Solved Smart Defragmenter, et al- Mbam log - Can Bobbye or someone help?

Status
Not open for further replies.
M

mb2cotter

Posts: 49   +0
I managed to get a bunch of viruses on my PC, including a Google redirect virus and Smart Defragmenter. I used Norton to clean off a bunch of them, but I still had Smart Defragmenter and wasn't sure if there was still some other stuff.

I saw this post (https://www.techspot.com/vb/topic155794.html) with a response by Bobbye that I followed to deal with Smart Defragmenter. I downloaded Rkill, exeHelper and Malwarebytes and transferred them to my PC with a USB stick since internet exploerer wasn't working. Malwarebytes said it found 12 items and I followed the directions to remove them and then restarted the PC. After reboot, the desktop icons installed by the Smart Defrag virus and the fake warnings were gone. However, internet explorer is still acting weird. I don't know if there's still some viruses left over.

Attached is the mbam log.

Anyone know what I should do next?

Thanks for the help.
 

Attachments

  • mbam-log-2010-10-30 (21-57-59).txt
    2.4 KB · Views: 2
Okily dokily. I was just trying internet explorer and checking my internet connection on the PC (my laptop is connected via WiFi to the smae router my PC is hooked up to via cable) and In got the blue screen of death.

I guess I'll leave the blue screen up to taunt me until I get some advice on what to do next.

Thanks.
 
Welcome to TechSpot. While some removals may have standard directions, help to given to the person who started the thread. It is meant for that person-only-and should not be followed by anyone else.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply . You don't need to rerun Mbam again.

It also might help you to go to the Event Viewer and see if there is any Error that corresponds to the time you got the BSOD> Errors
Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES
  • You can ignore Warnings and Information Events.
  • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
  • You don't need to include the lines of code in the box below the Description, if any.
  • Please do not copy the entire Event log.
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Thanks for the info. So, my blue screen is still up. Should I restart in safe mode or just a regular start up?
 
I attached the mbam log above. Here's the GMER log:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-31 16:23:03
Windows 5.1.2600 Service Pack 3
Running: qxhi09iu.exe; Driver: C:\DOCUME~1\Mike\LOCALS~1\Temp\uftdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 8997EB18 ZwAlertResumeThread
SSDT 898BF3B8 ZwAlertThread
SSDT 89953D10 ZwAllocateVirtualMemory
SSDT 8986DAD8 ZwAssignProcessToJobObject
SSDT 89AE8D80 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xACC1D720]
SSDT 89A3C520 ZwCreateMutant
SSDT 89829D98 ZwCreateSymbolicLinkObject
SSDT 899C9468 ZwCreateThread
SSDT 89896AB8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xACC1D9A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xACC1DF00]
SSDT 89C4C758 ZwDuplicateObject
SSDT 8994B360 ZwFreeVirtualMemory
SSDT 898A6CE8 ZwImpersonateAnonymousToken
SSDT 898A6DA8 ZwImpersonateThread
SSDT 8982D108 ZwLoadDriver
SSDT 8995BAE8 ZwMapViewOfSection
SSDT 89984328 ZwOpenEvent
SSDT 89C18B60 ZwOpenProcess
SSDT 89992508 ZwOpenProcessToken
SSDT 8989FBD0 ZwOpenSection
SSDT 89A268A0 ZwOpenThread
SSDT 898283A8 ZwProtectVirtualMemory
SSDT 8986AA00 ZwResumeThread
SSDT 895E2268 ZwSetContextThread
SSDT 8997CF38 ZwSetInformationProcess
SSDT 8989A600 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xACC1E150]
SSDT 8987BAB8 ZwSuspendProcess
SSDT 89ABC248 ZwSuspendThread
SSDT 8990C3B8 ZwTerminateProcess
SSDT 89A4F468 ZwTerminateThread
SSDT 898FA970 ZwUnmapViewOfSection
SSDT 8990D360 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 4 Bytes CALL C0D9D055
.text ntkrnlpa.exe!ZwCallbackReturn + 2D94 80504630 4 Bytes CALL 9CD9DBEF
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xAF78D360, 0x20FDBD, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
 
Here's DDS.log:

DDS (Ver_10-10-31.01) - NTFSx86
Run by Mike at 16:37:37.39 on Sun 10/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1396 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MozyHome\mozystat.exe
svchost.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prime95\prime95.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Actiontec\BroadBand\gwconfig.exe
C:\WINDOWS\system32\wscntfy.exe
J:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [Start WingMan Profiler]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: mylabbill.com\www
Trusted Zone: remititonline.com
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n035p/EN/install/gtdownlr.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/29.51/uploader2.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.21.13/ttinst.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {69C47182-A893-484C-B37A-A189215F0D6E} = 205.171.3.65,205.171.2.65
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-10-30 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-10-30 666672]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101001.001\BHDrvx86.sys [2010-8-31 692272]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-10-30 134704]
R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2010-2-10 2100544]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-10-30 126904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-15 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-30 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101028.001\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101030.003\naveng.sys [2010-10-30 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101030.003\navex15.sys [2010-10-30 1371184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2007-7-13 29522]
S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2006-12-28 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2006-12-28 44928]

=============== Created Last 30 ================

2010-10-31 03:39:33 -------- d-----w- c:\docume~1\mike\applic~1\Malwarebytes
2010-10-31 03:39:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 03:39:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 03:39:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 03:39:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-30 22:49:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-30 22:49:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-30 22:49:37 -------- d-----w- c:\program files\Symantec
2010-10-30 22:49:37 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-30 22:49:22 369072 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdi.sys
2010-10-30 22:49:22 331312 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys
2010-10-30 22:49:22 294448 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symnets.sys
2010-10-30 22:49:21 666672 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys
2010-10-30 22:49:21 50096 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtspx.sys
2010-10-30 22:49:21 489008 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtsp.sys
2010-10-30 22:49:21 339504 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymDS.sys
2010-10-30 22:49:21 134704 ----a-r- c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys
2010-10-30 22:48:59 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025
2010-10-30 22:48:59 -------- d-----w- c:\windows\system32\drivers\NAV
2010-10-30 22:48:58 -------- d-----w- c:\program files\Norton AntiVirus
2010-10-30 22:14:18 -------- d-----w- c:\program files\NortonInstaller
2010-10-30 22:14:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-10-30 21:07:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-10-28 14:42:52 16896 ----a-w- c:\windows\system32\grwinsthlp.exe
2010-10-28 01:53:44 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-28 01:53:44 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-28 01:53:44 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-28 01:52:13 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-08 02:48:33 -------- d-----w- C:\Laptop files
2010-10-02 00:06:25 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-09-26 01:43:03 60416 ----a-w- c:\windows\system32\rbap350.dll
2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 16:38:57.32 ===============
 
Here's the attach.txt log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-31.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/21/2006 6:19:41 PM
System Uptime: 10/31/2010 4:24:56 PM (0 hours ago)

Motherboard: Dell Inc. | | 0FJ030
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 181.94 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Generic Flash Disk USB Device
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\3147928453A18069D534&0
Manufacturer: (Standard disk drives)
Name: Generic Flash Disk USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_FLASH_DISK&REV_8.07\3147928453A18069D534&0
Service:

==== System Restore Points ===================

RP1241: 8/2/2010 12:14:01 AM - System Checkpoint
RP1242: 8/3/2010 1:14:02 AM - System Checkpoint
RP1243: 8/4/2010 2:14:03 AM - System Checkpoint
RP1244: 8/5/2010 3:14:03 AM - System Checkpoint
RP1245: 8/6/2010 4:14:04 AM - System Checkpoint
RP1246: 8/7/2010 5:14:04 AM - System Checkpoint
RP1247: 8/8/2010 5:22:44 AM - System Checkpoint
RP1248: 8/9/2010 6:22:32 AM - System Checkpoint
RP1249: 8/10/2010 7:22:27 AM - System Checkpoint
RP1250: 8/11/2010 8:22:23 AM - System Checkpoint
RP1251: 8/12/2010 9:31:53 AM - System Checkpoint
RP1252: 8/13/2010 9:59:57 AM - System Checkpoint
RP1253: 8/14/2010 10:24:09 AM - System Checkpoint
RP1254: 8/15/2010 11:22:06 AM - System Checkpoint
RP1255: 8/16/2010 12:22:07 PM - System Checkpoint
RP1256: 8/17/2010 12:27:04 PM - System Checkpoint
RP1257: 8/19/2010 8:18:33 AM - System Checkpoint
RP1258: 8/20/2010 8:35:38 AM - System Checkpoint
RP1259: 8/21/2010 9:35:25 AM - System Checkpoint
RP1260: 8/22/2010 11:03:52 AM - System Checkpoint
RP1261: 8/23/2010 11:20:57 AM - System Checkpoint
RP1262: 8/24/2010 12:15:33 PM - System Checkpoint
RP1263: 8/25/2010 1:15:33 PM - System Checkpoint
RP1264: 8/26/2010 1:56:12 PM - System Checkpoint
RP1265: 8/27/2010 2:34:34 PM - System Checkpoint
RP1266: 8/28/2010 3:24:07 PM - System Checkpoint
RP1267: 8/29/2010 3:31:22 PM - System Checkpoint
RP1268: 8/30/2010 4:22:30 PM - System Checkpoint
RP1269: 8/31/2010 4:31:16 PM - System Checkpoint
RP1270: 9/1/2010 4:47:36 PM - System Checkpoint
RP1271: 9/2/2010 5:23:46 PM - System Checkpoint
RP1272: 9/3/2010 5:34:58 PM - System Checkpoint
RP1273: 9/4/2010 6:53:19 PM - System Checkpoint
RP1274: 9/5/2010 7:48:35 PM - System Checkpoint
RP1275: 9/6/2010 7:59:57 PM - System Checkpoint
RP1276: 9/7/2010 8:23:19 PM - System Checkpoint
RP1277: 9/8/2010 8:55:45 PM - System Checkpoint
RP1278: 9/9/2010 9:24:54 PM - System Checkpoint
RP1279: 9/10/2010 9:50:53 PM - System Checkpoint
RP1280: 9/11/2010 10:50:47 PM - System Checkpoint
RP1281: 9/13/2010 7:26:06 AM - System Checkpoint
RP1282: 9/14/2010 8:56:34 AM - System Checkpoint
RP1283: 9/15/2010 9:02:42 AM - System Checkpoint
RP1284: 9/16/2010 9:28:16 AM - System Checkpoint
RP1285: 9/16/2010 11:00:53 AM - Software Distribution Service 3.0
RP1286: 9/17/2010 11:16:06 AM - System Checkpoint
RP1287: 9/17/2010 8:40:07 PM - Software Distribution Service 3.0
RP1288: 9/18/2010 9:44:56 PM - System Checkpoint
RP1289: 9/19/2010 10:41:54 PM - System Checkpoint
RP1290: 9/21/2010 7:10:59 AM - System Checkpoint
RP1291: 9/22/2010 7:15:50 AM - System Checkpoint
RP1292: 9/23/2010 7:40:09 AM - System Checkpoint
RP1293: 9/24/2010 9:08:19 AM - System Checkpoint
RP1294: 9/25/2010 9:21:15 AM - System Checkpoint
RP1295: 9/26/2010 10:27:22 AM - System Checkpoint
RP1296: 9/27/2010 11:55:27 AM - System Checkpoint
RP1297: 9/28/2010 12:25:30 PM - System Checkpoint
RP1298: 9/29/2010 12:52:22 PM - System Checkpoint
RP1299: 9/30/2010 1:11:39 PM - System Checkpoint
RP1300: 10/1/2010 2:06:32 PM - System Checkpoint
RP1301: 10/2/2010 3:45:31 PM - System Checkpoint
RP1302: 10/3/2010 4:06:28 PM - System Checkpoint
RP1303: 10/4/2010 5:06:28 PM - System Checkpoint
RP1304: 10/5/2010 5:51:51 PM - System Checkpoint
RP1305: 10/6/2010 6:24:24 PM - System Checkpoint
RP1306: 10/7/2010 6:49:32 PM - System Checkpoint
RP1307: 10/7/2010 9:20:39 PM - Installed Microsoft Fix it 50393
RP1308: 10/8/2010 9:28:19 PM - System Checkpoint
RP1309: 10/9/2010 9:42:00 PM - System Checkpoint
RP1310: 10/11/2010 8:03:29 AM - System Checkpoint
RP1311: 10/12/2010 10:27:34 AM - System Checkpoint
RP1312: 10/13/2010 11:27:44 AM - System Checkpoint
RP1313: 10/14/2010 12:27:12 PM - System Checkpoint
RP1314: 10/15/2010 12:32:34 PM - System Checkpoint
RP1315: 10/16/2010 12:52:02 PM - System Checkpoint
RP1316: 10/17/2010 12:52:25 PM - System Checkpoint
RP1317: 10/18/2010 1:50:29 PM - System Checkpoint
RP1318: 10/19/2010 2:30:44 PM - System Checkpoint
RP1319: 10/20/2010 2:35:11 PM - System Checkpoint
RP1320: 10/21/2010 2:48:04 PM - System Checkpoint
RP1321: 10/22/2010 3:37:09 PM - System Checkpoint
RP1322: 10/23/2010 3:54:24 PM - System Checkpoint
RP1323: 10/24/2010 4:29:19 PM - System Checkpoint
RP1324: 10/25/2010 5:29:09 PM - System Checkpoint
RP1325: 10/26/2010 7:44:39 PM - System Checkpoint
RP1326: 10/27/2010 8:53:33 PM - System Checkpoint
RP1327: 10/28/2010 12:37:57 PM - Software Distribution Service 3.0
RP1328: 10/30/2010 3:08:41 PM - Software Distribution Service 3.0

==== Installed Programs ======================


913D Camera
Actiontec Gateway/Router
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 6.0.1
Adobe Shockwave Player
Adobe SVG Viewer
America Online (Choose which version to remove)
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
Atomic Clock Sync
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2
Canon i960
Canon Utilities Easy-PhotoPrint
Chessmaster 8000
Compatibility Pack for the 2007 Office system
CompuServe 3.0.1
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Diner Dash
Disney Pirates of the Caribbean Online
Documentation & Support Launcher
Drivers Install For Linksys Easylink Advisor
DVD Shrink 3.2
EarthLink setup files
EducateU
ELIcon
ESPNMotion
FileZilla (remove only)
Final Drive Nitro
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Helix Xiph Plugins 0.7
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp photosmart P1000 series
Image Transfer
ImageMixer for Sony
Intel Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™
Internet Service Offers Launcher
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Keyspan USB Serial Adapter
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
LG USB Drivers
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fighter Ace II
Microsoft Flight Simulator 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Modem Helper
Move Networks Media Player for Internet Explorer
Move Networks Player for Internet Explorer
MozyHome Remote Backup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nancy Drew: Message in a Haunted Mansion
Nero 7 Essentials
neroxml
Net Nanny Parental Controls
NetWaiting
NetZeroInstallers
Norton AntiVirus
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
oggcodecs 0.71.0946
OLYMPUS CAMEDIA Master 2.5
Otto
Picasa 2
Polar Bowler
Polar Golfer
Prime95
Quick Hit - Football
Quicken 2008
QuickTime
RealPlayer
RegiStax 5.1
RegiStax Version 4
Roll
RollerCoaster Tycoon 3 Demo
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RPADLL
SCRABBLE
Search Assist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SkyMap Pro 11
Skype Toolbars
Skype™ 4.2
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony USB Driver
Spider-Man Photo Lab
TurboTax 2008
TurboTax 2008 wcoiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcoiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Weather Display 10.37N
Weather Display Live 5.01
WeatherLink 5.7
WebCyberCoach 3.2 Dell
WebFldrs XP
WexTech AnswerWorks
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WingMan Software
WordPerfect Office 12
Yahoo! Browser Services
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Intel® Quick Resume Technology Drivers service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
10/31/2010 12:29:03 PM, error: Service Control Manager [7031] - The ContentWatch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/31/2010 12:29:03 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/30/2010 6:54:34 PM, error: Service Control Manager [7034] - The Prime95 Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 10:33:51 PM, error: Service Control Manager [7022] - The Intel® Quick Resume Technology Drivers service hung on starting.
10/28/2010 3:59:14 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000f1d, parameter2 00000002, parameter3 00000000, parameter4 a8e0fd9c.
10/28/2010 3:59:10 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000f1d, parameter2 00000002, parameter3 00000000, parameter4 a94ded9c.
10/28/2010 3:59:01 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000f1d, parameter2 00000002, parameter3 00000000, parameter4 a6f0dd9c.
10/28/2010 3:57:58 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 a70322d0.

==== End Of File ===========================
 
I wasn't exactly sure of the time the BSOD appeared, but I think these were from around then:

System Log:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date: 10/30/2010
Time: 10:33:51 PM
User: N/A
Computer: COTTER
Description:
The Intel® Quick Resume Technology Drivers service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Application Log:

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 10/30/2010
Time: 10:28:09 PM
User: N/A
Computer: COTTER
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module msonsext.dll, version 11.0.5510.0, fault address 0x000534d5.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512
0030: 69 6e 20 6d 73 6f 6e 73 in msons
0038: 65 78 74 2e 64 6c 6c 20 ext.dll
0040: 31 31 2e 30 2e 35 35 31 11.0.551
0048: 30 2e 30 20 61 74 20 6f 0.0 at o
0050: 66 66 73 65 74 20 30 30 ffset 00
0058: 30 35 33 34 64 35 0d 0a 0534d5..
 
Lovely. I didn't know that was possible.

Is there anything I can do for that?

Thanks for the help. I appreciate it.
 
If you're referring to my network message, that was more a reminder for me. I did a cross-ref for Broni also. Since two different people are working on 2 different systems at the same time, possibly for the same problem, if these systems are networked and/or a USB has been used between the computers, then both Broni and I need to be aware.

When you rebooted the computer, did the BSOD come up again or was it just that once. There's no sense in chasing the Events if it's gone!
 
Here's the log that I attached in the first post. I believe I've posted all of the logs that you requested:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5004

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/30/2010 9:57:59 PM
mbam-log-2010-10-30 (21-57-59).txt

Scan type: Quick scan
Objects scanned: 157752
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsp2up.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Documents and Settings\Mike\Application Data\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Cowabanga (Adware.PurityScan) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Mike\Local Settings\Temp\winsp2up.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Cowabanga\Cowabanga.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Cowabanga\License.txt (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Cowabanga\uninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\winsp2upd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\0.9515272974060676.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
 
Please run the following scans:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===================================
And there will most likely be Registry entries related to the Adware.PurityScan I need to remove, so
please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

I thought I had already put these in for you to run- sorry, don't know where they went!
 
This thing is messed up.

I thought my internet connection on that computer was screwed up (IE hadn't worked ever since the viruses showed up) so I ran combofix first, not realizing that it would try to connect to the internet. However, it successfully updated and downloaded the Recovery Center. Therefore, it's only Internet Explorer that still does not allow me to access the internet, so I can't run ESET.

When I type in a URL, IE turns the URL into this long URL, which continues to grow every time it refreshes, which it keeps doing automatically:
http://www.google.com/hws/dell-usuk...hannel=us&s=http://www.eset.eu/online-scanner


I ran combofix and my computer froze the first time.
The second time I got BSOD after at least 5 stages.
I tried a 3rd time and got BSOD again.

This is the error message from eventvwr that i got from the first BSOD:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 11/3/2010
Time: 9:05:43 PM
User: N/A
Computer: COTTER
Description:
The Prime95 Service service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


After that error, I uninstalled Prime95 (a program I've had for years on multiple computers). This is the error message from eventvwr that I got from the second BSOD, after I uninstalled Prime95:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 11/3/2010
Time: 9:27:15 PM
User: N/A
Computer: COTTER
Description:
The Prime95 Service service failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

The force is strong with this virus.
 
Before you do the following in Combofix:
[4]. Double click combofix.exe & follow the prompts to run.
Right click on the combofix.exe file> Rename> change file name to cotterfix.exe
Then try the scan again.

As for the IE problem, IE can be reset.

About Prime95: Some PC users and overclockers use it as a stability testing utility. It includes a "Torture Test" mode designed specifically for testing PC subsystems for errors in order to help ensure the correct operation of Prime95 on that system, which effectively stress-tests a PC..

You do not need this running now. It sounds like you uninstalled it, but the entry remained on the Startup menu. So you need to uncheck it there. I don't know what cause the initial BSOD but there is only one Error Event for Prime35, on date 10/30/2010 6:54:34 PM. One BSOD is not enough to require an uninstall. Please don't do anything else unless I instruct you to.
 
I'll do the combofix change when I get home tonight.

I should have mentioned that I looked in the startup menu (I believe you're talking about the programs listed under msconfig) to uncheck Prime95, but it was not listed there. There were a couple of boxes that were checked that had no program or other info listed next to them, so I left them alone.
 
I used autoruns and found Prime95. I unchecked it. I renamed combofix as you instructed. I turned off Norton Antivirus. I ran the renamed combofix and . . . got BSOD.

I went to eventvwr and there was no Error listed anywhere for today.

I rebooted the computer and tried again. Same thing - BSOD. I rebooted and went to eventvwr and there still was no error listed.

Any ideas?

Thanks for the help.
 
I am not very familiar with overclocking. But in view of the following from Wiki, I would suggest you back off of the overclocking:
Moreover, a large proportion of system overclockers and enthusiasts favor Prime95 over other benchmarking suites because Prime95 pushes the CPU's floating point units extremely hard, causing the CPU to become extremely hot..

Do you see any entry for GIMPS on the Startup menu? IF so, uncheck that.

Let's remove the cleaning tools as I don't think this is a malware issue now:
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

I'd like you to start a new thread in the Overclocking, Cooling and Modding forum HERE.

Mention that you have been here for help, but the BSODs continue, possibly related to Prime 95. there will be members more familiar with the overclocking there. If you still have issues that you think are malware related after resolving the BSOD, come back here and see if you can get Combofix to run.
 
Hi Bobbye. Route 44 told me to post the following back over here. Any advice? I did the uninstall of combofix before I posted over there.

Route 44:
Two drivers were cited as the probable cause for your BSODs:

1) catchme.sys which is a legitimate rootkit detection driver and is part of Combofix.

2) mbr.sys driver which is related to the MBR rootkit detection software

Catchme.sys is a legitimate rootkit detection tool used by several programs, including ComboFix. It is not malware, and will not cause you any harm if you leave it on your PC. Having said that, it's also not especially useful to you if you PC is clean, and will really only sit around taking up space, there's no need to keep it. Feel free to delete it if you wish, but know that it is not malware so you need not be concerned.

However, it is coming up as one of the causes of your system crashes. Post back to your thread with Bobbye and report that Route44 read the five latest minidumps and these two drivers were cited as probable cause. Then we'll take it from there after any advice/insight is given.
 
Hey, isn't teamwork great! Thank you Route 66> for covering my lack of insight into minidumps!

Please download MBR Rootkit Detector and save it on your desktop.
  • Pause/Stop all antivirus/spyware active protection.
  • Then double click on mbr.exe to run it.
  • Select Run when you receive a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.
============================
 
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST325082 rev.3.AD -> \Device\Ide\IAAStorageDevice-0

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
 
Status
Not open for further replies.

Similar threads

IIEleven11
  • Locked
Inactive-A Help with FRST Log Please
2
Replies
27
Views
6K
Broni
Broni
S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S
ravisunny2
Solved Need help with possible infection
Replies
11
Views
3K
Broni
Broni

Latest posts

Back