Inactive [A] 0i763f66bz.exe

Status
Not open for further replies.
X

Xehanort

I initially noticed this heinous thing a few days ago, and immediately knew it was probably bad news. Promptly, I attempted to remove it, but it was incredibly stubborn and refused to budge -- nothing I did seemed to have any effect on it. I spoke to my brother (whom is infinitely more tech savvy than myself) about the issue, and he suggested a program called "FileASSASSIN". So, I proceeded to locate, download and install it. I followed the instructions, and used it on '0i763f66bz.exe'. To my surprise, it actually appeared to have successfully worked.

So, that's good; except the problems when it was still around remain, and seemingly have not been resolved. Uncertain of the full-impact, I've noticed primarily its influence (or that's what I suspect it to be, at least) is still currently negatively affecting the following programs:

- MicroSoft Security Essentials
- Windows FireWall
- Windows UpDate

None of them are working properly, for various reasons, and I have a hunch it's all because of this one file. Despite the fact itself it's no longer even present, of course. So I finally decided to do what I should've done in the first place, and punch the file-name into Google. Oddly enough, there were only a handful of results, and they were all in in Spanish...? Eventually, during a subsequent search, this place appeared alongside as the only English-site. So, here I am.

[Oh, and greetings to everyone. First-post -- obviously.]

Anyway, here are those requested preliminary log files:

====
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.24.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jeff :: N5X6G2 [administrator]
Protection: Disabled
06/24/2012 08:53:15AM 08:53:15
mbam-log-2012-06-24 (08-53-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 230603
Time elapsed: 31 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Jeff\Application Data\{3111d73b-c925-5cf3-d143-385d63565d26}\n. -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 6
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{3111d73b-c925-5cf3-d143-385d63565d26}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogOff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Documents and Settings\Jeff\Application Data\{3111d73b-c925-5cf3-d143-385d63565d26}\n (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Documents and Settings\Jeff\Application Data\{3111d73b-c925-5cf3-d143-385d63565d26}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeff\Application Data\{3111d73b-c925-5cf3-d143-385d63565d26}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeff\Application Data\{3111d73b-c925-5cf3-d143-385d63565d26}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{3111d73b-c925-5cf3-d143-385d63565d26}\n (Trojan.Dropper.PE4) -> Delete on reboot.
C:\WINDOWS\Installer\{3111d73b-c925-5cf3-d143-385d63565d26}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{3111d73b-c925-5cf3-d143-385d63565d26}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{3111d73b-c925-5cf3-d143-385d63565d26}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)

====
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-24 09:54:32
Windows 5.1.2600 Service Pack 3
Running: gvy8ndqh[1].exe

---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\System32\Drivers\35f653a090572886.sys (*** hidden *** ) [BOOT] 35f653a090572886 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@ImagePath \SystemRoot\System32\Drivers\35f653a090572886.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\35f653a090572886@DisplayName 0i763f66bz.exe
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@ImagePath \SystemRoot\System32\Drivers\35f653a090572886.sys
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@Tag 1
Reg HKLM\SYSTEM\ControlSet003\Services\35f653a090572886@DisplayName 0i763f66bz.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\bsQed@ ZX_[SQX}OOW_Hzymif]kfCs
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\GbJBby@ MW`
Reg HKLM\SOFTWARE\Classes\CLSID\{CAF9FB67-43D3-E485-2E8D-2D6C0E4B9F7D}\UwtxkgCuxgZ@ YVzQ{qoZl_LjtF|kq}jb
---- EOF - GMER 1.0.15 ----

====
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jeff at 9:45:51 on 2012-06-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.19 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\retrorun.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrbitDownloader\orbitdm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp-5.53\winamp.exe
C:\WINDOWS\SYSTEM32\notepad.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Windows-Internet-Explorer
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg 8.0\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg 8.0\toolbar\IEToolbar.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg 8.0\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SystemTray] SysTray.Exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?
lic=SUFMQTktSVM0SEwtRFVJR1ItQUlaSkwtREFCTUMtMw"&"inst=NzYtNzU5MjkyODQ2LUtWMys3LUJBKzEtWEwrMS1UMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNOUErM
y1GOE0xMUMrMS1VUEcrMjAxMS1GOE0xMUUrMQ"&"prod=94"&"ver=10.0.1204
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-system: RunLogonScriptSync = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - f:\getright\GRdownload.htm
IE: Open with GetRight Browser - f:\getright\GRbrowse.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340471657296
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196095297234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://www.shawsecure.ca/pchealthcheck/fscax.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://shawsecure.ca/virusscanner/fscax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
TCP: Interfaces\{9D84FC67-567D-4897-893B-C4AF6C57FC6E} : DhcpNameServer = 64.59.135.133 64.59.135.135 64.59.128.120
TCP: Interfaces\{A03B9F89-80BF-4483-80AF-C4E26E807093} : DhcpNameServer = 192.168.1.1 64.59.135.133 64.59.135.135
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\cisco systems\cisco valet connector\CiscoAdapterSvc.exe [2010-9-14 529024]
R3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [2010-9-13 816672]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
S1 qzjdthwg;qzjdthwg;\??\c:\windows\system32\drivers\qzjdthwg.sys --> c:\windows\system32\drivers\qzjdthwg.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-24 654408]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2010-8-26 816672]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2001-10-17 25434]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\jeff\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\jeff\locals~1\temp\onlinescanner\anti-
virus\fsgk.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-28 29744]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-24 22344]
.
=============== Created Last 30 ================
.
2012-06-24 10:49:23 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-06-24 10:49:23 -------- d-----w- c:\documents and settings\jeff\application data\Malwarebytes
2012-06-24 10:49:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-24 10:49:09 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 10:49:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 10:34:54 -------- d-----w- c:\program files\FileASSASSIN
2012-06-24 10:24:31 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{878898ce-9a8c-4250-b936-08f3f63ee2d3}
\offreg.dll
2012-06-24 09:20:45 -------- d-----w- c:\documents and settings\jeff\application data\PCHealth
2012-06-24 09:20:45 -------- d-----w- c:\documents and settings\jeff\application data\PCHealth
2012-06-24 08:11:36 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{878898ce-9a8c-4250-b936-08f3f63ee2d3}
\mpengine.dll
2012-06-24 07:58:52 -------- d-----w- C:\1ef01b77f09c47636f688c2d3b6875
2012-06-24 07:47:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-24 07:39:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 19:23:42 -------- d-----w- c:\documents and settings\jeff\application data\DriverCure
2012-06-23 19:23:42 -------- d-----w- c:\documents and settings\jeff\application data\DriverCure
2012-06-23 19:23:41 -------- d-----w- c:\documents and settings\jeff\application data\ParetoLogic
2012-06-23 19:23:41 -------- d-----w- c:\documents and settings\jeff\application data\ParetoLogic
2012-06-23 19:21:21 -------- d-----w- c:\program files\common files\ParetoLogic
2012-06-23 19:21:19 -------- d-----w- c:\program files\ParetoLogic
2012-06-23 19:21:19 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-06-23 05:57:00 66488 ----a-w- c:\windows\system32\drivers\35f653a090572886.sys
2012-06-11 06:22:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-03 07:31:20 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
.
==================== Find3M ====================
.
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-01-20 10:27:06 1454656 ----a-w- c:\program files\Silverlight.exe
.
============= FINISH: 9:51:27.98 ===============
 
====
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2007 12:58:51 AM
System Uptime: 06/24/2012 04:34:58 AM (5 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-7VM400AM(F)
Processor: AMD Athlon(tm) | Socket A | 1161/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 128 GiB total, 3.769 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 56 GiB total, 0.164 GiB free.
G: is Removable
H: is FIXED (NTFS) - 105 GiB total, 0.594 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: D-Link DFE-538TX 10/100 Adapter
Device ID: PCI\VEN_1186&DEV_1300&SUBSYS_13001186&REV_10\3&13C0B0C5&0&58
Manufacturer: D-Link Corporation.
Name: D-Link DFE-538TX 10/100 Adapter
PNP Device ID: PCI\VEN_1186&DEV_1300&SUBSYS_13001186&REV_10\3&13C0B0C5&0&58
Service: DLKRTS
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_B0031458&REV_80\3&13C0B0C5&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_B0031458&REV_80\3&13C0B0C5&0&78
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C0B0C5&0&98
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C0B0C5&0&98
Service: RTL8023xp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\42F081FEA00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\42F081FEA00
Service: NIC1394
.
==== System Restore Points ===================
.
RP1237: 06/21/2012 12:28:26 PM - System Checkpoint
RP1238: 06/22/2012 01:05:38 PM - System Checkpoint
.
==== Installed Programs ======================
.
AAC Decoder
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
AutoUpdate
AVG PC Tuneup 2011
C-Media WDM Audio Driver
Cisco Connect
Cisco Valet Connector
Data Lifeguard Tools
Dell Photo Printer 720
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Enable S3 for USB Device
FileASSASSIN
FLV Player 2.0 (build 25)
Google Desktop
Google Toolbar for Internet Explorer
H.264 Decoder
Highlight Viewer (Windows Live Toolbar)
Hotfix for Windows Internet Explorer 7 (KB947864)
Java 2 Runtime Environment, SE v1.4.1
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
MagicTune Premium
Malwarebytes Anti-Malware version 1.61.0.1400
Map Button (Windows Live Toolbar)
Maxtor OneTouch
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.2
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Natural Color Pro
OpenOffice.org 2.4
Orbit Downloader
ParetoLogic PC Health Advisor
PCI Audio Driver
Picasa 2
QuickTime
Realtek AC'97 Audio
Retrospect Express HD 2.0
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
Smart Menus (Windows Live Toolbar)
SmartSoft Video Converter
Spelling Dictionaries Support For Adobe Reader 8
swMSM
UniCHrome Graphics Driver and Utilities
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
USB Storage Adapter FX (MXO)
VC80CRTRedist - 8.0.50727.4053
Veetle TV
Voxware Audio decoder 1.6
WD Diagnostics
WebFldrs XP
Winamp
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
Xiph QuickTime Components
.
==== Event Viewer Messages From Past Week ========
.
06/24/2012 12:56:12 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an
installed service.
06/24/2012 12:54:28 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action
will be taken in 15000 milliseconds: Restart the service.
06/24/2012 12:48:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that
installation before proceeding with this install.
06/24/2012 12:48:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that
installation before proceeding with this install.
06/24/2012 12:48:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update
Type: Full User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in
progress. Complete that installation before proceeding with this install.
06/24/2012 12:48:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update
Type: Full User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in
progress. Complete that installation before proceeding with this install.
06/24/2012 12:48:01 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: N5X6G2\Jeff Current Engine Version:
Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
06/24/2012 12:43:06 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an
installed service.
06/24/2012 12:43:05 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an
installed service.
06/24/2012 04:52:08 AM, error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
06/24/2012 04:50:33 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action
will be taken in 15000 milliseconds: Restart the service.
06/24/2012 04:40:53 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 04:40:53 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 04:40:52 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the
latest definition updates in order to enable real-time protection.
06/24/2012 04:40:52 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must
install the latest definition updates in order to enable real-time protection.
06/24/2012 03:55:07 AM, error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device
attached to the system is not functioning.
06/24/2012 03:55:07 AM, error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
06/24/2012 03:49:34 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: A device attached to the system is not functioning.
06/24/2012 02:20:21 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 02:20:21 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the
latest definition updates in order to enable real-time protection.
06/24/2012 02:20:21 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 02:20:21 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must
install the latest definition updates in order to enable real-time protection.
06/24/2012 01:17:34 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 01:17:34 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 01:14:52 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 01:14:52 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error
Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the
latest definition updates in order to enable real-time protection.
06/24/2012 01:14:52 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
06/24/2012 01:14:52 AM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring
Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must
install the latest definition updates in order to enable real-time protection.
06/24/2012 01:12:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already
in progress. Complete that installation before proceeding with this install.
06/24/2012 01:12:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already
in progress. Complete that installation before proceeding with this install.
06/24/2012 01:12:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already
in progress. Complete that installation before proceeding with this install.
06/24/2012 01:12:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update
Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding with this install.
06/24/2012 01:12:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update
Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding with this install.
06/24/2012 01:12:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding
with this install.
06/24/2012 01:08:49 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT
AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an
installed service.
06/24/2012 01:01:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that
installation before proceeding with this install.
06/24/2012 01:01:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full
User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that
installation before proceeding with this install.
06/24/2012 01:01:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update
Type: Full User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in
progress. Complete that installation before proceeding with this install.
06/24/2012 01:01:35 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?
LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update
Type: Full User: N5X6G2\Jeff Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in
progress. Complete that installation before proceeding with this install.
06/24/2012 01:00:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous
Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: N5X6G2\Jeff Current Engine Version:
Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The Workstation service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
06/23/2012 10:53:05 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken
in 100 milliseconds: Restart the service.
06/23/2012 10:46:11 AM, error: Service Control Manager [7028] - The BITS Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the
Registry key.
06/23/2012 10:15:58 AM, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of
the Registry key.
06/23/2012 01:28:24 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
06/22/2012 05:46:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
.
==== End Of File ===========================

====
Any assistance is greatly appreciated. Thanks in advance.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi, Broni.

I'm very sorry about the delay. Anyway, I finally got ComboFix to run successfully (it'd really help if there was some sort of indicator for progress with that thing). Here's the Log:

====
ComboFix 12-06-28.01 - Jeff 06/28/2012 10:05:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.223.10 [GMT -7:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP
c:\documents and settings\Jeff\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
c:\documents and settings\Jeff\Application Data\Microsoft\Messenger
c:\documents and settings\Jeff\Application Data\Microsoft\Messenger\activesharingfolder.dat
c:\documents and settings\Jeff\Application Data\Microsoft\Messenger\ContactsLog.txt
c:\documents and settings\Jeff\Start Menu\Internet Explorer.lnk
c:\documents and settings\Jeff\WINDOWS
c:\windows\inf\internet
c:\windows\start.exe
c:\windows\system32\drivers\35f653a090572886.sys
c:\windows\system32\ndisapi.dll
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET92.tmp
c:\windows\Web\default.htt
c:\documents and settings\Jeff\Application Data\Microsoft\Windows\UsrClass.dat . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_35f653a090572886
-------\Service_35f653a090572886
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 18:03 . 2012-06-18 10:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{69CB95A0-472A-4F92-8811-8C0F0C0E7A0B}\mpengine.dll
2012-06-28 17:51 . 2012-06-28 17:54 -------- d-----w- c:\windows\LastGood
2012-06-24 18:14 . 2012-06-24 18:14 -------- d-----w- c:\program files\ESET
2012-06-24 10:49 . 2012-06-24 10:49 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2012-06-24 10:49 . 2012-06-24 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-24 10:49 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 10:49 . 2012-06-24 10:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 10:34 . 2012-06-24 10:34 -------- d-----w- c:\program files\FileASSASSIN
2012-06-24 09:20 . 2012-06-24 09:20 -------- d-----w- c:\documents and settings\Jeff\Application Data\PCHealth
2012-06-24 08:11 . 2012-06-18 10:14 6762896 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-24 07:58 . 2012-06-24 07:59 -------- d-----w- C:\1ef01b77f09c47636f688c2d3b6875
2012-06-24 07:47 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-06-24 07:39 . 2012-06-24 07:42 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-23 19:23 . 2012-06-23 19:23 -------- d-----w- c:\documents and settings\Jeff\Application Data\DriverCure
2012-06-23 19:23 . 2012-06-23 19:23 -------- d-----w- c:\documents and settings\Jeff\Application Data\ParetoLogic
2012-06-23 19:21 . 2012-06-23 19:21 -------- d-----w- c:\program files\Common Files\ParetoLogic
2012-06-23 19:21 . 2012-06-24 14:27 -------- d-----w- c:\program files\ParetoLogic
2012-06-23 19:21 . 2012-06-23 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-06-11 06:22 . 2012-06-11 06:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-03 07:31 . 2012-06-04 00:44 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 00:35 . 2007-11-26 07:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-11-26 07:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2007-11-26 07:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2007-11-26 07:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2007-11-26 07:30 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2007-11-26 07:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2007-11-26 07:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-04-11 13:12 . 2007-11-26 07:32 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2007-11-26 07:31 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-04 05:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-01-20 10:27 . 2008-01-20 10:26 1454656 ----a-w- c:\program files\Silverlight.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2004-12-22 823296]
"MXOBG"="c:\windows\MXOALDR.EXE" [2007-11-26 94208]
"VTTimer"="VTTimer.exe" [2004-01-15 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...VUEcrMjAxMS1GOE0xMUUrMQ&prod=94&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\OrbitDownloader\orbitdm.exe [2008-3-15 1719496]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fliptoast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Fliptoast.lnk
backup=c:\windows\pss\Fliptoast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-16 01:00 1818624 ----a-w- c:\windows\mixer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-08-12 12:07 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-27 00:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-10-23 21:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 07:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
2007-01-18 19:02 9371648 ----a-w- c:\progra~1\RETROS~1\RETROS~1.0\RetroExpress.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-12 21:16 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp-5.53\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MagicTuneEngine"=2 (0x2)
"MioNet"=2 (0x2)
"winss"=2 (0x2)
"msfwsvc"=2 (0x2)
"OneCareMP"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"VTTimer"=VTTimer.exe
"RaidAP"=c:\windows\RAIDAP\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/24/2012 03:49 AM 654408]
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [09/14/2010 12:04 AM 529024]
R3 AM10;Cisco AM10 Driver;c:\windows\SYSTEM32\DRIVERS\AM10XP.sys [09/13/2010 11:27 PM 816672]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [06/24/2012 03:49 AM 22344]
S1 qzjdthwg;qzjdthwg;\??\c:\windows\system32\drivers\qzjdthwg.sys --> c:\windows\system32\drivers\qzjdthwg.sys [?]
S3 AE1000;Linksys AE1000 Driver;c:\windows\SYSTEM32\DRIVERS\AE1000XP.sys [08/26/2010 10:58 PM 816672]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Jeff\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Jeff\LOCALS~1\Temp\CFcatchme.sys [?]
S3 DLKRTS;D-Link DFE-538TX 10/100 Adapter;c:\windows\SYSTEM32\DRIVERS\DLKRTS.SYS [10/17/2001 08:59 PM 25434]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Jeff\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Jeff\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/28/2007 07:22 PM 29744]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MPFILTER
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-06-28 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-04-22 17:21]
.
2007-12-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-22 00:08]
.
2012-06-28 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-27 00:03]
.
2012-06-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-10-25 21:30]
.
2012-06-23 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-10-25 21:30]
.
2012-06-23 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-10-25 21:30]
.
2012-06-23 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-10-25 21:30]
.
2012-06-28 c:\windows\Tasks\User_Feed_Synchronization-{47E5EE14-0607-4BDE-A9D3-2708534D9119}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download by Orbit - c:\program files\OrbitDownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\OrbitDownloader\orbitmxt.dll/204
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Do&wnload selected by Orbit - c:\program files\OrbitDownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\OrbitDownloader\orbitmxt.dll/202
IE: Download with GetRight - f:\getright\GRdownload.htm
IE: Open with GetRight Browser - f:\getright\GRbrowse.htm
TCP: DhcpNameServer = 64.59.135.135 64.59.128.121
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} - hxxp://www.programchecker.com/dll/nixon.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://www.shawsecure.ca/pchealthcheck/fscax.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG 8.0\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG 8.0\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG 8.0\Toolbar\IEToolbar.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-0i763f66bz - c:\documents and settings\Jeff\0i763f66bz.exe
MSConfigStartUp-MioNet - c:\program files\MioNet\MioNetLauncher.exe
MSConfigStartUp-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 11:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\progra~1\RETROS~1\RETROS~1.0\retrorun.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\system32\VTTimer.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2012-06-28 11:24:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 18:23
.
Pre-Run: 4, 045, 000, 704 bytes free
Post-Run: 4, 570, 595, 328 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B74E6744634465A1258096523FA2C8EC
====

Thanks again.
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\documents and settings\Jeff\Application Data\Microsoft\Windows\UsrClass.dat
c:\windows\system32\drivers\qzjdthwg.sys

Folder::

Driver::
qzjdthwg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
786
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back