iFIX Solutions
Posts: 73 +0
Helping a friend out this time. Per the 5 steps here are the logs.
TIA,
Matt
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.06.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: TERRY-8538FA784 [administrator]
9/6/2012 6:29:41 PM
mbam-log-2012-09-06 (18-29-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197888
Time elapsed: 26 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 26
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Owner\Local Settings\Application Data\{74ca1287-844d-836c-7459-9b9f515f40ea}\n. -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-06 19:07:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDS721050CLA362 rev.JP2OA3MA
Running: 02ex8t48.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwlcqpow.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:11:24 on 2012-09-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.560 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\WINDOWS\system32\SAiLicSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-hpd05
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0AtCyE0C0D0C0CtDyEyEtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=191287204
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - c:\documents and settings\owner\application data\qwiklinx\Qwiklinx.dll
BHO: Privacy Safeguard BHO: {a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} - c:\program files\privacysafeguard\PrivacySafeGuard.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - http://tbedits.mapsgalaxy.com/one-t...B0C1-4D15-A16B-4097B85497F1&n=2012060418&cv=1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AF4F8BE6-AFC9-4CE6-ACDC-0D2ED240AB38} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2011-11-17 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2012-4-7 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2011-9-22 374304]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2011-9-22 292384]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
.
=============== Created Last 30 ================
.
2012-09-07 00:08:297022536----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1328506-0a9e-4751-b4b4-580df75a3d2b}\mpengine.dll
2012-09-06 23:28:2022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-06 23:28:20--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-27 03:10:107023536----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-27 03:08:05--------d-----w-c:\program files\Microsoft Security Client
2012-08-17 05:22:37--------d-----w-c:\documents and settings\owner\local settings\application data\Mozilla
2012-08-17 05:21:54--------d-----w-c:\documents and settings\all users\application data\Tarma Installer
2012-08-17 05:21:43--------d-----w-C:\extensions
2012-08-17 05:21:40--------d-----w-c:\documents and settings\owner\application data\Qwiklinx
2012-08-17 05:21:39--------d-----w-c:\program files\Qwiklinx
2012-08-17 05:21:04--------d-----w-c:\program files\PrivacySafeGuard
2012-08-17 05:20:54--------d-----w-c:\documents and settings\owner\local settings\application data\Google
2012-08-08 22:07:17--------d-----w-c:\documents and settings\owner\application data\COMcheck
2012-08-08 22:06:38--------d-----w-c:\documents and settings\owner\local settings\application data\Check
.
==================== Find3M ====================
.
2012-07-25 00:36:2412872----a-w-c:\windows\system32\bootdelete.exe
2012-07-11 06:45:172228----a-w-c:\windows\system32\ASOROSet.bin
2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:151866112----a-w-c:\windows\system32\win32k.sys
2012-07-02 17:49:33916992----a-w-c:\windows\system32\wininet.dll
2012-07-02 17:49:3243520------w-c:\windows\system32\licmgr10.dll
2012-07-02 17:49:321469440------w-c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43385024----a-w-c:\windows\system32\html.iec
2012-06-04 22:55:46172440----a-w-c:\program files\39res.dll
.
============= FINISH: 19:14:32.75 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2010 8:54:15 PM
System Uptime: 9/6/2012 6:19:03 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 426.737 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP573: 6/8/2012 4:27:22 PM - System Checkpoint
RP574: 6/9/2012 4:49:59 PM - System Checkpoint
RP575: 6/10/2012 4:50:26 PM - System Checkpoint
RP576: 6/11/2012 9:07:04 AM - SpeedyPC Pro Backup
RP577: 6/12/2012 11:26:11 AM - System Checkpoint
RP578: 6/12/2012 11:38:38 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP579: 6/13/2012 6:15:04 PM - System Checkpoint
RP580: 6/14/2012 3:00:18 AM - Software Distribution Service 3.0
RP581: 6/15/2012 10:39:19 AM - System Checkpoint
RP582: 6/16/2012 12:40:13 PM - System Checkpoint
RP583: 6/18/2012 10:12:50 AM - System Checkpoint
RP584: 6/19/2012 10:51:10 AM - System Checkpoint
RP585: 6/20/2012 3:05:14 PM - System Checkpoint
RP586: 6/21/2012 3:55:40 PM - System Checkpoint
RP587: 6/23/2012 10:43:50 AM - System Checkpoint
RP588: 6/24/2012 11:19:20 AM - System Checkpoint
RP589: 6/25/2012 11:35:23 AM - System Checkpoint
RP590: 6/26/2012 12:25:50 PM - System Checkpoint
RP591: 6/26/2012 1:43:33 PM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP592: 6/27/2012 2:14:48 PM - System Checkpoint
RP593: 6/28/2012 2:31:00 PM - System Checkpoint
RP594: 6/29/2012 8:23:08 AM - SpeedyPC Pro Backup
RP595: 6/30/2012 9:05:36 AM - System Checkpoint
RP596: 7/1/2012 9:55:09 AM - System Checkpoint
RP597: 7/2/2012 8:21:59 AM - SpeedyPC Pro Backup
RP598: 7/3/2012 8:26:21 AM - System Checkpoint
RP599: 7/4/2012 8:44:13 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP600: 7/9/2012 10:17:03 PM - System Checkpoint
RP601: 7/10/2012 11:24:15 PM - System Checkpoint
RP602: 7/11/2012 1:14:54 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP603: 7/11/2012 2:58:07 AM - Software Distribution Service 3.0
RP604: 7/12/2012 10:37:45 AM - System Checkpoint
RP605: 7/13/2012 10:59:46 AM - System Checkpoint
RP606: 7/14/2012 11:05:06 AM - System Checkpoint
RP607: 7/15/2012 11:29:06 AM - System Checkpoint
RP608: 7/16/2012 12:22:40 PM - System Checkpoint
RP609: 7/17/2012 12:32:51 PM - System Checkpoint
RP610: 7/17/2012 1:42:11 PM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP611: 7/18/2012 3:39:14 PM - System Checkpoint
RP612: 7/19/2012 3:47:43 PM - System Checkpoint
RP613: 7/20/2012 8:47:40 AM - SpeedyPC Pro Backup
RP614: 7/21/2012 8:55:01 AM - System Checkpoint
RP615: 7/22/2012 9:30:29 AM - System Checkpoint
RP616: 7/23/2012 9:18:33 AM - SpeedyPC Pro Backup
RP617: 7/24/2012 9:43:18 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP618: 7/24/2012 9:56:13 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP619: 7/24/2012 9:59:34 AM - SpeedyPC Pro Backup
RP620: 7/24/2012 10:03:28 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP621: 7/24/2012 7:24:40 PM - Removed Sentinel Protection Installer 7.6.5
RP622: 7/24/2012 7:25:58 PM - Removed CyberDefender Framework
RP623: 7/24/2012 7:54:16 PM - Software Distribution Service 3.0
RP624: 7/26/2012 8:07:18 AM - Software Distribution Service 3.0
RP625: 7/27/2012 9:50:29 AM - System Checkpoint
RP626: 7/27/2012 11:52:00 AM - Installed Sentinel Protection Installer 7.1.1
RP627: 7/27/2012 11:54:46 AM - Removed Sentinel Protection Installer 7.1.1
RP628: 7/27/2012 12:08:38 PM - Software Distribution Service 3.0
RP629: 7/28/2012 12:55:12 PM - System Checkpoint
RP630: 7/28/2012 6:02:53 PM - Software Distribution Service 3.0
RP631: 7/30/2012 2:44:53 PM - Software Distribution Service 3.0
RP632: 7/31/2012 3:07:38 PM - System Checkpoint
RP633: 8/1/2012 8:02:54 AM - Software Distribution Service 3.0
RP634: 8/2/2012 10:16:45 AM - Software Distribution Service 3.0
RP635: 8/3/2012 10:34:22 AM - System Checkpoint
RP636: 8/3/2012 10:41:17 PM - Software Distribution Service 3.0
RP637: 8/4/2012 11:26:27 PM - System Checkpoint
RP638: 8/5/2012 12:43:12 PM - Software Distribution Service 3.0
RP639: 8/6/2012 1:02:30 PM - System Checkpoint
RP640: 8/7/2012 7:59:42 AM - Software Distribution Service 3.0
RP641: 8/8/2012 8:35:06 AM - Software Distribution Service 3.0
RP642: 8/9/2012 8:35:31 AM - Software Distribution Service 3.0
RP643: 8/10/2012 8:49:26 AM - System Checkpoint
RP644: 8/11/2012 7:30:25 AM - Software Distribution Service 3.0
RP645: 8/12/2012 2:23:41 AM - Software Distribution Service 3.0
RP646: 8/13/2012 3:23:23 AM - System Checkpoint
RP647: 8/13/2012 7:30:46 AM - Software Distribution Service 3.0
RP648: 8/14/2012 7:31:03 AM - Software Distribution Service 3.0
RP649: 8/15/2012 9:03:55 AM - Software Distribution Service 3.0
RP650: 8/16/2012 2:56:21 AM - Software Distribution Service 3.0
RP651: 8/16/2012 10:15:14 AM - Software Distribution Service 3.0
RP652: 8/17/2012 11:43:39 AM - System Checkpoint
RP653: 8/17/2012 2:21:30 PM - Removed iTunes
RP654: 8/17/2012 2:48:46 PM - Software Distribution Service 3.0
RP655: 8/18/2012 2:48:13 PM - Software Distribution Service 3.0
RP656: 8/19/2012 3:08:19 PM - System Checkpoint
RP657: 8/20/2012 7:15:36 AM - Software Distribution Service 3.0
RP658: 8/21/2012 7:48:42 AM - Software Distribution Service 3.0
RP659: 8/22/2012 8:39:01 AM - Software Distribution Service 3.0
RP660: 8/23/2012 8:38:44 AM - Software Distribution Service 3.0
RP661: 8/24/2012 8:44:41 AM - System Checkpoint
RP662: 8/25/2012 6:52:11 AM - Software Distribution Service 3.0
RP663: 8/26/2012 3:41:04 PM - System Checkpoint
RP664: 8/27/2012 4:04:28 PM - System Checkpoint
RP665: 8/28/2012 4:28:05 PM - System Checkpoint
RP666: 8/29/2012 4:33:27 PM - System Checkpoint
RP667: 8/30/2012 5:07:12 PM - System Checkpoint
RP668: 9/1/2012 10:30:26 AM - System Checkpoint
RP669: 9/2/2012 10:34:46 AM - System Checkpoint
RP670: 9/3/2012 10:35:59 AM - System Checkpoint
RP671: 9/3/2012 7:30:54 PM - Removed Bonjour
RP672: 9/3/2012 7:31:43 PM - Removed Apple Application Support
RP673: 9/3/2012 7:33:55 PM - Removed Apple Mobile Device Support
RP674: 9/3/2012 7:34:36 PM - Removed Apple Software Update
RP675: 9/4/2012 8:11:00 PM - System Checkpoint
RP676: 9/6/2012 12:22:48 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
COMcheck 3.9.1.3 (Current User)
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - FR
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - KPT Collection
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
erLT
FAS for Peachtree
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 29
Linksys Wireless-G PCI Adapter
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Outlook 2003
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Peachtree Complete Accounting 2006
Privacy SafeGuard version 1.1
QBFC3.0
Qwiklinx
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923789)
Sentinel Protection Installer 7.6.5
SigmaTel Audio
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2718704)
Vinyl Express LXi1
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/6/2012 12:12:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.135.390.0Update Source: Microsoft Update ServerUpdate Stage: SearchSource Path: Default URLSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8704.0Error code: 0x80070424Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================
TIA,
Matt
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.09.06.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: TERRY-8538FA784 [administrator]
9/6/2012 6:29:41 PM
mbam-log-2012-09-06 (18-29-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197888
Time elapsed: 26 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 26
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\Owner\Local Settings\Application Data\{74ca1287-844d-836c-7459-9b9f515f40ea}\n. -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-06 19:07:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDS721050CLA362 rev.JP2OA3MA
Running: 02ex8t48.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwlcqpow.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:11:24 on 2012-09-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.560 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\SAiDownloader.exe
C:\WINDOWS\system32\SAiLicSvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fptb-hpd05
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0AtCyE0C0D0C0CtDyEyEtN0D0Tzu0CtBtBzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=191287204
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - c:\documents and settings\owner\application data\qwiklinx\Qwiklinx.dll
BHO: Privacy Safeguard BHO: {a42d2eb4-dd31-4bb5-8aa5-8d4e04806dbe} - c:\program files\privacysafeguard\PrivacySafeGuard.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - http://tbedits.mapsgalaxy.com/one-t...B0C1-4D15-A16B-4097B85497F1&n=2012060418&cv=1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AF4F8BE6-AFC9-4CE6-ACDC-0D2ED240AB38} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2011-11-17 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2012-4-7 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2011-9-22 374304]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\common files\safenet sentinel\sentinel security runtime\sntlsrtsrvr.exe [2011-9-22 292384]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
.
=============== Created Last 30 ================
.
2012-09-07 00:08:297022536----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a1328506-0a9e-4751-b4b4-580df75a3d2b}\mpengine.dll
2012-09-06 23:28:2022344----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-06 23:28:20--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-08-27 03:10:107023536----a-w-c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-27 03:08:05--------d-----w-c:\program files\Microsoft Security Client
2012-08-17 05:22:37--------d-----w-c:\documents and settings\owner\local settings\application data\Mozilla
2012-08-17 05:21:54--------d-----w-c:\documents and settings\all users\application data\Tarma Installer
2012-08-17 05:21:43--------d-----w-C:\extensions
2012-08-17 05:21:40--------d-----w-c:\documents and settings\owner\application data\Qwiklinx
2012-08-17 05:21:39--------d-----w-c:\program files\Qwiklinx
2012-08-17 05:21:04--------d-----w-c:\program files\PrivacySafeGuard
2012-08-17 05:20:54--------d-----w-c:\documents and settings\owner\local settings\application data\Google
2012-08-08 22:07:17--------d-----w-c:\documents and settings\owner\application data\COMcheck
2012-08-08 22:06:38--------d-----w-c:\documents and settings\owner\local settings\application data\Check
.
==================== Find3M ====================
.
2012-07-25 00:36:2412872----a-w-c:\windows\system32\bootdelete.exe
2012-07-11 06:45:172228----a-w-c:\windows\system32\ASOROSet.bin
2012-07-06 13:58:5178336----a-w-c:\windows\system32\browser.dll
2012-07-04 14:05:18139784----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:151866112----a-w-c:\windows\system32\win32k.sys
2012-07-02 17:49:33916992----a-w-c:\windows\system32\wininet.dll
2012-07-02 17:49:3243520------w-c:\windows\system32\licmgr10.dll
2012-07-02 17:49:321469440------w-c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43385024----a-w-c:\windows\system32\html.iec
2012-06-04 22:55:46172440----a-w-c:\program files\39res.dll
.
============= FINISH: 19:14:32.75 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2010 8:54:15 PM
System Uptime: 9/6/2012 6:19:03 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 426.737 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP573: 6/8/2012 4:27:22 PM - System Checkpoint
RP574: 6/9/2012 4:49:59 PM - System Checkpoint
RP575: 6/10/2012 4:50:26 PM - System Checkpoint
RP576: 6/11/2012 9:07:04 AM - SpeedyPC Pro Backup
RP577: 6/12/2012 11:26:11 AM - System Checkpoint
RP578: 6/12/2012 11:38:38 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP579: 6/13/2012 6:15:04 PM - System Checkpoint
RP580: 6/14/2012 3:00:18 AM - Software Distribution Service 3.0
RP581: 6/15/2012 10:39:19 AM - System Checkpoint
RP582: 6/16/2012 12:40:13 PM - System Checkpoint
RP583: 6/18/2012 10:12:50 AM - System Checkpoint
RP584: 6/19/2012 10:51:10 AM - System Checkpoint
RP585: 6/20/2012 3:05:14 PM - System Checkpoint
RP586: 6/21/2012 3:55:40 PM - System Checkpoint
RP587: 6/23/2012 10:43:50 AM - System Checkpoint
RP588: 6/24/2012 11:19:20 AM - System Checkpoint
RP589: 6/25/2012 11:35:23 AM - System Checkpoint
RP590: 6/26/2012 12:25:50 PM - System Checkpoint
RP591: 6/26/2012 1:43:33 PM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP592: 6/27/2012 2:14:48 PM - System Checkpoint
RP593: 6/28/2012 2:31:00 PM - System Checkpoint
RP594: 6/29/2012 8:23:08 AM - SpeedyPC Pro Backup
RP595: 6/30/2012 9:05:36 AM - System Checkpoint
RP596: 7/1/2012 9:55:09 AM - System Checkpoint
RP597: 7/2/2012 8:21:59 AM - SpeedyPC Pro Backup
RP598: 7/3/2012 8:26:21 AM - System Checkpoint
RP599: 7/4/2012 8:44:13 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP600: 7/9/2012 10:17:03 PM - System Checkpoint
RP601: 7/10/2012 11:24:15 PM - System Checkpoint
RP602: 7/11/2012 1:14:54 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP603: 7/11/2012 2:58:07 AM - Software Distribution Service 3.0
RP604: 7/12/2012 10:37:45 AM - System Checkpoint
RP605: 7/13/2012 10:59:46 AM - System Checkpoint
RP606: 7/14/2012 11:05:06 AM - System Checkpoint
RP607: 7/15/2012 11:29:06 AM - System Checkpoint
RP608: 7/16/2012 12:22:40 PM - System Checkpoint
RP609: 7/17/2012 12:32:51 PM - System Checkpoint
RP610: 7/17/2012 1:42:11 PM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP611: 7/18/2012 3:39:14 PM - System Checkpoint
RP612: 7/19/2012 3:47:43 PM - System Checkpoint
RP613: 7/20/2012 8:47:40 AM - SpeedyPC Pro Backup
RP614: 7/21/2012 8:55:01 AM - System Checkpoint
RP615: 7/22/2012 9:30:29 AM - System Checkpoint
RP616: 7/23/2012 9:18:33 AM - SpeedyPC Pro Backup
RP617: 7/24/2012 9:43:18 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP618: 7/24/2012 9:56:13 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP619: 7/24/2012 9:59:34 AM - SpeedyPC Pro Backup
RP620: 7/24/2012 10:03:28 AM - MyCleanPCPCOptimizer_BeforeFixingIssues
RP621: 7/24/2012 7:24:40 PM - Removed Sentinel Protection Installer 7.6.5
RP622: 7/24/2012 7:25:58 PM - Removed CyberDefender Framework
RP623: 7/24/2012 7:54:16 PM - Software Distribution Service 3.0
RP624: 7/26/2012 8:07:18 AM - Software Distribution Service 3.0
RP625: 7/27/2012 9:50:29 AM - System Checkpoint
RP626: 7/27/2012 11:52:00 AM - Installed Sentinel Protection Installer 7.1.1
RP627: 7/27/2012 11:54:46 AM - Removed Sentinel Protection Installer 7.1.1
RP628: 7/27/2012 12:08:38 PM - Software Distribution Service 3.0
RP629: 7/28/2012 12:55:12 PM - System Checkpoint
RP630: 7/28/2012 6:02:53 PM - Software Distribution Service 3.0
RP631: 7/30/2012 2:44:53 PM - Software Distribution Service 3.0
RP632: 7/31/2012 3:07:38 PM - System Checkpoint
RP633: 8/1/2012 8:02:54 AM - Software Distribution Service 3.0
RP634: 8/2/2012 10:16:45 AM - Software Distribution Service 3.0
RP635: 8/3/2012 10:34:22 AM - System Checkpoint
RP636: 8/3/2012 10:41:17 PM - Software Distribution Service 3.0
RP637: 8/4/2012 11:26:27 PM - System Checkpoint
RP638: 8/5/2012 12:43:12 PM - Software Distribution Service 3.0
RP639: 8/6/2012 1:02:30 PM - System Checkpoint
RP640: 8/7/2012 7:59:42 AM - Software Distribution Service 3.0
RP641: 8/8/2012 8:35:06 AM - Software Distribution Service 3.0
RP642: 8/9/2012 8:35:31 AM - Software Distribution Service 3.0
RP643: 8/10/2012 8:49:26 AM - System Checkpoint
RP644: 8/11/2012 7:30:25 AM - Software Distribution Service 3.0
RP645: 8/12/2012 2:23:41 AM - Software Distribution Service 3.0
RP646: 8/13/2012 3:23:23 AM - System Checkpoint
RP647: 8/13/2012 7:30:46 AM - Software Distribution Service 3.0
RP648: 8/14/2012 7:31:03 AM - Software Distribution Service 3.0
RP649: 8/15/2012 9:03:55 AM - Software Distribution Service 3.0
RP650: 8/16/2012 2:56:21 AM - Software Distribution Service 3.0
RP651: 8/16/2012 10:15:14 AM - Software Distribution Service 3.0
RP652: 8/17/2012 11:43:39 AM - System Checkpoint
RP653: 8/17/2012 2:21:30 PM - Removed iTunes
RP654: 8/17/2012 2:48:46 PM - Software Distribution Service 3.0
RP655: 8/18/2012 2:48:13 PM - Software Distribution Service 3.0
RP656: 8/19/2012 3:08:19 PM - System Checkpoint
RP657: 8/20/2012 7:15:36 AM - Software Distribution Service 3.0
RP658: 8/21/2012 7:48:42 AM - Software Distribution Service 3.0
RP659: 8/22/2012 8:39:01 AM - Software Distribution Service 3.0
RP660: 8/23/2012 8:38:44 AM - Software Distribution Service 3.0
RP661: 8/24/2012 8:44:41 AM - System Checkpoint
RP662: 8/25/2012 6:52:11 AM - Software Distribution Service 3.0
RP663: 8/26/2012 3:41:04 PM - System Checkpoint
RP664: 8/27/2012 4:04:28 PM - System Checkpoint
RP665: 8/28/2012 4:28:05 PM - System Checkpoint
RP666: 8/29/2012 4:33:27 PM - System Checkpoint
RP667: 8/30/2012 5:07:12 PM - System Checkpoint
RP668: 9/1/2012 10:30:26 AM - System Checkpoint
RP669: 9/2/2012 10:34:46 AM - System Checkpoint
RP670: 9/3/2012 10:35:59 AM - System Checkpoint
RP671: 9/3/2012 7:30:54 PM - Removed Bonjour
RP672: 9/3/2012 7:31:43 PM - Removed Apple Application Support
RP673: 9/3/2012 7:33:55 PM - Removed Apple Mobile Device Support
RP674: 9/3/2012 7:34:36 PM - Removed Apple Software Update
RP675: 9/4/2012 8:11:00 PM - System Checkpoint
RP676: 9/6/2012 12:22:48 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
COMcheck 3.9.1.3 (Current User)
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - FR
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - KPT Collection
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
erLT
FAS for Peachtree
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 29
Linksys Wireless-G PCI Adapter
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Outlook 2003
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Peachtree Complete Accounting 2006
Privacy SafeGuard version 1.1
QBFC3.0
Qwiklinx
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923789)
Sentinel Protection Installer 7.6.5
SigmaTel Audio
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2718704)
Vinyl Express LXi1
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/6/2012 12:12:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.New Signature Version: Previous Signature Version: 1.135.390.0Update Source: Microsoft Update ServerUpdate Stage: SearchSource Path: Default URLSignature Type: AntiVirusUpdate Type: FullUser: NT AUTHORITY\SYSTEMCurrent Engine Version: Previous Engine Version: 1.1.8704.0Error code: 0x80070424Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================