TechSpot

Smart Defragmenter, et al- Mbam log - Can Bobbye or someone help?

Solved
By mb2cotter
Oct 31, 2010
  1. I managed to get a bunch of viruses on my PC, including a Google redirect virus and Smart Defragmenter. I used Norton to clean off a bunch of them, but I still had Smart Defragmenter and wasn't sure if there was still some other stuff.

    I saw this post (http://www.techspot.com/vb/topic155794.html) with a response by Bobbye that I followed to deal with Smart Defragmenter. I downloaded Rkill, exeHelper and Malwarebytes and transferred them to my PC with a USB stick since internet exploerer wasn't working. Malwarebytes said it found 12 items and I followed the directions to remove them and then restarted the PC. After reboot, the desktop icons installed by the Smart Defrag virus and the fake warnings were gone. However, internet explorer is still acting weird. I don't know if there's still some viruses left over.

    Attached is the mbam log.

    Anyone know what I should do next?

    Thanks for the help.
     

    Attached Files:

  2. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Okily dokily. I was just trying internet explorer and checking my internet connection on the PC (my laptop is connected via WiFi to the smae router my PC is hooked up to via cable) and In got the blue screen of death.

    I guess I'll leave the blue screen up to taunt me until I get some advice on what to do next.

    Thanks.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot. While some removals may have standard directions, help to given to the person who started the thread. It is meant for that person-only-and should not be followed by anyone else.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply . You don't need to rerun Mbam again.

    It also might help you to go to the Event Viewer and see if there is any Error that corresponds to the time you got the BSOD> Errors
    Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Error>
    [3] .Right click on the Error> Properties>
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  4. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Thanks for the info. So, my blue screen is still up. Should I restart in safe mode or just a regular start up?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Try a normal start. Reboot and see if the BSOD is still there.
     
  6. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    I attached the mbam log above. Here's the GMER log:

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-31 16:23:03
    Windows 5.1.2600 Service Pack 3
    Running: qxhi09iu.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uftdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8997EB18 ZwAlertResumeThread
    SSDT 898BF3B8 ZwAlertThread
    SSDT 89953D10 ZwAllocateVirtualMemory
    SSDT 8986DAD8 ZwAssignProcessToJobObject
    SSDT 89AE8D80 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xACC1D720]
    SSDT 89A3C520 ZwCreateMutant
    SSDT 89829D98 ZwCreateSymbolicLinkObject
    SSDT 899C9468 ZwCreateThread
    SSDT 89896AB8 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xACC1D9A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xACC1DF00]
    SSDT 89C4C758 ZwDuplicateObject
    SSDT 8994B360 ZwFreeVirtualMemory
    SSDT 898A6CE8 ZwImpersonateAnonymousToken
    SSDT 898A6DA8 ZwImpersonateThread
    SSDT 8982D108 ZwLoadDriver
    SSDT 8995BAE8 ZwMapViewOfSection
    SSDT 89984328 ZwOpenEvent
    SSDT 89C18B60 ZwOpenProcess
    SSDT 89992508 ZwOpenProcessToken
    SSDT 8989FBD0 ZwOpenSection
    SSDT 89A268A0 ZwOpenThread
    SSDT 898283A8 ZwProtectVirtualMemory
    SSDT 8986AA00 ZwResumeThread
    SSDT 895E2268 ZwSetContextThread
    SSDT 8997CF38 ZwSetInformationProcess
    SSDT 8989A600 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xACC1E150]
    SSDT 8987BAB8 ZwSuspendProcess
    SSDT 89ABC248 ZwSuspendThread
    SSDT 8990C3B8 ZwTerminateProcess
    SSDT 89A4F468 ZwTerminateThread
    SSDT 898FA970 ZwUnmapViewOfSection
    SSDT 8990D360 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 4 Bytes CALL C0D9D055
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D94 80504630 4 Bytes CALL 9CD9DBEF
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xAF78D360, 0x20FDBD, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
    Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
  7. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's DDS.log:

    DDS (Ver_10-10-31.01) - NTFSx86
    Run by Mike at 16:37:37.39 on Sun 10/31/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1396 [GMT -6:00]

    AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MozyHome\mozystat.exe
    svchost.exe
    C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Prime95\prime95.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Actiontec\BroadBand\gwconfig.exe
    C:\WINDOWS\system32\wscntfy.exe
    J:\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyServer = http=127.0.0.1:50370
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
    uRun: [Start WingMan Profiler]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    mRun: [NWEReboot]
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    dRunOnce: [RunNarrator] Narrator.exe
    dRunOnce: [<NO NAME>]
    mExplorerRun: [<NO NAME>] 1 (0x1)
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\windows\system32\cwalsp.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: mylabbill.com\www
    Trusted Zone: remititonline.com
    Trusted Zone: turbotax.com
    Trusted Zone: musicmatch.com\online
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/29.51/uploader2.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.21.13/ttinst.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {69C47182-A893-484C-B37A-A189215F0D6E} = 205.171.3.65,205.171.2.65
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-30 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-30 666672]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31 692272]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-30 134704]
    R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2010-2-10 2100544]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-30 126904]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-15 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-30 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101028.001\IDSXpx86.sys [2010-10-19 341880]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101030.003\naveng.sys [2010-10-30 86064]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101030.003\navex15.sys [2010-10-30 1371184]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
    S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-7-13 29522]
    S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-12-28 727908]
    S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-12-28 44928]

    =============== Created Last 30 ================

    2010-10-31 03:39:33 -------- d-----w- c:\docume~1\mike\applic~1\Malwarebytes
    2010-10-31 03:39:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-31 03:39:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-31 03:39:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-31 03:39:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-30 22:49:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-10-30 22:49:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-10-30 22:49:37 -------- d-----w- c:\program files\Symantec
    2010-10-30 22:49:37 -------- d-----w- c:\program files\common files\Symantec Shared
    2010-10-30 22:49:22 369072 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdi.sys
    2010-10-30 22:49:22 331312 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys
    2010-10-30 22:49:22 294448 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symnets.sys
    2010-10-30 22:49:21 666672 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys
    2010-10-30 22:49:21 50096 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtspx.sys
    2010-10-30 22:49:21 489008 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtsp.sys
    2010-10-30 22:49:21 339504 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymDS.sys
    2010-10-30 22:49:21 134704 ----a-r- c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys
    2010-10-30 22:48:59 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025
    2010-10-30 22:48:59 -------- d-----w- c:\windows\system32\drivers\NAV
    2010-10-30 22:48:58 -------- d-----w- c:\program files\Norton AntiVirus
    2010-10-30 22:14:18 -------- d-----w- c:\program files\NortonInstaller
    2010-10-30 22:14:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-10-30 21:07:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-10-28 14:42:52 16896 ----a-w- c:\windows\system32\grwinsthlp.exe
    2010-10-28 01:53:44 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-28 01:53:44 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-28 01:53:44 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-28 01:52:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-08 02:48:33 -------- d-----w- C:\Laptop files
    2010-10-02 00:06:25 1409 ----a-w- c:\windows\QTFont.for

    ==================== Find3M ====================

    2010-09-26 01:43:03 60416 ----a-w- c:\windows\system32\rbap350.dll
    2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 16:38:57.32 ===============
     
  8. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the attach.txt log:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-31.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/21/2006 6:19:41 PM
    System Uptime: 10/31/2010 4:24:56 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0FJ030
    Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 228 GiB total, 181.94 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
    Description: Generic Flash Disk USB Device
    Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\3147928453A18069D534&0
    Manufacturer: (Standard disk drives)
    Name: Generic Flash Disk USB Device
    PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\3147928453A18069D534&0
    Service:

    ==== System Restore Points ===================

    RP1241: 8/2/2010 12:14:01 AM - System Checkpoint
    RP1242: 8/3/2010 1:14:02 AM - System Checkpoint
    RP1243: 8/4/2010 2:14:03 AM - System Checkpoint
    RP1244: 8/5/2010 3:14:03 AM - System Checkpoint
    RP1245: 8/6/2010 4:14:04 AM - System Checkpoint
    RP1246: 8/7/2010 5:14:04 AM - System Checkpoint
    RP1247: 8/8/2010 5:22:44 AM - System Checkpoint
    RP1248: 8/9/2010 6:22:32 AM - System Checkpoint
    RP1249: 8/10/2010 7:22:27 AM - System Checkpoint
    RP1250: 8/11/2010 8:22:23 AM - System Checkpoint
    RP1251: 8/12/2010 9:31:53 AM - System Checkpoint
    RP1252: 8/13/2010 9:59:57 AM - System Checkpoint
    RP1253: 8/14/2010 10:24:09 AM - System Checkpoint
    RP1254: 8/15/2010 11:22:06 AM - System Checkpoint
    RP1255: 8/16/2010 12:22:07 PM - System Checkpoint
    RP1256: 8/17/2010 12:27:04 PM - System Checkpoint
    RP1257: 8/19/2010 8:18:33 AM - System Checkpoint
    RP1258: 8/20/2010 8:35:38 AM - System Checkpoint
    RP1259: 8/21/2010 9:35:25 AM - System Checkpoint
    RP1260: 8/22/2010 11:03:52 AM - System Checkpoint
    RP1261: 8/23/2010 11:20:57 AM - System Checkpoint
    RP1262: 8/24/2010 12:15:33 PM - System Checkpoint
    RP1263: 8/25/2010 1:15:33 PM - System Checkpoint
    RP1264: 8/26/2010 1:56:12 PM - System Checkpoint
    RP1265: 8/27/2010 2:34:34 PM - System Checkpoint
    RP1266: 8/28/2010 3:24:07 PM - System Checkpoint
    RP1267: 8/29/2010 3:31:22 PM - System Checkpoint
    RP1268: 8/30/2010 4:22:30 PM - System Checkpoint
    RP1269: 8/31/2010 4:31:16 PM - System Checkpoint
    RP1270: 9/1/2010 4:47:36 PM - System Checkpoint
    RP1271: 9/2/2010 5:23:46 PM - System Checkpoint
    RP1272: 9/3/2010 5:34:58 PM - System Checkpoint
    RP1273: 9/4/2010 6:53:19 PM - System Checkpoint
    RP1274: 9/5/2010 7:48:35 PM - System Checkpoint
    RP1275: 9/6/2010 7:59:57 PM - System Checkpoint
    RP1276: 9/7/2010 8:23:19 PM - System Checkpoint
    RP1277: 9/8/2010 8:55:45 PM - System Checkpoint
    RP1278: 9/9/2010 9:24:54 PM - System Checkpoint
    RP1279: 9/10/2010 9:50:53 PM - System Checkpoint
    RP1280: 9/11/2010 10:50:47 PM - System Checkpoint
    RP1281: 9/13/2010 7:26:06 AM - System Checkpoint
    RP1282: 9/14/2010 8:56:34 AM - System Checkpoint
    RP1283: 9/15/2010 9:02:42 AM - System Checkpoint
    RP1284: 9/16/2010 9:28:16 AM - System Checkpoint
    RP1285: 9/16/2010 11:00:53 AM - Software Distribution Service 3.0
    RP1286: 9/17/2010 11:16:06 AM - System Checkpoint
    RP1287: 9/17/2010 8:40:07 PM - Software Distribution Service 3.0
    RP1288: 9/18/2010 9:44:56 PM - System Checkpoint
    RP1289: 9/19/2010 10:41:54 PM - System Checkpoint
    RP1290: 9/21/2010 7:10:59 AM - System Checkpoint
    RP1291: 9/22/2010 7:15:50 AM - System Checkpoint
    RP1292: 9/23/2010 7:40:09 AM - System Checkpoint
    RP1293: 9/24/2010 9:08:19 AM - System Checkpoint
    RP1294: 9/25/2010 9:21:15 AM - System Checkpoint
    RP1295: 9/26/2010 10:27:22 AM - System Checkpoint
    RP1296: 9/27/2010 11:55:27 AM - System Checkpoint
    RP1297: 9/28/2010 12:25:30 PM - System Checkpoint
    RP1298: 9/29/2010 12:52:22 PM - System Checkpoint
    RP1299: 9/30/2010 1:11:39 PM - System Checkpoint
    RP1300: 10/1/2010 2:06:32 PM - System Checkpoint
    RP1301: 10/2/2010 3:45:31 PM - System Checkpoint
    RP1302: 10/3/2010 4:06:28 PM - System Checkpoint
    RP1303: 10/4/2010 5:06:28 PM - System Checkpoint
    RP1304: 10/5/2010 5:51:51 PM - System Checkpoint
    RP1305: 10/6/2010 6:24:24 PM - System Checkpoint
    RP1306: 10/7/2010 6:49:32 PM - System Checkpoint
    RP1307: 10/7/2010 9:20:39 PM - Installed Microsoft Fix it 50393
    RP1308: 10/8/2010 9:28:19 PM - System Checkpoint
    RP1309: 10/9/2010 9:42:00 PM - System Checkpoint
    RP1310: 10/11/2010 8:03:29 AM - System Checkpoint
    RP1311: 10/12/2010 10:27:34 AM - System Checkpoint
    RP1312: 10/13/2010 11:27:44 AM - System Checkpoint
    RP1313: 10/14/2010 12:27:12 PM - System Checkpoint
    RP1314: 10/15/2010 12:32:34 PM - System Checkpoint
    RP1315: 10/16/2010 12:52:02 PM - System Checkpoint
    RP1316: 10/17/2010 12:52:25 PM - System Checkpoint
    RP1317: 10/18/2010 1:50:29 PM - System Checkpoint
    RP1318: 10/19/2010 2:30:44 PM - System Checkpoint
    RP1319: 10/20/2010 2:35:11 PM - System Checkpoint
    RP1320: 10/21/2010 2:48:04 PM - System Checkpoint
    RP1321: 10/22/2010 3:37:09 PM - System Checkpoint
    RP1322: 10/23/2010 3:54:24 PM - System Checkpoint
    RP1323: 10/24/2010 4:29:19 PM - System Checkpoint
    RP1324: 10/25/2010 5:29:09 PM - System Checkpoint
    RP1325: 10/26/2010 7:44:39 PM - System Checkpoint
    RP1326: 10/27/2010 8:53:33 PM - System Checkpoint
    RP1327: 10/28/2010 12:37:57 PM - Software Distribution Service 3.0
    RP1328: 10/30/2010 3:08:41 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================


    913D Camera
    Actiontec Gateway/Router
    Ad-Aware SE Personal
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 6.0
    Adobe Reader 6.0.1
    Adobe Shockwave Player
    Adobe SVG Viewer
    America Online (Choose which version to remove)
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    Atomic Clock Sync
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 2
    Canon i960
    Canon Utilities Easy-PhotoPrint
    Chessmaster 8000
    Compatibility Pack for the 2007 Office system
    CompuServe 3.0.1
    Conexant D850 56K V.9x DFVc Modem
    Corel Photo Album 6
    Critical Update for Windows Media Player 11 (KB959772)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    Dell System Restore
    DellSupport
    Digital Content Portal
    Digital Line Detect
    Diner Dash
    Disney Pirates of the Caribbean Online
    Documentation & Support Launcher
    Drivers Install For Linksys Easylink Advisor
    DVD Shrink 3.2
    EarthLink setup files
    EducateU
    ELIcon
    ESPNMotion
    FileZilla (remove only)
    Final Drive Nitro
    Games, Music, & Photos Launcher
    GemMaster Mystic
    Get High Speed Internet!
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Helix Xiph Plugins 0.7
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    hp photosmart P1000 series
    Image Transfer
    ImageMixer for Sony
    Intel Matrix Storage Manager
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    Intel(R) Quick Resume Technology Drivers
    Intel® Viiv™
    Internet Service Offers Launcher
    iPod for Windows 2006-03-23
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Keyspan USB Serial Adapter
    KODAK EASYSHARE Gallery Upload ActiveX Control
    Learn2 Player (Uninstall Only)
    LG USB Drivers
    Linksys EasyLink Advisor 1.6 (0032)
    Malwarebytes' Anti-Malware
    McAfee Uninstaller
    MCU
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Fighter Ace II
    Microsoft Flight Simulator 2002
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Small Business Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    MicroStaff WINASPI
    Modem Helper
    Move Networks Media Player for Internet Explorer
    Move Networks Player for Internet Explorer
    MozyHome Remote Backup
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    Nancy Drew: Message in a Haunted Mansion
    Nero 7 Essentials
    neroxml
    Net Nanny Parental Controls
    NetWaiting
    NetZeroInstallers
    Norton AntiVirus
    NVIDIA Drivers
    Octoshape add-in for Adobe Flash Player
    oggcodecs 0.71.0946
    OLYMPUS CAMEDIA Master 2.5
    Otto
    Picasa 2
    Polar Bowler
    Polar Golfer
    Prime95
    Quick Hit - Football
    Quicken 2008
    QuickTime
    RealPlayer
    RegiStax 5.1
    RegiStax Version 4
    Roll
    RollerCoaster Tycoon 3 Demo
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    RPADLL
    SCRABBLE
    Search Assist
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SkyMap Pro 11
    Skype Toolbars
    Skype™ 4.2
    Sonic Activation Module
    Sonic Encoders
    Sonic Update Manager
    Sony USB Driver
    Spider-Man Photo Lab
    TurboTax 2008
    TurboTax 2008 wcoiper
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 wcoiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TurboTax Deluxe 2005
    TurboTax Deluxe 2007
    TurboTax Deluxe Deduction Maximizer 2006
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    URL Assistant
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    Weather Display 10.37N
    Weather Display Live 5.01
    WeatherLink 5.7
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WexTech AnswerWorks
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WingMan Software
    WordPerfect Office 12
    Yahoo! Browser Services
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Photos Easy Upload Tool 1v7
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Intel® Quick Resume Technology Drivers service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    10/31/2010 12:29:03 PM, error: Service Control Manager [7031] - The ContentWatch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    10/31/2010 12:29:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/30/2010 6:54:34 PM, error: Service Control Manager [7034] - The Prime95 Service service terminated unexpectedly. It has done this 1 time(s).
    10/30/2010 10:33:51 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
    10/28/2010 3:59:14 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000f1d, parameter2 00000002, parameter3 00000000, parameter4 a8e0fd9c.
    10/28/2010 3:59:10 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000f1d, parameter2 00000002, parameter3 00000000, parameter4 a94ded9c.
    10/28/2010 3:59:01 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000f1d, parameter2 00000002, parameter3 00000000, parameter4 a6f0dd9c.
    10/28/2010 3:57:58 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 a70322d0.

    ==== End Of File ===========================
     
  9. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    I wasn't exactly sure of the time the BSOD appeared, but I think these were from around then:

    System Log:

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7022
    Date: 10/30/2010
    Time: 10:33:51 PM
    User: N/A
    Computer: COTTER
    Description:
    The Intel® Quick Resume Technology Drivers service hung on starting.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



    Application Log:

    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 10/30/2010
    Time: 10:28:09 PM
    User: N/A
    Computer: COTTER
    Description:
    Faulting application explorer.exe, version 6.0.2900.5512, faulting module msonsext.dll, version 11.0.5510.0, fault address 0x000534d5.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 65 78 70 ure exp
    0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
    0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
    0028: 30 30 2e 35 35 31 32 20 00.5512
    0030: 69 6e 20 6d 73 6f 6e 73 in msons
    0038: 65 78 74 2e 64 6c 6c 20 ext.dll
    0040: 31 31 2e 30 2e 35 35 31 11.0.551
    0048: 30 2e 30 20 61 74 20 6f 0.0 at o
    0050: 66 66 73 65 74 20 30 30 ffset 00
    0058: 30 35 33 34 64 35 0d 0a 0534d5..
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

  11. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Lovely. I didn't know that was possible.

    Is there anything I can do for that?

    Thanks for the help. I appreciate it.
     
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you're referring to my network message, that was more a reminder for me. I did a cross-ref for Broni also. Since two different people are working on 2 different systems at the same time, possibly for the same problem, if these systems are networked and/or a USB has been used between the computers, then both Broni and I need to be aware.

    When you rebooted the computer, did the BSOD come up again or was it just that once. There's no sense in chasing the Events if it's gone!
     
  13. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    It didn't come back when I rebooted.
     
  14. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Here's the log that I attached in the first post. I believe I've posted all of the logs that you requested:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5004

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/30/2010 9:57:59 PM
    mbam-log-2010-10-30 (21-57-59).txt

    Scan type: Quick scan
    Objects scanned: 157752
    Time elapsed: 13 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 3
    Folders Infected: 1
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsp2up.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Mike\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\Cowabanga (Adware.PurityScan) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Mike\Local Settings\Temp\winsp2up.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Program Files\Cowabanga\Cowabanga.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\Program Files\Cowabanga\License.txt (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\Program Files\Cowabanga\uninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mike\Local Settings\Temp\winsp2upd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Mike\Local Settings\Temp\0.9515272974060676.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
     
  15. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Just wondering what I should do next.
    Thanks for the help.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run the following scans:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===================================
    And there will most likely be Registry entries related to the Adware.PurityScan I need to remove, so
    please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    I thought I had already put these in for you to run- sorry, don't know where they went!
     
  17. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    This thing is messed up.

    I thought my internet connection on that computer was screwed up (IE hadn't worked ever since the viruses showed up) so I ran combofix first, not realizing that it would try to connect to the internet. However, it successfully updated and downloaded the Recovery Center. Therefore, it's only Internet Explorer that still does not allow me to access the internet, so I can't run ESET.

    When I type in a URL, IE turns the URL into this long URL, which continues to grow every time it refreshes, which it keeps doing automatically:
    http://www.google.com/hws/dell-usuk...hannel=us&s=http://www.eset.eu/online-scanner


    I ran combofix and my computer froze the first time.
    The second time I got BSOD after at least 5 stages.
    I tried a 3rd time and got BSOD again.

    This is the error message from eventvwr that i got from the first BSOD:

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7034
    Date: 11/3/2010
    Time: 9:05:43 PM
    User: N/A
    Computer: COTTER
    Description:
    The Prime95 Service service terminated unexpectedly. It has done this 1 time(s).

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    After that error, I uninstalled Prime95 (a program I've had for years on multiple computers). This is the error message from eventvwr that I got from the second BSOD, after I uninstalled Prime95:

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Date: 11/3/2010
    Time: 9:27:15 PM
    User: N/A
    Computer: COTTER
    Description:
    The Prime95 Service service failed to start due to the following error:
    The system cannot find the file specified.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    The force is strong with this virus.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Before you do the following in Combofix:
    [4]. Double click combofix.exe & follow the prompts to run.
    Right click on the combofix.exe file> Rename> change file name to cotterfix.exe
    Then try the scan again.

    As for the IE problem, IE can be reset.

    About Prime95: Some PC users and overclockers use it as a stability testing utility. It includes a "Torture Test" mode designed specifically for testing PC subsystems for errors in order to help ensure the correct operation of Prime95 on that system, which effectively stress-tests a PC..

    You do not need this running now. It sounds like you uninstalled it, but the entry remained on the Startup menu. So you need to uncheck it there. I don't know what cause the initial BSOD but there is only one Error Event for Prime35, on date 10/30/2010 6:54:34 PM. One BSOD is not enough to require an uninstall. Please don't do anything else unless I instruct you to.
     
  19. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    I'll do the combofix change when I get home tonight.

    I should have mentioned that I looked in the startup menu (I believe you're talking about the programs listed under msconfig) to uncheck Prime95, but it was not listed there. There were a couple of boxes that were checked that had no program or other info listed next to them, so I left them alone.
     
  20. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    I used autoruns and found Prime95. I unchecked it. I renamed combofix as you instructed. I turned off Norton Antivirus. I ran the renamed combofix and . . . got BSOD.

    I went to eventvwr and there was no Error listed anywhere for today.

    I rebooted the computer and tried again. Same thing - BSOD. I rebooted and went to eventvwr and there still was no error listed.

    Any ideas?

    Thanks for the help.
     
  21. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Do you think this BSOD problem is going to be fixable?

    Thanks for the help.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am not very familiar with overclocking. But in view of the following from Wiki, I would suggest you back off of the overclocking:
    Moreover, a large proportion of system overclockers and enthusiasts favor Prime95 over other benchmarking suites because Prime95 pushes the CPU's floating point units extremely hard, causing the CPU to become extremely hot..

    Do you see any entry for GIMPS on the Startup menu? IF so, uncheck that.

    Let's remove the cleaning tools as I don't think this is a malware issue now:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    I'd like you to start a new thread in the Overclocking, Cooling and Modding forum HERE.

    Mention that you have been here for help, but the BSODs continue, possibly related to Prime 95. there will be members more familiar with the overclocking there. If you still have issues that you think are malware related after resolving the BSOD, come back here and see if you can get Combofix to run.
     
  23. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Hi Bobbye. Route 44 told me to post the following back over here. Any advice? I did the uninstall of combofix before I posted over there.

    Route 44:
    Two drivers were cited as the probable cause for your BSODs:

    1) catchme.sys which is a legitimate rootkit detection driver and is part of Combofix.

    2) mbr.sys driver which is related to the MBR rootkit detection software

    Catchme.sys is a legitimate rootkit detection tool used by several programs, including ComboFix. It is not malware, and will not cause you any harm if you leave it on your PC. Having said that, it's also not especially useful to you if you PC is clean, and will really only sit around taking up space, there's no need to keep it. Feel free to delete it if you wish, but know that it is not malware so you need not be concerned.

    However, it is coming up as one of the causes of your system crashes. Post back to your thread with Bobbye and report that Route44 read the five latest minidumps and these two drivers were cited as probable cause. Then we'll take it from there after any advice/insight is given.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Hey, isn't teamwork great! Thank you Route 66> for covering my lack of insight into minidumps!

    Please download MBR Rootkit Detector and save it on your desktop.
    • Pause/Stop all antivirus/spyware active protection.
    • Then double click on mbr.exe to run it.
    • Select Run when you receive a Security Warning
    • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
    • A log file will the be created on your desktop where you ran mbr.exe
    • Copy and paste the contents of mbr.log on your next reply.
    ============================
     
  25. mb2cotter

    mb2cotter TS Rookie Topic Starter Posts: 49

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: ST325082 rev.3.AD -> \Device\Ide\IAAStorageDevice-0

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.