Google search ads

Inactive
By Dan Skrlin
Aug 16, 2012
Topic Status:
Not open for further replies.
  1. Need help on this one. Logs below.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.16.08
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    PMC :: PMC-MAIN [administrator]
    Protection: Enabled
    8/16/2012 9:56:12 AM
    mbam-log-2012-08-16 (09-56-12).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 263845
    Time elapsed: 7 minute(s), 24 second(s)
    Memory Processes Detected: 1
    C:\Documents and Settings\All Users\Application Data\MSyoKnyMgyss.exe (Backdoor.Agent.RC2Gen) -> 3992 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSyoKnyMgyss.exe (Backdoor.Agent.RC2Gen) -> Data: C:\Documents and Settings\All Users\Application Data\MSyoKnyMgyss.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\PMC\Local Settings\Application Data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\n. -> Quarantined and deleted successfully.
    Registry Data Items Detected: 6
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Documents and Settings\All Users\Application Data\MSyoKnyMgyss.exe (Backdoor.Agent.RC2Gen) -> Delete on reboot.
    C:\Documents and Settings\PMC\Local Settings\Application Data\cxudadiutb.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    (end)
  2. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-16 10:15:21
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1500HLFS-01G6U1 rev.04.04V02
    Running: oe7yh8f0.exe; Driver: C:\DOCUME~1\PMC\LOCALS~1\Temp\awtyapow.sys

    ---- Processes - GMER 1.0.15 ----
    Process C:\WINDOWS\system32\svchost.exe (*** hidden *** ) 3448
    ---- EOF - GMER 1.0.15 ----
  3. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
    Run by PMC at 10:22:50 on 2012-08-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1898 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\UPS\WSTD\UPSNA1Msgr.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    svchost.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\WinMsgBalloonServer.exe
    C:\WINDOWS\system32\WinMsgBalloonClient.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: LeapFTP Internet Explorer Hook: {a5479da1-7843-43a7-b5c0-be342c77b629} - c:\progra~1\leapft~1.0\lftpie.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
    mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer = 10.0.0.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\pmc\application data\mozilla\firefox\profiles\z3p28s2o.default\
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\autodesk\autodesk player plugin\npAdPlayerPlugin_FF.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-11-2 80416]
    R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-11-2 126880]
    R0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\drivers\vsflt67.sys [2012-5-19 86496]
    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-5-21 3459024]
    R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2008-8-31 122880]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-16 655944]
    R2 MSSQL$ECC;SQL Server (ECC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]
    R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
    R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2012-4-27 5914912]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-5-21 234752]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-5 1684736]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
    S3 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe [2010-4-3 42884448]
    S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
    S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -I upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -I UPSWSDBSERVER [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
    S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
    S4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
    .
    =============== Created Last 30 ================
    .
    2012-08-16 14:39:40 -------- d--h--w- c:\documents and settings\pmc\application data\Malwarebytes
    2012-08-16 14:39:33 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
    2012-08-16 14:39:32 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys
    2012-08-16 14:39:32 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-14 21:30:04 9826504 ---ha-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2012-08-14 21:30:05 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-14 21:30:05 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-26 17:57:48 60304 ---ha-w- c:\documents and settings\pmc\g2mdlhlpx.exe
    2012-06-13 13:19:59 1866112 ---ha-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ---ha-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ---ha-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ---ha-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ---ha-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ---ha-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ---ha-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ---ha-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ---ha-w- c:\windows\system32\crypt32.dll
    2012-05-19 20:40:11 234752 ---ha-w- c:\windows\system32\drivers\afcdp.sys
    2012-05-19 20:40:07 775232 ---ha-w- c:\windows\system32\drivers\tdrpman.sys
    2012-05-19 20:40:06 614592 ---ha-w- c:\windows\system32\drivers\timntr.sys
    2012-05-19 20:40:04 126880 ---ha-w- c:\windows\system32\drivers\vididr.sys
    2012-05-19 20:40:03 86496 ---ha-w- c:\windows\system32\drivers\vsflt67.sys
    2012-05-19 20:40:01 177600 ---ha-w- c:\windows\system32\drivers\snapman.sys
    2012-05-19 20:39:59 80416 ---ha-w- c:\windows\system32\drivers\fltsrv.sys
    .
    ============= FINISH: 10:23:17.18 ===============
  4. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    Let me know
  5. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/5/2010 7:52:33 PM
    System Uptime: 8/16/2012 10:04:53 AM (0 hours ago)
    .
    Motherboard: Shuttle Inc | | FA76
    Processor: AMD Phenom(tm) II X4 945 Processor | Socket AM2 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 84.111 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is FIXED (NTFS) - 466 GiB total, 270.184 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: Canon MX850 ser Network
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Manufacturer: Canon
    Name: Canon MX850 ser Network
    PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP620: 5/18/2012 3:05:26 PM - System Checkpoint
    RP621: 5/19/2012 4:13:06 PM - System Checkpoint
    RP622: 5/21/2012 8:27:59 AM - System Checkpoint
    RP623: 5/22/2012 8:31:45 AM - System Checkpoint
    RP624: 5/23/2012 8:51:59 AM - System Checkpoint
    RP625: 5/24/2012 9:49:29 AM - System Checkpoint
    RP626: 5/25/2012 11:33:13 AM - System Checkpoint
    RP627: 5/26/2012 11:49:29 AM - System Checkpoint
    RP628: 5/27/2012 12:49:29 PM - System Checkpoint
    RP629: 5/28/2012 1:49:29 PM - System Checkpoint
    RP630: 5/29/2012 3:20:34 PM - System Checkpoint
    RP631: 5/30/2012 4:11:45 PM - System Checkpoint
    RP632: 5/31/2012 4:21:11 PM - System Checkpoint
    RP633: 6/1/2012 4:59:00 PM - System Checkpoint
    RP634: 6/2/2012 5:27:17 PM - System Checkpoint
    RP635: 6/4/2012 8:10:00 AM - System Checkpoint
    RP636: 6/5/2012 7:57:31 AM - Software Distribution Service 3.0
    RP637: 6/6/2012 8:15:04 AM - System Checkpoint
    RP638: 6/7/2012 8:50:32 AM - System Checkpoint
    RP639: 6/8/2012 9:27:17 AM - System Checkpoint
    RP640: 6/9/2012 10:23:06 AM - System Checkpoint
    RP641: 6/10/2012 11:44:04 AM - System Checkpoint
    RP642: 6/11/2012 12:00:06 PM - System Checkpoint
    RP643: 6/12/2012 12:00:35 PM - System Checkpoint
    RP644: 6/13/2012 1:33:22 PM - System Checkpoint
    RP645: 6/14/2012 7:13:39 AM - Software Distribution Service 3.0
    RP646: 6/15/2012 8:12:21 AM - System Checkpoint
    RP647: 6/16/2012 9:27:05 AM - System Checkpoint
    RP648: 6/18/2012 8:51:12 AM - System Checkpoint
    RP649: 6/19/2012 11:45:57 AM - System Checkpoint
    RP650: 6/20/2012 12:01:32 PM - System Checkpoint
    RP651: 6/21/2012 12:15:16 PM - System Checkpoint
    RP652: 6/22/2012 12:22:26 PM - System Checkpoint
    RP653: 6/25/2012 3:12:55 PM - System Checkpoint
    RP654: 6/26/2012 5:05:15 PM - System Checkpoint
    RP655: 6/27/2012 5:35:43 PM - System Checkpoint
    RP656: 6/28/2012 12:03:24 PM - Installed Citrix online plug-in (Web)
    RP657: 6/29/2012 1:15:54 PM - System Checkpoint
    RP658: 6/30/2012 3:05:46 PM - System Checkpoint
    RP659: 7/1/2012 4:53:59 PM - System Checkpoint
    RP660: 7/2/2012 7:05:06 PM - System Checkpoint
    RP661: 7/3/2012 8:03:24 PM - System Checkpoint
    RP662: 7/5/2012 9:15:55 AM - System Checkpoint
    RP663: 7/5/2012 1:48:17 PM - Installed DraftSight.
    RP664: 7/5/2012 1:52:32 PM - Removed DraftSight.
    RP665: 7/5/2012 1:55:12 PM - Installed SolidWorks viewer.
    RP666: 7/5/2012 2:02:23 PM - Removed SolidWorks viewer.
    RP667: 7/5/2012 2:02:48 PM - Installed SolidWorks eDrawings 2012.
    RP668: 7/6/2012 2:59:16 PM - System Checkpoint
    RP669: 7/8/2012 8:07:59 AM - System Checkpoint
    RP670: 7/9/2012 8:37:13 AM - System Checkpoint
    RP671: 7/10/2012 10:20:19 AM - System Checkpoint
    RP672: 7/11/2012 10:29:58 AM - Software Distribution Service 3.0
    RP673: 7/12/2012 3:37:56 PM - System Checkpoint
    RP674: 7/13/2012 4:33:57 PM - System Checkpoint
    RP675: 7/14/2012 5:21:23 PM - System Checkpoint
    RP676: 7/16/2012 8:36:01 AM - System Checkpoint
    RP677: 7/17/2012 9:24:16 AM - System Checkpoint
    RP678: 7/18/2012 10:10:46 AM - System Checkpoint
    RP679: 7/19/2012 10:52:05 AM - System Checkpoint
    RP680: 7/20/2012 11:51:27 AM - System Checkpoint
    RP681: 7/21/2012 12:32:33 PM - System Checkpoint
    RP682: 7/23/2012 8:10:00 AM - System Checkpoint
    RP683: 7/24/2012 8:47:26 AM - System Checkpoint
    RP684: 7/25/2012 9:31:45 AM - System Checkpoint
    RP685: 7/26/2012 10:14:49 AM - System Checkpoint
    RP686: 7/27/2012 12:36:47 PM - System Checkpoint
    RP687: 7/28/2012 1:30:31 PM - System Checkpoint
    RP688: 7/29/2012 2:18:51 PM - System Checkpoint
    RP689: 7/30/2012 2:46:55 PM - System Checkpoint
    RP690: 7/31/2012 2:48:56 PM - System Checkpoint
    RP691: 8/1/2012 5:09:53 PM - System Checkpoint
    RP692: 8/2/2012 5:26:08 PM - System Checkpoint
    RP693: 8/3/2012 7:18:37 PM - System Checkpoint
    RP694: 8/6/2012 8:19:31 AM - System Checkpoint
    RP695: 8/7/2012 9:39:15 AM - System Checkpoint
    RP696: 8/8/2012 9:53:37 AM - System Checkpoint
    RP697: 8/9/2012 9:56:19 AM - System Checkpoint
    RP698: 8/10/2012 10:34:33 AM - System Checkpoint
    RP699: 8/11/2012 11:15:17 AM - System Checkpoint
    RP700: 8/12/2012 11:59:06 AM - System Checkpoint
    RP701: 8/13/2012 12:44:05 PM - System Checkpoint
    RP702: 8/14/2012 1:21:10 PM - System Checkpoint
    RP703: 8/15/2012 2:04:34 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acronis True Image Home 2012
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Advertising Center
    AlignmentUtility
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AutoCAD LT Online Trial
    Autodesk Player Plugin
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 1.1
    Canon MX850 series
    Canon MX850 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    CCC
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help English
    Citrix online plug-in (Web)
    DolbyFiles
    Dolphin Futures XPS Viewer version 1.1.0
    Dragon NaturallySpeaking 10
    eCC
    eCC Merge Module
    FastStone Capture 6.9
    FileZilla Client 3.5.3
    FlipShare
    FlukeView ScopeMeter 4
    FormsComponent
    FOSS
    FTDI USB Serial Converter Drivers
    FW LiveUpdate
    Google Update Helper
    GoToMeeting 5.1.0.880
    GTWorks Demo
    High Definition Audio Driver Package - KB888111
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    ICam
    ICCHelp
    ImagXpress
    InCD Help
    INTERMAC - StoneCam 3.3
    Java Auto Updater
    Java(TM) 6 Update 31
    LeapFTP 3.0
    LightScribe System Software
    LogoTag Free
    Malwarebytes Anti-Malware version 1.62.0.1300
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (ECC)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 14.0 (x86 en-US)
    MSIChecker
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    NA1Messenger
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero StartSmart OEM
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    NRF
    OGA Notifier 2.0.0048.0
    PARTcommunity 3D Web Viewer
    PIXMA Extended Survey Program
    PolicyManager
    Presto! PageManager 7.15.20
    QBWebConnector
    QuickBooks
    QuickBooks Pro 2011
    RAIDXpert
    Realtek High Definition Audio Driver
    Reconciler
    ReportServer
    ScanSoft OmniPage SE 4
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sentinel System Driver
    Skins
    Skype Click to Call
    Skype™ 5.10
    SolidWorks eDrawings 2012
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Database Engine Services
    SQL Server 2008 R2 Database Engine Shared
    Sql Server Customer Experience Improvement Program
    SupportUtility
    System
    UnifiedPrinting
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982664)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    UPS WorldShip
    UPSDB
    UPSICC
    UPSlinkHTTP
    UPSVC2008MM
    UPSVCMM
    Visual C++ Runtime for Dragon NaturallySpeaking
    VLC media player 2.0.0
    VNC Enterprise Edition E4.6.3
    VNC Mirror Driver 1.8.0
    VNC Printer Driver 1.7.0
    VPlus User Interface
    WebFldrs XP
    WebHelp
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR 4.00 (32-bit)
    WorldShip
    WSShared
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2012 11:01:23 AM, error: Print [6161] - The document PICKUP SUMMARY BARCODE owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 17996. Number of bytes printed: 17908. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 0 (0x0).
    8/16/2012 9:50:39 AM, error: Service Control Manager [7024] - The FlipShare Server service terminated with service-specific error 1 (0x1).
    8/16/2012 9:23:14 AM, error: Print [6161] - The document AP Technology Ltd - USD Bank Details.pdf owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 262144. Number of bytes printed: 201008. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
    8/16/2012 9:22:01 AM, error: Print [6161] - The document Precision Metalcraft Sales Order.pdf owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 655360. Number of bytes printed: 351684. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
    8/14/2012 9:34:12 AM, error: Print [6161] - The document PICKUP SUMMARY BARCODE owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 17908. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
    8/14/2012 11:51:53 AM, error: Print [6161] - The document Microsoft Word - PMC Spindle Rebuild Warranty Info - 6 Month DOP.doc owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3801088. Number of bytes printed: 3706048. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
    8/14/2012 11:49:28 AM, error: Print [6161] - The document owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1703936. Number of bytes printed: 1477264. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
    8/10/2012 8:30:43 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/10/2012 8:08:29 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
    ====================================
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    You got it boss, lets get this ball rolling......
  9. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: PMC [Admin rights]
    Mode: Scan -- Date: 08/16/2012 10:55:27
    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries: 13 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> FOUND
    [DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> FOUND
    [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] n : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\n --> FOUND
    [ZeroAccess][FILE] @ : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\L --> FOUND
    ¤¤¤ Driver: [LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    [ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD1500HLFS-01G6U1 +++++
    --- User ---
    [MBR] 678fb36e4caf6a8fa71efc20a237f614
    [BSP] ca219ac05ebb09a1bc0a122ff425176a : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
    --- User ---
    [MBR] a061607f1b9696b147b1345a19e5e04e
    [BSP] 492874cf5d5456c56773ee0158b5126f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  10. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-16 11:28:41
    -----------------------------
    11:28:41.778 OS Version: Windows 5.1.2600 Service Pack 3
    11:28:41.778 Number of processors: 4 586 0x403
    11:28:41.778 ComputerName: PMC-MAIN UserName: PMC
    11:28:43.247 Initialize success
    11:28:53.794 AVAST engine defs: 12081600
    11:28:58.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    11:28:58.903 Disk 0 Vendor: WDC_WD1500HLFS-01G6U1 04.04V02 Size: 143089MB BusType: 3
    11:28:58.950 Disk 0 MBR read successfully
    11:28:58.950 Disk 0 MBR scan
    11:28:58.981 Disk 0 Windows XP default MBR code
    11:28:58.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143078 MB offset 63
    11:28:59.012 Disk 0 scanning sectors +293025600
    11:28:59.090 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:29:07.919 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
    11:29:22.012 Disk 0 trace - called modules:
    11:29:22.028 ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0xba12b698]<<
    11:29:22.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a714ab8]
    11:29:22.028 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a5178f0]
    11:29:22.044 \Driver\00000504[0x8a570958] -> IRP_MJ_CREATE -> 0xba12b698
    11:29:22.481 AVAST engine scan C:\WINDOWS
    11:29:49.106 AVAST engine scan C:\WINDOWS\system32
    11:36:36.950 AVAST engine scan C:\WINDOWS\system32\drivers
    11:36:45.559 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
    11:37:16.575 AVAST engine scan C:\Documents and Settings\PMC
    12:19:28.184 AVAST engine scan C:\Documents and Settings\All Users
    12:25:48.793 Scan finished successfully
    12:26:19.575 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PMC\Desktop\MBR.dat"
    12:26:19.621 The log file has been saved successfully to "C:\Documents and Settings\PMC\Desktop\aswMBR.txt"
  11. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    Let me know. Thanks!
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  13. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/16/2012 02:20:50 PM in x86 mode.
    Windows Version: Windows XP
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks.
    * SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html
    * No issues found.
    Searching for Missing Digital Signatures:
    * No issues found.
    Restarting Explorer.exe in order to apply changes.
    Program finished at: 08/16/2012 02:21:39 PM
    Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)
     
  14. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    ComboFix 12-08-16.01 - PMC 08/16/2012 14:50:00.2.4 - x86
    Running from: c:\documents and settings\PMC\Desktop\ComboFix.exe
    * Created a new restore point
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 19:37 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
    2012-08-16 19:37 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-08-16 19:30 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
    2012-08-16 19:30 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-08-16 19:15 . 2012-08-16 19:15 -------- d-----w- c:\documents and settings\Administrator
    2012-08-16 15:28 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5BFD23A-9AF3-4409-990E-FC9BF9D281E3}\mpengine.dll
    2012-08-16 15:28 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-08-16 15:27 . 2012-08-16 15:27 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-16 14:39 . 2012-08-16 14:39 -------- d-----w- c:\documents and settings\PMC\Application Data\Malwarebytes
    2012-08-16 14:39 . 2012-08-16 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-08-16 14:39 . 2012-08-16 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-16 14:39 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-14 21:30 . 2012-08-14 21:30 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 21:30 . 2012-04-12 13:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-14 21:30 . 2011-05-21 14:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2007-05-15 20:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2010-09-06 00:49 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2010-09-06 00:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2010-09-06 00:49 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2010-09-06 00:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2010-09-06 00:49 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2010-09-06 00:49 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2010-09-06 00:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2010-09-21 16:15 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18 . 2010-09-21 16:15 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2010-09-21 16:15 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-19 20:40 . 2011-05-21 18:34 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2012-05-19 20:40 . 2011-11-02 22:56 775232 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2012-05-19 20:40 . 2010-10-18 22:30 614592 ----a-w- c:\windows\system32\drivers\timntr.sys
    2012-05-19 20:40 . 2011-11-02 22:56 126880 ----a-w- c:\windows\system32\drivers\vididr.sys
    2012-05-19 20:40 . 2012-05-19 20:40 86496 ----a-w- c:\windows\system32\drivers\vsflt67.sys
    2012-05-19 20:40 . 2011-05-21 18:34 177600 ----a-w- c:\windows\system32\drivers\snapman.sys
    2012-05-19 20:39 . 2011-11-02 22:56 80416 ----a-w- c:\windows\system32\drivers\fltsrv.sys
    2010-03-11 05:01 . 2010-03-11 05:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-03-11 05:40 . 2010-03-11 05:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-03-11 05:02 . 2010-03-11 05:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2010-03-11 05:01 . 2010-03-11 05:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-03-11 05:01 . 2010-03-11 05:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-03-11 05:00 . 2010-03-11 05:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-03-11 05:01 . 2010-03-11 05:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-03-11 05:01 . 2010-03-11 05:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2009-10-05 18:49 . 2009-10-05 18:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-03-11 05:02 . 2010-03-11 05:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2012-07-25 23:21 . 2011-08-26 14:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
    "Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2011-11-23 692307]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
    "NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2012-03-03 24576]
    "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-28 5955000]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-28 403112]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-28 1171304]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-04 2301816]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    UPS WorldShip Messaging Utility.lnk - [N/A]
    UPS WorldShip PLD Reminder Utility.lnk - [N/A]
    Windows Search.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2012-06-04 16:48 2301816 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-02-16 22:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [x]
    R3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [x]
    R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
    R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
    S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 MSSQL$ECC;SQL Server (ECC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
    S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [x]
    S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:30]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 14:55]
    .
    2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 14:55]
    .
    2012-08-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
    .
    2012-08-16 c:\windows\Tasks\User_Feed_Synchronization-{25379939-1042-4793-A89C-D5024206BA8D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7}: NameServer = 10.0.0.1
    FF - ProfilePath - c:\documents and settings\PMC\Application Data\Mozilla\Firefox\Profiles\z3p28s2o.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-16 14:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(988)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2012-08-16 14:53:23
    ComboFix-quarantined-files.txt 2012-08-16 19:53
    ComboFix2.txt 2012-08-16 19:46
    .
    Pre-Run: 94,829,580,288 bytes free
    Post-Run: 94,810,656,768 bytes free
    .
    - - End Of File - - 0B546F5084FCF2FFE2F3EAA34032F1AE
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    What are the current issues?

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Download following file: http://download.cnet.com/Windows-XP...Floppy-Boot-Install/3000-2383_4-10727796.html to your Desktop.

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    [​IMG]


    • Drag downloaded file onto ComboFix.exe and drop it.

    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]


    • At the next prompt, click 'Yes' to run the full ComboFix scan.

    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt.
  16. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    Im getting that the post is too long, I had to reinstall windows in the meantime, the computer kept hanging on the welcome screen. Here is the recent log.

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    What???
  18. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    When running combo fix, the system hung up for more than an hr, restarted and welcome screen did not load, sorry if I jumped the gun, let me know how to proceed, hopefully I did not eff it too bad
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    It's still not clear.
    You reinstalled Windows or you just restarted computer manually?
  20. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    If this will be an issue, I can do a restore from my Acronis back up. Let me know
  21. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    I reinstalled Windows XP PRO
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    We posted at the same time so please answer my question from my previous reply.
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    If you reinstalled Windows we have nothing to do here.
  24. Dan Skrlin

    Dan Skrlin Newcomer, in training Topic Starter Posts: 26

    Do not give up on me, I will recover the backup state, I will restart the process again, will this work? Sorry
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I'm not sure what you're saying.
    If you reinstalled Windows then all infection is gone.
    There is nothing to clean.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.