Inactive Ib.adnxs.com popup when going to Yahoo pages

[OmegaDar]

Hello and thank you in advance for any help that can be given.


My name is Darrin and I am an admin for a small company. I have one computer that has what I believe is the most stubborn adware on it (ib.adnxs.com popup). I have every computer protected with Symantec End Point Protection v11. when this problem came up I used my normal toolbox of problem solvers (Malwarebytes, adwcleaner, and superantispyware). All have failed to resolve this problem. please see pasted logs below.


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
rmm :: NEVADMIN3 [administrator]

9/12/2012 10:59:03 AM
mbam-log-2012-09-12 (10-59-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279545
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-12 11:15:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3808110AS rev.3.ADH
Running: vo1ydt0q.exe; Driver: C:\DOCUME~1\RMM\LOCALS~1\Temp\pgtyypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by rmm at 11:15:28 on 2012-09-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1278 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 192.168.1.12:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
mURLSearchHooks: MapQuest Toolbar Search Class: {2558d83c-097c-4cf1-9163-ce5ecc36ace2} - c:\program files\mapquest toolbar\mapquesttb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: MapQuest Toolbar Loader: {bd3fd433-147a-482e-a192-614f26e2310c} - c:\program files\mapquest toolbar\mapquesttb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: MapQuest Toolbar: {9302e698-7e00-43ab-b867-c6e759bc2ada} - c:\program files\mapquest toolbar\mapquesttb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\CwbSvStr.Exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347396157886
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1347396104837
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{F02707A3-FC7A-46D0-8D0C-E40BB2D8F12F} : NameServer = 192.168.1.12,216.174.194.53,216.174.194.54
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: MRCNotify - c:\windows\dwrcs\DWRCWXL.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rmm\application data\mozilla\firefox\profiles\nr6xg6b1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.ftp - 192.168.1.12
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 192.168.1.12
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 192.168.1.12
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.1.12
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.1.12
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\skyhook wireless\loki browser plugin\nploki.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2008-3-12 26624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-10 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-8-10 108392]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-9-11 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-9-11 1358360]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-11-8 1839776]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2008-3-13 3712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-23 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120911.034\NAVENG.SYS [2012-9-12 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120911.034\NAVEX15.SYS [2012-9-12 1601184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-10-28 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 114144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-11 22:45:16 208896 ----a-w- c:\windows\MBR.exe
2012-09-11 22:45:15 98816 ----a-w- c:\windows\sed.exe
2012-09-11 22:45:15 518144 ----a-w- c:\windows\SWREG.exe
2012-09-11 22:45:15 256000 ----a-w- c:\windows\PEV.exe
2012-09-11 20:43:31 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-09-11 20:17:39 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-11 20:17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-11 16:42:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-11 16:42:07 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-09-11 16:35:16 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-11 15:57:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-11 15:51:21 14664 ----a-w- c:\windows\stinger.sys
2012-09-11 15:50:34 -------- d-----w- c:\program files\stinger
2012-09-11 15:28:12 -------- d-----w- c:\documents and settings\rmm\local settings\application data\NPE
2012-09-11 15:28:12 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-09-11 15:27:39 -------- d-----w- c:\windows\pss
2012-09-05 16:46:51 -------- d-----w- c:\documents and settings\all users\application data\DameWare Development
2012-09-05 16:46:45 -------- d-----w- c:\windows\dwrcs
2012-08-31 15:46:00 -------- d-----w- c:\documents and settings\rmm\application data\SUPERAntiSpyware.com
2012-08-31 15:45:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-31 15:45:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-31 15:45:02 -------- d-----w- c:\documents and settings\rmm\application data\Malwarebytes
2012-08-31 15:44:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-31 15:44:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 15:44:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 14:00:40 103904 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-09-11 15:57:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-11 15:57:24 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-17 13:38:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 13:38:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:16:34.19 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/4/2006 2:54:12 PM
System Uptime: 9/12/2012 10:46:40 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RJ291
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 27.085 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetXtreme 57xx Gigabit Controller
Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetXtreme 57xx Gigabit Controller
PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_01AD1028&REV_01\4&117729E2&0&00E0
Service: b57w2k
.
==== System Restore Points ===================
.
RP1945: 7/3/2012 10:48:54 AM - System Checkpoint
RP1946: 7/4/2012 10:51:02 AM - System Checkpoint
RP1947: 7/5/2012 11:40:26 AM - System Checkpoint
RP1948: 7/6/2012 11:55:58 AM - System Checkpoint
RP1949: 7/7/2012 12:51:03 PM - System Checkpoint
RP1950: 7/8/2012 1:51:02 PM - System Checkpoint
RP1951: 7/9/2012 4:25:58 PM - System Checkpoint
RP1952: 7/10/2012 5:13:01 PM - System Checkpoint
RP1953: 7/11/2012 5:51:03 PM - System Checkpoint
RP1954: 7/12/2012 6:50:12 PM - System Checkpoint
RP1955: 7/13/2012 6:51:03 PM - System Checkpoint
RP1956: 7/14/2012 7:51:03 PM - System Checkpoint
RP1957: 7/15/2012 8:51:03 PM - System Checkpoint
RP1958: 7/16/2012 9:49:38 PM - System Checkpoint
RP1959: 7/17/2012 9:51:04 PM - System Checkpoint
RP1960: 7/18/2012 10:10:58 PM - System Checkpoint
RP1961: 7/19/2012 11:10:58 PM - System Checkpoint
RP1962: 7/21/2012 12:10:58 AM - System Checkpoint
RP1963: 7/22/2012 1:10:58 AM - System Checkpoint
RP1964: 7/23/2012 2:10:59 AM - System Checkpoint
RP1965: 7/24/2012 2:11:08 AM - System Checkpoint
RP1966: 7/25/2012 3:10:59 AM - System Checkpoint
RP1967: 7/26/2012 4:11:00 AM - System Checkpoint
RP1968: 7/27/2012 5:11:00 AM - System Checkpoint
RP1969: 7/28/2012 5:59:44 AM - System Checkpoint
RP1970: 7/29/2012 6:59:43 AM - System Checkpoint
RP1971: 7/30/2012 8:28:12 AM - System Checkpoint
RP1972: 7/31/2012 8:59:44 AM - System Checkpoint
RP1973: 8/1/2012 9:59:45 AM - System Checkpoint
RP1974: 8/2/2012 10:59:45 AM - System Checkpoint
RP1975: 8/3/2012 11:21:29 AM - System Checkpoint
RP1976: 8/4/2012 11:33:55 AM - System Checkpoint
RP1977: 8/5/2012 12:33:54 PM - System Checkpoint
RP1978: 8/6/2012 4:00:51 PM - System Checkpoint
RP1979: 8/7/2012 4:34:06 PM - System Checkpoint
RP1980: 8/8/2012 4:51:21 PM - System Checkpoint
RP1981: 8/9/2012 5:47:06 PM - System Checkpoint
RP1982: 8/10/2012 6:33:56 PM - System Checkpoint
RP1983: 8/11/2012 7:33:57 PM - System Checkpoint
RP1984: 8/12/2012 8:33:56 PM - System Checkpoint
RP1985: 8/13/2012 9:34:02 PM - System Checkpoint
RP1986: 8/14/2012 10:33:57 PM - System Checkpoint
RP1987: 8/15/2012 11:33:57 PM - System Checkpoint
RP1988: 8/17/2012 12:33:58 AM - System Checkpoint
RP1989: 8/18/2012 1:33:57 AM - System Checkpoint
RP1990: 8/19/2012 2:33:56 AM - System Checkpoint
RP1991: 8/20/2012 3:33:57 AM - System Checkpoint
RP1992: 8/21/2012 4:34:22 AM - System Checkpoint
RP1993: 8/22/2012 5:33:57 AM - System Checkpoint
RP1994: 8/23/2012 6:33:58 AM - System Checkpoint
RP1995: 8/24/2012 7:08:38 AM - System Checkpoint
RP1996: 8/25/2012 8:01:36 AM - System Checkpoint
RP1997: 8/26/2012 9:01:35 AM - System Checkpoint
RP1998: 8/27/2012 9:32:27 AM - System Checkpoint
RP1999: 8/28/2012 10:14:16 AM - System Checkpoint
RP2000: 8/29/2012 10:32:16 AM - System Checkpoint
RP2001: 8/30/2012 10:50:18 AM - System Checkpoint
RP2002: 8/31/2012 9:03:13 AM - Removed MSN Toolbar
RP2003: 9/1/2012 9:32:50 AM - System Checkpoint
RP2004: 9/2/2012 10:32:50 AM - System Checkpoint
RP2005: 9/3/2012 11:32:50 AM - System Checkpoint
RP2006: 9/4/2012 12:32:53 PM - System Checkpoint
RP2007: 9/5/2012 1:17:11 PM - System Checkpoint
RP2008: 9/6/2012 2:17:12 PM - System Checkpoint
RP2009: 9/7/2012 3:44:46 PM - System Checkpoint
RP2010: 9/8/2012 4:17:14 PM - System Checkpoint
RP2011: 9/9/2012 5:17:16 PM - System Checkpoint
RP2012: 9/10/2012 5:54:40 PM - System Checkpoint
RP2013: 9/11/2012 8:44:23 AM - Norton_Power_Eraser_20120911084417250
RP2014: 9/11/2012 8:56:10 AM - Removed Java(TM) 6 Update 12
RP2015: 9/11/2012 8:57:10 AM - Installed Java(TM) 6 Update 35
RP2016: 9/11/2012 9:20:59 AM - Removed Avery Toolbar.
RP2017: 9/11/2012 11:23:38 AM - Removed Microsoft IntelliType Pro 5.2
RP2018: 9/11/2012 11:24:18 AM - Removed Microsoft IntelliPoint 5.2
.
==== Installed Programs ======================
.
5000 Series
Acrobat.com
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AOL Coach Version 1.0(Build:20030807.3)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 3.1
AxCrypt 1.7.2126.0
Baxter Stationery
Bonjour
Broadcom Advanced Control Suite
Brother MFL-Pro Suite
Compatibility Pack for the 2007 Office system
CP Email Reporting Security
Dark River Stationery
DesignPro 5.4 Limited Edition
eReg
ERI's Relocation Assessor
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.1.0.880
H&R Block Deluxe + Efile 2009
H&R Block Deluxe + Efile 2010
H&R Block Deluxe + Efile 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5550 series (Remove only)
hp print screen utility
HP Update
HumanConcepts OrgPlus 5
HumanConcepts OrgPlus 6
HumanConcepts OrgPlus 6 Plugin
HumanConcepts OrgPlus 6 Reader
HumanConcepts OrgPlus 7
HumanConcepts OrgPlus 7 Plug-in
HumanConcepts OrgViewer 5
IBM AS/400 Client Access Express for Windows
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 35
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
LiveUpdate 3.3 (Symantec Corporation)
Logitech MouseWare 9.70
Logitech Resource Center
Logitech SetPoint 6.0
Loki ActiveX Control
Loki Browser Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
MapQuest Toolbar
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Excel Version 2002 Inside Out eBook
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2008
Microsoft Office Accounting 2008 Equifax Addin
Microsoft Office Accounting 2008 Fixed Asset Manager
Microsoft Office Accounting 2008 PayPal Addin
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel 2007 Get Started Tab
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint 2007 Get Started Tab
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Sounds
Microsoft Office Word 2007 Get Started Tab
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 6-9 Converter
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Norton Security Scan
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
PaperPort Image Printer
PowerDVD
QuickTime
RealPlayer Basic
SA31xx Device Manager & Media Converter
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Snagit 11
Spybot - Search & Destroy
Super Dashboard and Builder Demo v1.0
SUPERAntiSpyware
Symantec Endpoint Protection
TaxCut Premium + Efile 2008
TFP for 2006
TFP for 2007
TFP for 2008
TFP for 2009
TFP for 2010
TFP for 2011
The Print Shop® Zoom
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (MXO)
Wallpaper Stationery
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinZip 14.5
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
9/5/2012 9:14:44 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2012 9:14:44 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
9/5/2012 9:14:44 AM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/12/2012 7:56:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/12/2012 11:14:21 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
9/11/2012 8:49:11 AM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 5:21:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm SASDIFSV SASKUTIL SRTSP SRTSPX SYMTDI
9/11/2012 5:20:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/11/2012 4:01:19 PM, error: NETLOGON [5719] - No Domain Controller is available for domain KATV due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
9/11/2012 3:59:37 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 3:58:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 3:48:05 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR310\0000 disappeared from the system without first being prepared for removal.
9/11/2012 11:28:25 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/11/2012 11:28:25 AM, error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

Again, thank you for any help you can provide.

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[OmegaDar]

# AdwCleaner v2.001 - Logfile created 09/12/2012 at 15:34:34
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : rmm - NEVADMIN3
# Boot Mode : Normal
# Running from : F:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\RMM\Application Data\Mozilla\Firefox\Profiles\nr6xg6b1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\RMM\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4596 octets] - [12/09/2012 10:44:21]
AdwCleaner[S1].txt - [5141 octets] - [12/09/2012 10:45:23]
AdwCleaner[R2].txt - [991 octets] - [12/09/2012 15:34:34]

########## EOF - C:\AdwCleaner[R2].txt - [1050 octets] ##########

 

[Jay Pfoutz]

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
• Double click aswMBR.exe to run it
• Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review

 

[OmegaDar]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-13 08:29:17
-----------------------------
08:29:17.056 OS Version: Windows 5.1.2600 Service Pack 3
08:29:17.056 Number of processors: 2 586 0x409
08:29:17.056 ComputerName: NEVADMIN3 UserName: rmm
08:29:17.978 Initialize success
08:29:33.869 AVAST engine download error: 0
08:29:56.994 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
08:29:56.994 Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
08:29:57.025 Disk 0 MBR read successfully
08:29:57.025 Disk 0 MBR scan
08:29:57.025 Disk 0 Windows XP default MBR code
08:29:57.025 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:29:57.025 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
08:29:57.041 Disk 0 scanning sectors +156232125
08:29:57.119 Disk 0 scanning C:\WINDOWS\system32\drivers
08:30:04.838 Service scanning
08:30:15.369 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
08:30:15.463 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
08:30:17.057 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
08:30:17.463 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
08:30:18.197 Modules scanning
08:30:23.400 Disk 0 trace - called modules:
08:30:23.416 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:30:23.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a558ab8]
08:30:23.432 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a5b7b00]
08:30:23.432 Scan finished successfully
08:30:58.104 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
08:30:58.104 The log file has been saved successfully to "F:\aswMBR.txt"

 

[Jay Pfoutz]

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
• Once it has installed, review and accept the agreement and press the Start button.
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
• Once you exit, the tool should uninstall automatically.

 

[OmegaDar]

I have downloaded the Kaspersky Virus Removal Tool and it is running. I will post the results when it has completed.

 

[Jay Pfoutz]

Okay. Let me know the results, please.

 

[Jay Pfoutz]

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

 

[Jay Pfoutz]

Hi! This is the last check-in for you. Please update us on your situation here. We'd love to help!