XP, malware blocks System Restore, most installs (logs included)

Inactive
By njfworld
Feb 3, 2012
Topic Status:
Not open for further replies.
  1. Hi, for weeks I have been assaulted with malware that prevents me from installing almost anything (says I don't have admin access on my laptop, even though I am only user). Maybe picked something up from a suspect torrent or something. Any ideas? Here are the logs:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.03.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Nicholas :: NF_LAPTOP [administrator]

    03/02/2012 5:12:57 PM
    mbam-log-2012-02-03 (17-12-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 192415
    Time elapsed: 5 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 5
    HKCU\SOFTWARE\3ETECE6I8G (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\HJRUDZ5DT2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ----------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-03 23:11:35
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-75LAT0 rev.02.06M02
    Running: ept890fy.exe; Driver: C:\DOCUME~1\Nicholas\LOCALS~1\Temp\uxlyypob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1800] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2396] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2704] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25464E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5397 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52C9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5334 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E519A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E51FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E53FA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E525E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3724] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E56FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[1800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2704] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \FileSystem\Fastfat \Fat A6289D20
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----

    --------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Nicholas at 23:16:04 on 2012-02-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.955 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/forgotPassword.asp?affid=105-79&langid=1&close=true&RW=1
    uInternet Settings,ProxyServer = ott-serv-vpn:8080
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\windows\system32\iavlsp.dll
    Trusted Zone: inalco.com\rave01
    Trusted Zone: lexitech.ca\pats
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://rave01.inalco.com/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{249A969F-BDA5-4035-B500-D55A858CEABB} : NameServer = 76.66.246.225,8.8.8.8
    TCP: Interfaces\{249A969F-BDA5-4035-B500-D55A858CEABB} : DhcpNameServer = 192.168.0.1
    Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\759\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2011-9-15 147416]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-21 27632]
    S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2012-1-27 722616]
    S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-3-7 73728]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-3-21 13224]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-9-17 30192]
    S4 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-3-7 2855440]
    S4 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2009-11-9 169936]
    S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-03 22:11:50 -------- d-----w- c:\documents and settings\nicholas\application data\Malwarebytes
    2012-02-03 22:11:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-02-03 22:11:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 22:11:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-03 21:28:44 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2012-02-03 21:28:44 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
    2012-02-02 19:53:55 -------- d-----w- c:\documents and settings\nicholas\local settings\application data\Citrix
    2012-02-02 19:53:51 102248 ----a-w- c:\documents and settings\nicholas\GoToAssistDownloadHelper.exe
    2012-01-28 01:51:23 118784 ----a-w- c:\windows\system32\iavlsp.dll
    2012-01-28 01:51:21 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys
    2012-01-28 01:51:21 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
    2012-01-28 01:51:15 56200 ----a-w- c:\windows\system32\offreg.dll
    2012-01-28 01:51:15 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
    2012-01-28 01:51:15 11776 ----a-w- c:\windows\system32\smrgdf.exe
    2012-01-28 01:51:14 -------- d-----w- c:\program files\iolo
    2012-01-28 01:23:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-01-28 01:23:27 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-28 01:00:54 -------- d-----w- c:\program files\VS Revo Group
    2012-01-25 18:03:58 57344 ----a-w- c:\windows\system32\SSCoInst.dll
    2012-01-25 18:03:58 20622 ----a-w- c:\windows\system32\SUGS2LMK.DLL
    2012-01-25 18:03:58 151552 ----a-w- c:\windows\system32\SSCoInst.exe
    2012-01-25 18:03:57 208896 ------w- c:\windows\system32\SSRemove.exe
    2012-01-25 18:03:57 -------- d-----w- c:\windows\Samsung
    2012-01-25 18:02:46 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
    2012-01-25 17:58:21 -------- d-----w- c:\program files\SAMSUNG
    2012-01-25 17:58:13 -------- d-----w- C:\Temp
    2012-01-25 00:59:27 -------- d-----w- c:\documents and settings\nicholas\local settings\application data\LogMeIn Rescue Applet
    2012-01-25 00:39:26 -------- d-----w- C:\iolo
    2012-01-19 18:58:53 -------- d-----w- c:\documents and settings\nicholas\Citrix
    2012-01-19 18:16:22 -------- d-----w- c:\documents and settings\nicholas\application data\Juniper Networks
    2012-01-19 18:16:16 -------- d-----w- c:\documents and settings\all users\application data\Juniper Networks
    2012-01-18 22:16:32 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
    2012-01-07 17:28:38 74703 ----a-w- c:\windows\system32\mfc45.dll
    2012-01-07 17:26:15 -------- d-----w- c:\documents and settings\nicholas\application data\iolo
    2012-01-07 17:26:15 -------- d-----w- c:\documents and settings\all users\application data\iolo
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 23:17:08.07 ===============

    ------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 20/11/2008 1:37:08 AM
    System Uptime: 03/02/2012 7:33:03 PM (4 hours ago)
    .
    Motherboard: Dell Inc. | | 0MG532
    Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1997/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 107 GiB total, 55.975 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    7-Zip 4.57
    Acrobat.com
    Adobe Acrobat 7.0 Professional
    Adobe Acrobat 7.1.0 Professional
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Community Help
    Adobe Connect Add-in
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Apple Application Support
    Apple Software Update
    BCL easyConverter SDK 1.0.0
    Broadcom Management Programs
    Canon MF Drivers
    Canon MF Toolbox 4.9.1.1.mf01
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell CinePlayer
    Dell Driver Reset Tool
    Dell Media Experience
    Dell System Restore
    DellSupport
    Digital Line Detect
    Emsisoft Anti-Malware 5.1
    Free Mp3 Wma Converter V 1.8.0
    Garmin Communicator Plugin
    Garmin USB Drivers
    getPlus(R) for Adobe
    Google Desktop
    GoToAssist Corporate
    GoToMeeting 4.5.0.456
    High Definition Audio Driver Package - KB835221
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Idiom WorldServer Desktop Workbench
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    iolo technologies' System Mechanic Professional
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 19
    Java(TM) 6 Update 7
    Juniper Networks, Inc. Setup Client
    Learn2 Player (Uninstall Only)
    Logitech QuickCam Driver Package
    Malwarebytes Anti-Malware version 1.60.1.1000
    mCore
    MCU
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft English TTS Engine
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Live Add-in 1.3
    Microsoft Office Live Meeting 2007
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft Streets & Trips 2009
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIWA
    mLogView
    mMHouse
    Modem Helper
    mPfMgr
    mPfWiz
    mProSafe
    mSSO
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    mWlsSafe
    mWMI
    mXML
    mZConfig
    NetWaiting
    OverDrive Media Console
    PDF Settings
    Picasa 3
    PokerStars
    PowerISO
    Prism Video Converter
    QuickBooks Premier Edition 2006
    QuickSet
    QuickTime
    RealPlayer Basic
    Revo Uninstaller 1.91
    Rogers Update Manager
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    RSA VPN Client Installer
    RSH Home Networking Wizard
    Samsung ML-2010 Series
    SAPI Wrapper
    SearchAssist
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sibelius Scorch (ActiveX Only)
    SimCity 4 Deluxe
    Sonic Activation Module
    Sonic Update Manager
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    TTS Wrapper
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Service
    URL Assistant
    Viewpoint Media Player
    Visual C++ 9.0 CRT (x86) WinSXS MSM
    Visual Studio 2005 Tools for Office Second Edition Runtime
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Wordfast
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Mail Advisor
    Yahoo! Messenger
    Yahoo! Search Suggest Add-on for IE7
    Yahoo! Software Update
    Yahoo! Toolbar
    ZumoDrive
    .
    ==== Event Viewer Messages From Past Week ========
    .
    03/02/2012 5:13:47 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help with the malware.

    You should know that a permission issue isn't always caused by malware. It can be as simple as taking ownership of a file. And although you are the only user, you may not be logged on to the Administrators account.

    Having said that, I will tell you that there has been a Rogue Fake Alert on the system, so you will having remaining processes to be removed.

    I do not see any antivirus program on this machine. Although you may have to disable it to run a scan, you need a resident AV program. Please put one of the following on the system:
    Temporary AV: Use one:
    Note: If there is any pre-checked process on the download screen, uncheck it before the download. When you install the program, use Custom install, not Standard. Only run the main program- no extras.

    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    ====================================
    As for torrent downloads, please uninstall uTorrent or disable it so as not to use while I'm helping you. There isn't much sense trying to clean a system while malware is coming in the backdoor!
    ========================================
    If you have a problem running any of the following, stop and tell me what it is, giving any message you get as clearly as possible. It can also be that the infected system won't allow you to download programs directly. In that case, you will need to download then to a flash drive using another computer, then run them on the problem system.
    ====================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =============================================
    Logs in next reply please.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.