3248 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:03:11.0296 3248 PxHelp20 - ok
23:03:11.0531 3248 ql1080 - ok
23:03:11.0687 3248 Ql10wnt - ok
23:03:11.0734 3248 ql12160 - ok
23:03:11.0906 3248 ql1240 - ok
23:03:12.0046 3248 ql1280 - ok
23:03:12.0218 3248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:03:12.0312 3248 RasAcd - ok
23:03:12.0625 3248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:03:12.0718 3248 Rasl2tp - ok
23:03:12.0937 3248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:03:13.0000 3248 RasPppoe - ok
23:03:13.0234 3248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:03:13.0328 3248 Raspti - ok
23:03:13.0687 3248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:03:13.0843 3248 Rdbss - ok
23:03:14.0156 3248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:03:14.0203 3248 RDPCDD - ok
23:03:14.0312 3248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:03:14.0312 3248 RDPWD - ok
23:03:14.0671 3248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:03:14.0953 3248 redbook - ok
23:03:15.0343 3248 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:03:15.0375 3248 rtl8139 - ok
23:03:15.0500 3248 SABProcEnum - ok
23:03:15.0656 3248 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:03:15.0734 3248 SASDIFSV - ok
23:03:15.0843 3248 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:03:15.0906 3248 SASKUTIL - ok
23:03:16.0218 3248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:03:16.0250 3248 Secdrv - ok
23:03:16.0687 3248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:03:16.0765 3248 Serial - ok
23:03:17.0156 3248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:03:17.0218 3248 Sfloppy - ok
23:03:17.0468 3248 Simbad - ok
23:03:17.0640 3248 Sparrow - ok
23:03:18.0078 3248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:03:18.0156 3248 splitter - ok
23:03:18.0890 3248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:03:19.0062 3248 sr - ok
23:03:19.0343 3248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:03:19.0390 3248 Srv - ok
23:03:19.0500 3248 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:03:19.0546 3248 ssmdrv - ok
23:03:19.0703 3248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:03:19.0765 3248 swenum - ok
23:03:19.0984 3248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:03:20.0031 3248 swmidi - ok
23:03:20.0203 3248 symc810 - ok
23:03:20.0265 3248 symc8xx - ok
23:03:20.0390 3248 sym_hi - ok
23:03:20.0515 3248 sym_u3 - ok
23:03:20.0656 3248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:03:20.0703 3248 sysaudio - ok
23:03:20.0968 3248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:03:20.0984 3248 Tcpip - ok
23:03:21.0093 3248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:03:21.0125 3248 TDPIPE - ok
23:03:21.0218 3248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:03:21.0265 3248 TDTCP - ok
23:03:21.0359 3248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:03:21.0437 3248 TermDD - ok
23:03:21.0531 3248 TosIde - ok
23:03:21.0781 3248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:03:21.0859 3248 Udfs - ok
23:03:22.0062 3248 ultra - ok
23:03:22.0218 3248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:03:22.0359 3248 Update - ok
23:03:22.0562 3248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:03:22.0593 3248 usbccgp - ok
23:03:23.0000 3248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:03:23.0203 3248 usbehci - ok
23:03:23.0671 3248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:03:23.0859 3248 usbhub - ok
23:03:24.0625 3248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:03:24.0921 3248 usbohci - ok
23:03:25.0640 3248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:03:25.0968 3248 usbprint - ok
23:03:26.0578 3248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:03:26.0796 3248 usbscan - ok
23:03:27.0296 3248 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:03:27.0312 3248 usbstor - ok
23:03:28.0031 3248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:03:28.0234 3248 usbuhci - ok
23:03:28.0640 3248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:03:28.0812 3248 VgaSave - ok
23:03:29.0265 3248 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:03:29.0406 3248 ViaIde - ok
23:03:29.0937 3248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:03:29.0968 3248 VolSnap - ok
23:03:30.0500 3248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:03:30.0671 3248 Wanarp - ok
23:03:31.0281 3248 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23:03:31.0453 3248 wanatw - ok
23:03:31.0890 3248 WDICA - ok
23:03:32.0359 3248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:03:32.0453 3248 wdmaud - ok
23:03:33.0156 3248 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
23:03:33.0609 3248 winachsx - ok
23:03:34.0359 3248 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:03:34.0500 3248 WpdUsb - ok
23:03:35.0359 3248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:03:35.0734 3248 WudfPf - ok
23:03:36.0453 3248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:03:36.0765 3248 WudfRd - ok
23:03:37.0093 3248 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
23:03:37.0218 3248 \Device\Harddisk0\DR0 - ok
23:03:37.0234 3248 Boot (0x1200) (1ca0a83836f3cd69c19c74ba75d3c38a) \Device\Harddisk0\DR0\Partition0
23:03:37.0234 3248 \Device\Harddisk0\DR0\Partition0 - ok
23:03:37.0265 3248 Boot (0x1200) (c37c0c732058a822d3f03d20974b9fa2) \Device\Harddisk0\DR0\Partition1
23:03:37.0296 3248 \Device\Harddisk0\DR0\Partition1 - ok
23:03:37.0296 3248 ============================================================
23:03:37.0296 3248 Scan finished
23:03:37.0296 3248 ============================================================
23:03:37.0859 2624 Detected object count: 0
23:03:37.0859 2624 Actual detected object count: 0
23:06:53.0890 3032 Deinitialize success
  • 0

#12
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
hi r
i am sorry but i have to run the rest of the tools tommorow i have work early
i should have the logs uploaded tomorow about 5 pm eastern time
thank you again for all your help
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

Folder::
C:\Program Files\Search Settings\

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.



Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Are you still unable to run OTL?
  • 0

#14
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
new combofix log
ComboFix 11-11-07.02 - Compaq_Owner 11/07/2011 9:45.11.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.167 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 02:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-27 21:52 . 2011-10-27 21:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit
2011-10-27 21:51 . 2011-10-27 21:51 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\KompoZer
2011-10-27 21:51 . 2011-10-27 21:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\IM
2011-10-27 21:50 . 2011-10-27 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-25 18:06 . 2011-06-04 03:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2008-12-22 18:35 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-12-22 18:33 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-12-22 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-12-22 18:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2008-12-22 18:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-12-22 18:36 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-12-22 18:33 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-04 01:23 . 2011-07-04 01:06 20533281 -c--a-w- c:\program files\VLC.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-04-22 323392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 180269]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
.
c:\documents and settings\Administrator.COURTNEYSROOM\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
c:\documents and settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.COURTNEYSROOM.000^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-07-30 21:05 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1230249116\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-10-30 22:31 4615552 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/5/2010 9:45 AM 136360]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/22/2008 1:33 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{4C224901-74F3-4B9A-ACF7-21DFFA1188AB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-11-07 c:\windows\Tasks\User_Feed_Synchronization-{D9D5C556-3AD4-4C82-80C4-51CB5F825CF8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.yahoo.com/
IE: Save with Download Manager... - file://c:\program files\f.y.e. downloads unlimited\DMDownload.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.0.1 192.168.3.1
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2011-11-07 10:32:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-07 15:31
ComboFix2.txt 2011-11-07 03:42
ComboFix3.txt 2010-09-13 23:58
.
Pre-Run: 106,545,930,240 bytes free
Post-Run: 106,516,193,280 bytes free
.
- - End Of File - - DB2B2F0D30C66E27B9A163E80D483ED0
  • 0

#15
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 07/11/2011 10:52:12 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2011 10:19:24 AM
Type: error Category: 0
Event: 7016 Source: Service Control Manager
The BrSplService service has reported an invalid current state 0.

Log: 'System' Date/Time: 07/11/2011 9:59:25 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/11/2011 9:59:25 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/11/2011 9:45:17 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:13 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:13 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:13 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:13 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:13 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:12 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:12 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:12 AM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 07/11/2011 9:45:12 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:12 AM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The BrSplService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 07/11/2011 9:45:12 AM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 07/11/2011 9:17:54 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/11/2011 9:17:54 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/11/2011 9:17:54 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/11/2011 9:17:54 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 07/11/2011 9:17:54 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Application Management service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2011 10:37:54 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:27:38 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<ERUNT.3XE> C:\ComboFix\HIV\ERDNT.EXE

Log: 'System' Date/Time: 07/11/2011 10:22:00 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:18:54 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:18:05 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:10:25 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:09:04 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmapp.exe> C:\...etwork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:07:33 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmapp.exe> C:\...etwork Magic\nmrsrc.dll

Log: 'System' Date/Time: 07/11/2011 10:07:06 AM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmapp.exe> C:\...etwork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 11:27:54 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...r Desktop\shlext.dll

Log: 'System' Date/Time: 06/11/2011 11:07:41 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmsrvc.exe> C:\WINDOWS\temp\pn46.tmp

Log: 'System' Date/Time: 06/11/2011 10:38:25 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 10:32:00 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 10:30:24 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 10:23:51 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\...ork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 10:23:03 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmapp.exe> C:\...etwork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 10:21:53 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmapp.exe> C:\...etwork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 10:21:20 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<nmapp.exe> C:\...etwork Magic\nmrsrc.dll

Log: 'System' Date/Time: 06/11/2011 9:15:26 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<System> C:\...m-setup-1.51.2.1300[1].exe

Log: 'System' Date/Time: 06/11/2011 9:14:07 PM
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<iexplore.exe>
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP