Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot activate Automatic Updates [Solved]

Started by hbkvcu , Jul 29 2012 06:00 PM

  • This topic is locked This topic is locked

#1
hbkvcu
Posted 29 July 2012 - 06:00 PM

hbkvcu

    Member

  • Member
  • PipPip
  • 25 posts
Hello Board....

I have my mom's laptop...and it looks like when I attempted to activate her "Automatic Updates" in the Windows Security Center, it wouldn't let me. I am not sure what to do. I have attached the OTL log as requested. I appreciate your time !!

OTL logfile created on: 7/29/2012 7:39:03 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Deborah\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 63.35% Memory free
3.60 Gb Paging File | 2.85 Gb Available in Paging File | 79.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 215.55 Gb Free Space | 92.56% Space Free | Partition Type: NTFS

Computer Name: DEBORAH-PIRC590 | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 19:38:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
PRC - [2012/07/29 19:19:27 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 01:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/03/09 10:39:58 | 001,280,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\mfp.exe
PRC - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/29 19:19:25 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/28 20:21:23 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/06/16 17:17:54 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/16 15:54:34 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/06/01 20:21:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/06/01 20:20:28 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MOD - [2012/06/01 20:20:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/22 21:03:37 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/22 20:59:43 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/22 20:59:34 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/29 19:19:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/28 20:21:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/01/28 13:28:50 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/09 10:39:58 | 000,235,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (fpUpdateSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/09/02 12:46:28 | 000,254,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/11/11 19:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/27 11:52:00 | 001,310,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/02/08 10:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/18 13:18:00 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007/11/01 09:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 09:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 09:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/12 17:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.microsoft...r=6&ar=msnhome"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/28 18:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/07/29 19:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/21 13:21:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 19:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/21 13:21:35 | 000,000,000 | ---D | M]

[2011/11/11 16:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Extensions
[2012/06/07 18:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\u1oiw0fr.default\extensions
[2012/06/07 18:09:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\u1oiw0fr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/29 19:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/29 19:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/29 19:21:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/29 19:19:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/30 18:22:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/30 18:22:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/12 18:15:05 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: HP54FB2B.home HP00187154FB2B
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120621205343.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\mfp.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF0D8CDE-3410-4563-8B29-D1AE5269504D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/09 23:38:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 19:38:35 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/07/29 19:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/07/29 19:20:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/07/28 18:36:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/28 18:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\GooredFix Backups
[2012/07/21 17:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/21 17:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/21 14:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Malwarebytes
[2012/07/21 14:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/21 08:15:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Deborah\My Documents\My Videos
[2012/07/20 21:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\Lewis Ginter Pictures
[2012/07/20 21:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\New folder (10)
[2012/07/20 21:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Desktop\Desktop Music
[2012/07/20 20:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\My Documents\My Streaming Media
[2012/07/20 20:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4
[2012/06/30 18:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/06/30 18:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 19:38:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Deborah\Desktop\OTL.exe
[2012/07/29 19:22:13 | 000,441,802 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/29 19:22:13 | 000,071,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/29 19:21:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/29 19:20:45 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Verizon Internet Security Suite.lnk
[2012/07/29 19:18:15 | 000,013,704 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/29 19:16:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/21 19:04:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/21 13:47:27 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/21 13:27:52 | 000,205,143 | ---- | M] () -- C:\WINDOWS\hpwins26.dat
[2012/07/21 13:19:40 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/07/21 13:18:44 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/07/14 17:16:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/30 20:45:06 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 17:38:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/21 13:20:20 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/07/21 13:19:40 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2012/07/21 13:18:44 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/07/21 13:13:51 | 000,205,143 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2012/07/21 13:13:51 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2012/07/20 19:58:17 | 000,000,804 | ---- | C] () -- C:\WINDOWS\$NtUninstallKB19240$\1736846510\L\00000004.@
[2012/06/01 21:38:41 | 000,205,415 | ---- | C] () -- C:\WINDOWS\hpwins26.dat.temp
[2012/06/01 21:38:41 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat.temp
[2012/04/14 11:03:23 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/14 11:03:18 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/14 11:03:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/14 10:59:47 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/03/18 17:25:17 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 17:21:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 18:56:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/11/12 18:13:49 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Deborah\Local Settings\Application Data\fusioncache.dat
[2011/11/12 17:19:42 | 000,116,910 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2011/11/12 17:19:42 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2011/11/12 16:37:37 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/11/12 16:36:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/11/11 17:38:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2011/11/10 16:23:15 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/11/09 23:39:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 23:35:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/09 16:41:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/09 16:40:10 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/04/07 23:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdvancedRegistryClear
[2012/07/07 22:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/07 23:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\AdvancedRegistryClear
[2012/07/20 20:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah\Application Data\Replay Media Catcher 4

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 30 July 2012 - 08:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have a zero access infection

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    [Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
hbkvcu
Posted 30 July 2012 - 04:48 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

Thanks for the quick reply...I will do the steps you recommended tomorrow....I left the laptop at my mom's house...

Thanks again !!
  • 0

#4
hbkvcu
Posted 31 July 2012 - 04:48 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

Here is the Combofix report you requested....I think my computer is getting back to normal...The automatic updates is "on"...But I'll let you check it out to see if anything else needs to be done....

ComboFix 12-07-30.03 - Deborah 07/31/2012 18:27:45.1.2 - x86
Running from: c:\documents and settings\Deborah\Desktop\ComboFix.exe
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\HPZipm12.1
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD5.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-29 23:21 . 2012-07-29 23:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-29 23:21 . 2012-07-29 23:21 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-29 23:20 . 2012-07-29 23:20 -------- d-----w- c:\program files\Java
2012-07-29 00:21 . 2012-07-29 00:21 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-28 22:36 . 2012-07-28 22:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 18:42 . 2012-07-21 18:42 -------- d-----w- c:\documents and settings\Deborah\Application Data\Malwarebytes
2012-07-21 18:41 . 2012-07-21 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-21 17:25 . 2009-05-18 21:33 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-07-21 17:25 . 2009-06-01 23:36 966656 ----a-r- c:\windows\system32\hpwtiop5.dll
2012-07-21 17:25 . 2009-06-01 23:36 749568 ----a-r- c:\windows\system32\hpwwiax6.dll
2012-07-21 17:25 . 2009-06-01 23:36 315392 ----a-r- c:\windows\system32\hpwvst01.dll
2012-07-21 17:25 . 2009-05-18 21:33 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-07-21 01:15 . 2012-07-21 01:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-21 01:15 . 2012-07-21 01:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-21 00:00 . 2012-07-21 00:00 -------- d-----w- c:\documents and settings\Deborah\Application Data\Replay Media Catcher 4
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 23:21 . 2012-04-14 14:53 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-29 00:21 . 2012-04-07 00:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-29 00:21 . 2011-11-11 21:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 22:40 . 2011-11-09 20:42 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-06-13 13:19 . 2002-08-29 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2011-11-12 20:36 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2002-08-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-08-29 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-11-11 17:34 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-11-11 17:34 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2011-11-11 17:34 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-11-11 17:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-11-10 03:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2002-08-29 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-11-11 17:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-11-10 03:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2002-08-29 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2002-08-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2002-08-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2011-11-11 17:34 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2002-08-29 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2002-08-29 01:04 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-29 23:19 . 2011-11-11 20:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]
"ICF"="c:\program files\Internet Content Filter\mfp.exe" [2010-03-09 1280016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe" [2012-04-04 815512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 23:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=2 (0x2)
"hpqwmiex"=2 (0x2)
"HP Status Server"=3 (0x3)
"HP Port Resolver"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/29/2011 12:59 AM 89792]
R2 fpUpdateSvc;Family Protection Update Service;c:\program files\Internet Content Filter\UpdateService.exe [11/29/2011 1:04 AM 235024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [11/29/2011 1:00 AM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/29/2011 1:00 AM 151880]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/29/2011 12:59 AM 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/29/2011 12:59 AM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/29/2011 12:59 AM 83856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [4/14/2012 11:00 AM 100456]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/28/2011 7:20 PM 290832]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 8:03 PM 250056]
S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [11/29/2011 1:02 AM 203080]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/29/2011 12:59 AM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/29/2011 12:59 AM 87656]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/30/2012 6:22 PM 113120]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [11/11/2011 11:44 AM 254568]
S4 McOobeSv;McAfee OOBE Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/29/2011 12:59 AM 214904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 00:21]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: ICF.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Deborah\Application Data\Mozilla\Firefox\Profiles\u1oiw0fr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-32565148.sys
MSConfigStartUp-Skype - c:\documents and settings\Deborah\Application Data\Skype\Phone\Skype.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-31 18:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\ICF.dll
.
Completion time: 2012-07-31 18:40:10
ComboFix-quarantined-files.txt 2012-07-31 22:40
.
Pre-Run: 231,335,178,240 bytes free
Post-Run: 233,347,551,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - CCE4CA3ED8108676677D3E44E5904E41
  • 0

#5
Essexboy
Posted 01 August 2012 - 11:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep lets check the remainder of the services to be sure

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#6
hbkvcu
Posted 01 August 2012 - 12:19 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

Here are the FSS results:

Farbar Service Scanner Version: 26-07-2012
Ran by Deborah (administrator) on 01-08-2012 at 14:13:27
Running from "C:\Documents and Settings\Deborah\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x09000000050000000100000002000000030000000400000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#7
Essexboy
Posted 01 August 2012 - 12:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the following reg fix to your desktop

Right click the following link and select save as..
https://dl.dropbox.c...5776/BITSxp.reg

Right click the file and select merge
Accept any warnings

Do the same for the following reg file
https://dl.dropbox.c...redAccessxp.reg
Right click the file and select merge
Accept any warnings
Reboot the computer

The try windows updates and the firewall

Once done let me know of any outstanding problems
  • 0

#8
hbkvcu
Posted 01 August 2012 - 01:01 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello,

I right clicked the first link and saved. It saved as a Wordpad/Notepad file. When I right clicked the file, it didn't give me the merge option. The same results happened with the second link. Is there something I am doing wrong?
  • 0

#9
Essexboy
Posted 01 August 2012 - 01:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope .. You obviously have the system set up to read reg files I will attach them to this post as a zip file
Download the zip file and extract both to the desktop and then merge them

[attachment=59366:SharedAccessxp.zip]
  • 0

#10
hbkvcu
Posted 01 August 2012 - 02:11 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I was able to perform the tasks you gave me. When I go into Mozilla Firefox and let's say I want to save a picture...when I right click and "save as"....I get the hourglass and it just stays until I do a ctrl+alt+delete. Would you happen to think it may still have something to do with that virus?

Just let me know what I need to do....
  • 0

Advertisements

#11
Essexboy
Posted 01 August 2012 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that looks like a corruption of Firefox .. So download the latest version and install it over the top, Let me know if that works. Any further problems ?
  • 0

#12
hbkvcu
Posted 01 August 2012 - 02:36 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I'm glad you said that...I tried that procedure before my last post...but the hourglass still shows up....
  • 0

#13
Essexboy
Posted 01 August 2012 - 02:44 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
IN that case it looks like uninstall and then run a fresh install I am afraid .. Let me know if that works,.. If it doesn't I will revist the firefox area in OTL
  • 0

#14
hbkvcu
Posted 01 August 2012 - 02:51 PM

hbkvcu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Unfortunately it did not solve the problem....
  • 0

#15
Essexboy
Posted 01 August 2012 - 02:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL quick scan please ensuring all users is selected
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP