TR/Rootkit.Gen2

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
I have/had this virus on my computer. It initially blocked me from doing just about anything on my computer. I was able to start computer in Safe Mode and ran Spybot Search and Destroy. That seemed to remove some of the virus, but not all. On next start up, Spybot was immediately running and seemed to remove some more of the virus. I was then able to run Avira which did find 10+ infected files but says they have since been removed to quarantine. I have run pcsafedoctor and it found a Trojan PE_Patch. No other programs found this. Not sure if this is related to the Rootkit.Gen2 or something completely diffreent. I cannot turn on automatic updates on the computer so one of these trojans or virus is still on the machine. How can I get the computer clean and then also be able to turn back on automatic updates?

Here is my computer info:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) D CPU 3.00GHz, x86 Family 15 Model 4 Stepping 4
Processor Count: 2
RAM: 1022 Mb
Graphics Card: RADEON X300 Series, 128 Mb
Hard Drives: C: Total - 300795 MB, Free - 224279 MB; G: Total - 1907725 MB, Free - 1783900 MB;
Motherboard: Dell Inc., 0X8582
Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled

Running windows XP.
 
Joined
Aug 9, 2007
Messages
686
Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
Thank you so much for helping me. Here is the information you requested.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/25/2009 1:09:08 PM
System Uptime: 12/18/2011 1:43:46 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0X8582
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 294 GiB total, 218.797 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 1863 GiB total, 1742.09 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
Service: ati2mtag
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP771: 9/20/2011 12:11:12 PM - System Checkpoint
RP772: 9/21/2011 2:20:27 PM - System Checkpoint
RP773: 9/22/2011 2:23:45 PM - System Checkpoint
RP774: 9/23/2011 2:23:51 PM - System Checkpoint
RP775: 9/24/2011 2:31:06 PM - System Checkpoint
RP776: 9/25/2011 3:31:08 PM - System Checkpoint
RP777: 9/26/2011 3:41:00 PM - System Checkpoint
RP778: 9/27/2011 4:12:41 PM - System Checkpoint
RP779: 9/28/2011 5:14:37 PM - System Checkpoint
RP780: 9/28/2011 11:56:44 PM - Software Distribution Service 3.0
RP781: 9/30/2011 10:50:45 AM - System Checkpoint
RP782: 10/1/2011 10:51:46 AM - System Checkpoint
RP783: 10/2/2011 11:22:17 AM - System Checkpoint
RP784: 10/3/2011 12:11:49 PM - System Checkpoint
RP785: 10/4/2011 1:15:48 PM - System Checkpoint
RP786: 10/5/2011 1:21:47 PM - System Checkpoint
RP787: 10/6/2011 1:29:45 PM - System Checkpoint
RP788: 10/7/2011 2:07:10 PM - System Checkpoint
RP789: 10/8/2011 2:39:33 PM - System Checkpoint
RP790: 10/9/2011 2:44:30 PM - System Checkpoint
RP791: 10/10/2011 4:12:48 PM - System Checkpoint
RP792: 10/11/2011 5:39:46 PM - System Checkpoint
RP793: 10/12/2011 5:59:49 PM - System Checkpoint
RP794: 10/13/2011 3:00:17 AM - Software Distribution Service 3.0
RP795: 10/14/2011 1:25:12 PM - System Checkpoint
RP796: 10/15/2011 3:17:17 PM - System Checkpoint
RP797: 10/16/2011 3:36:30 PM - System Checkpoint
RP798: 10/17/2011 3:49:19 PM - System Checkpoint
RP799: 10/18/2011 5:03:07 PM - System Checkpoint
RP800: 10/19/2011 6:02:58 PM - System Checkpoint
RP801: 10/20/2011 8:08:19 PM - System Checkpoint
RP802: 10/21/2011 8:41:37 PM - System Checkpoint
RP803: 10/22/2011 9:39:36 PM - System Checkpoint
RP804: 10/23/2011 10:17:15 PM - System Checkpoint
RP805: 10/25/2011 8:05:23 AM - System Checkpoint
RP806: 10/26/2011 9:24:53 AM - System Checkpoint
RP807: 10/27/2011 10:02:17 AM - System Checkpoint
RP808: 10/28/2011 10:30:20 AM - System Checkpoint
RP809: 10/29/2011 10:53:00 AM - System Checkpoint
RP810: 10/30/2011 11:15:32 AM - System Checkpoint
RP811: 10/31/2011 11:51:02 AM - System Checkpoint
RP812: 11/1/2011 11:59:46 AM - System Checkpoint
RP813: 11/2/2011 1:02:52 PM - System Checkpoint
RP814: 11/3/2011 1:30:19 PM - System Checkpoint
RP815: 11/4/2011 2:03:34 PM - System Checkpoint
RP816: 11/5/2011 2:23:50 PM - System Checkpoint
RP817: 11/6/2011 1:29:05 PM - System Checkpoint
RP818: 11/7/2011 2:24:20 PM - System Checkpoint
RP819: 11/8/2011 5:09:53 PM - System Checkpoint
RP820: 11/9/2011 5:11:59 PM - System Checkpoint
RP821: 11/9/2011 11:03:31 PM - Software Distribution Service 3.0
RP822: 11/11/2011 11:46:42 AM - System Checkpoint
RP823: 11/11/2011 11:06:03 PM - Software Distribution Service 3.0
RP824: 11/13/2011 9:27:05 AM - System Checkpoint
RP825: 11/14/2011 9:27:25 AM - System Checkpoint
RP826: 11/15/2011 9:38:22 AM - System Checkpoint
RP827: 11/16/2011 10:36:00 AM - System Checkpoint
RP828: 11/17/2011 10:39:36 AM - System Checkpoint
RP829: 11/18/2011 11:27:56 AM - System Checkpoint
RP830: 11/19/2011 11:45:51 AM - System Checkpoint
RP831: 1/19/2011 4:04:20 PM - System Checkpoint
RP832: 11/20/2011 1:00:15 PM - System Checkpoint
RP833: 11/21/2011 1:06:44 PM - System Checkpoint
RP834: 11/22/2011 2:05:23 PM - System Checkpoint
RP835: 11/23/2011 2:34:20 PM - System Checkpoint
RP836: 11/24/2011 8:31:27 PM - System Checkpoint
RP837: 11/25/2011 9:05:59 PM - System Checkpoint
RP838: 11/27/2011 8:56:12 AM - System Checkpoint
RP839: 11/28/2011 1:42:52 PM - System Checkpoint
RP840: 11/29/2011 2:02:37 PM - System Checkpoint
RP841: 11/30/2011 3:06:52 PM - System Checkpoint
RP842: 12/1/2011 3:26:50 PM - System Checkpoint
RP843: 12/2/2011 3:42:33 PM - System Checkpoint
RP844: 12/3/2011 4:10:01 PM - System Checkpoint
RP845: 12/4/2011 4:31:49 PM - System Checkpoint
RP846: 12/5/2011 4:39:25 PM - System Checkpoint
RP847: 12/6/2011 5:35:53 PM - System Checkpoint
RP848: 12/7/2011 6:20:04 PM - System Checkpoint
RP849: 12/7/2011 10:15:40 PM - RegClean Pro Wed, Dec 07, 11 22:15
RP850: 12/8/2011 10:31:14 PM - System Checkpoint
RP851: 12/9/2011 11:09:59 PM - System Checkpoint
RP852: 12/10/2011 11:08:34 AM - Restore Operation
RP853: 12/10/2011 3:47:18 PM - System Checkpoint
RP854: 12/10/2011 4:31:13 PM - Restore Operation
RP855: 12/11/2011 8:01:54 PM - System Checkpoint
RP856: 12/12/2011 9:37:24 AM - FiOS Installation
RP857: 12/12/2011 12:46:31 PM - Restore Operation
RP858: 12/12/2011 4:27:27 PM - Installed Vz In Home Agent.
RP859: 12/13/2011 5:22:58 PM - System Checkpoint
RP860: 12/14/2011 7:08:49 PM - System Checkpoint
RP861: 12/15/2011 7:18:31 PM - System Checkpoint
RP862: 12/16/2011 7:44:10 PM - System Checkpoint
RP863: 12/17/2011 7:57:22 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4 Elements
4500_Help
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Autodesk DWF Viewer
Avira AntiVir Personal - Free Antivirus
Bing Bar
BlackBerry® Media Sync
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Burn4Free CD & DVD 5.1.0.0
C309a
Carbonite
CDBurnerXP
Clone Wars
Coupon Printer for Windows
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DiscAPI
DocMgr
DocProc
DVD Shrink 3.2
DVDFab 8.0.8.5 (19/03/2011)
EPSON Printer Software
EPSON Scan
Fax
Google Earth Plug-in
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 1.0
HP Imaging Device Functions 12.0
HP Officejet J4500 Series
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IHA_MessageCenter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
iTunes
J4500
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
KODAK Gallery Upload Software
LightScribe 1.4.142.1
Logitech Vid
Logitech Webcam Software
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft Streets and Trips 2005
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Word 2000
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Network
OCR Software by I.R.I.S. 12.0
OpenOffice.org 3.3
OverDrive Media Console
Panda ActiveScan 2.0
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
ProductContext
PS_AIO_05_C309_Software_Min
QuickTime
RAPID
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SecurityScan
Shop for HP Supplies
Skype™ 5.5
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Studio 10
Studio 10 Bonus DVD
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/12/2011 2:15:35 PM, error: VolSnap [20] - The shadow copy of volume C: was aborted because of a failed free space computation.
12/12/2011 12:56:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
12/11/2011 8:39:09 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
12/11/2011 8:38:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/11/2011 7:22:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
Here is the dds.txt info:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by John Meyer at 13:51:40 on 2011-12-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.151 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\McAfee Security Scan\2.1.119\SSScheduler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {597A9974-8CB0-4f41-B61F-ED065738A397} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [MaxMySpeed Registry Cleaner] c:\program files\cyberdefender\registry scanner\CDregclean.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\securi~1.lnk - c:\program files\mcafee security scan\2.1.119\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.nassaucountyny.gov/mynassauproperty/autodesk/DwfViewerSetup.exe
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0C29D8E-305B-4B32-988D-DAD2DF869FC2} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-12-10 28552]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-1 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-30 66616]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-23 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.119\McCHSvc.exe [2010-3-8 227232]
S3 RkHit;RkHit;c:\windows\system32\drivers\RKHit.sys [2011-12-11 34736]
.
=============== Created Last 30 ================
.
2011-12-16 16:12:40 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-12-16 16:12:35 -------- d-----w- c:\program files\Autodesk
2011-12-16 02:47:22 -------- d-----w- c:\program files\iPod
2011-12-16 02:47:07 -------- d-----w- c:\program files\iTunes
2011-12-12 21:10:29 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-12 21:10:21 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-12 17:55:33 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-12-12 17:55:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 15:34:27 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-12 15:34:27 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-12 15:34:06 -------- d-----w- c:\program files\Verizon
2011-12-12 14:37:10 -------- d-----w- c:\documents and settings\john meyer\application data\TechWizard
2011-12-12 03:33:57 34736 ----a-w- c:\windows\system32\drivers\RKHit.sys
2011-12-12 03:33:56 -------- d-----w- c:\program files\PCSafeDoctor
2011-12-11 01:37:43 328192 ----a-w- c:\documents and settings\john meyer\local settings\application data\cfe.exe
2011-12-11 01:08:54 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-12-10 21:55:28 -------- d-----w- c:\program files\Panda Security
2011-12-08 03:31:34 -------- d-----w- c:\program files\RegZooka
2011-12-08 03:27:47 2424 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-08 03:10:03 -------- d-----w- c:\documents and settings\john meyer\application data\Systweak
2011-12-08 03:09:52 -------- d-----w- c:\documents and settings\john meyer\local settings\application data\RewardsArcade
2011-12-08 03:09:48 17280 ----a-w- c:\windows\system32\roboot.exe
2011-12-08 03:09:48 -------- d-----w- c:\program files\RewardsArcade
.
==================== Find3M ====================
.
2011-11-16 13:25:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 13:56:09 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 13:53:02.07 ===============
Here is the gmer.log.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-18 20:28:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0.
Running: gmer.exe; Driver: C:\DOCUME~1\JOHNME~1\LOCALS~1\Temp\kwndypod.sys

---- System - GMER 1.0.15 ----
SSDT B25232BC ZwClose
SSDT B2523276 ZwCreateKey
SSDT B25232C6 ZwCreateSection
SSDT B252326C ZwCreateThread
SSDT B252327B ZwDeleteKey
SSDT B2523285 ZwDeleteValueKey
SSDT B25232B7 ZwDuplicateObject
SSDT B252328A ZwLoadKey
SSDT B2523258 ZwOpenProcess
SSDT B252325D ZwOpenThread
SSDT B2523294 ZwReplaceKey
SSDT B252328F ZwRestoreKey
SSDT B25232CB ZwSetContextThread
SSDT B2523280 ZwSetValueKey
SSDT B2523267 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF7825720]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C42F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C42C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01C42CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C42CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Fastfat \Fat A9437D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\[email protected] 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\[email protected] 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\[email protected] 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\[email protected] 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\[email protected] 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\[email protected] 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\[email protected] 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\[email protected] 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\[email protected] 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\[email protected] 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\[email protected] 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\[email protected] 0xFA 0xEA 0x66 0x7F ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB38200$\233085148 0 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\bckfg.tmp 851 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\keywords 325 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\L 0 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\L\iumbaodn 57600 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U 0 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 2048 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 224768 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 12800 bytes
File C:\WINDOWS\$NtUninstallKB38200$\233085148\U\[email protected] 98304 bytes
File C:\WINDOWS\$NtUninstallKB38200$\2870124694 0 bytes
 
Joined
Aug 9, 2007
Messages
686
Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.



Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
ComboFix 11-12-19.01 - John Meyer 12/19/2011 9:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.542 [GMT -5:00]
Running from: c:\documents and settings\John Meyer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\John Meyer\Application Data\inst.exe
c:\documents and settings\John Meyer\Application Data\Start
c:\documents and settings\John Meyer\Application Data\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
c:\documents and settings\John Meyer\GoToAssistDownloadHelper.exe
c:\documents and settings\John Meyer\Local Settings\Application Data\cfe.exe
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
c:\windows\$NtUninstallKB38200$
c:\windows\$NtUninstallKB38200$\233085148\@
c:\windows\$NtUninstallKB38200$\233085148\bckfg.tmp
c:\windows\$NtUninstallKB38200$\233085148\cfg.ini
c:\windows\$NtUninstallKB38200$\233085148\Desktop.ini
c:\windows\$NtUninstallKB38200$\233085148\keywords
c:\windows\$NtUninstallKB38200$\233085148\kwrd.dll
c:\windows\$NtUninstallKB38200$\233085148\L\iumbaodn
c:\windows\$NtUninstallKB38200$\233085148\lsflt7.ver
c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
c:\windows\$NtUninstallKB38200$\233085148\U\[email protected]
c:\windows\$NtUninstallKB38200$\2870124694
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\drivers\RKHit.sys
G:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-16 16:12 . 2011-12-16 16:12 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-12-16 16:12 . 2011-12-16 16:12 -------- d-----w- c:\program files\Autodesk
2011-12-16 02:47 . 2011-12-16 02:47 -------- d-----w- c:\program files\iPod
2011-12-16 02:47 . 2011-12-16 02:48 -------- d-----w- c:\program files\iTunes
2011-12-13 21:12 . 2011-12-13 21:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-12 21:07 . 2011-12-12 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-12-12 17:55 . 2008-04-14 05:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-12-12 17:55 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-12 17:47 . 2011-12-12 17:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 15:34 . 2011-12-12 21:05 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-12 15:34 . 2011-12-12 21:05 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-12 15:34 . 2011-12-12 15:34 -------- d-----w- c:\program files\Verizon
2011-12-12 14:37 . 2011-12-12 15:33 -------- d-----w- c:\documents and settings\John Meyer\Application Data\TechWizard
2011-12-12 03:33 . 2011-12-16 18:09 -------- d-----w- c:\program files\PCSafeDoctor
2011-12-11 01:08 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-12-10 21:55 . 2011-12-10 21:55 -------- d-----w- c:\program files\Panda Security
2011-12-10 20:23 . 2011-12-10 20:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-10 20:17 . 2011-12-10 20:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-10 17:36 . 2011-12-10 17:41 -------- d-----w- c:\documents and settings\Administrator.JOHN-0E3D4B5DE9
2011-12-08 03:31 . 2011-12-08 03:41 -------- d-----w- c:\program files\RegZooka
2011-12-08 03:27 . 2011-12-08 03:44 2424 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-08 03:10 . 2011-12-08 03:30 -------- d-----w- c:\documents and settings\John Meyer\Application Data\Systweak
2011-12-08 03:09 . 2011-12-08 03:09 -------- d-----w- c:\documents and settings\John Meyer\Local Settings\Application Data\RewardsArcade
2011-12-08 03:09 . 2011-11-19 16:52 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-22 16:51 . 2011-11-22 16:51 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 13:25 . 2011-05-21 12:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-10 14:22 . 2009-09-25 17:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 13:56 . 2011-10-02 13:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SecurityScan.lnk - c:\program files\McAfee Security Scan\2.1.119\SSScheduler.exe [2010-3-8 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\BackupData\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/10/2011 8:08 PM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:14 PM 136360]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/28/2011 6:20 PM 286736]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/5/2009 8:09 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2010 8:10 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.119\McCHSvc.exe [3/8/2010 10:39 AM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MaxMySpeed Registry Cleaner - c:\program files\CyberDefender\Registry Scanner\CDregclean.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 09:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-12-19 09:57:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 14:57
.
Pre-Run: 234,801,840,128 bytes free
Post-Run: 235,290,406,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 781406898D047BB163E72BE5DC066470
 
Joined
Aug 9, 2007
Messages
686
Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u30.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • Java(TM) 6 Update 22

    Java(TM) 6 Update 24


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.




Step # 2 Download and Run CCleaner

Download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 24 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • After CCleaner has completed its process, click Exit.




Step # 3 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
Here are the 3 logs you requested:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8399
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/19/2011 5:39:33 PM
mbam-log-2011-12-19 (17-39-33).txt
Scan type: Quick scan
Objects scanned: 196345
Time elapsed: 8 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 14
Files Infected: 39
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\john meyer\local settings\application data\rewardsarcade (PUP.RewardsArcade) -> Delete on reboot.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
c:\documents and settings\john meyer\local settings\application data\rewardsarcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Here is the dds
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by John Meyer at 18:40:15 on 2011-12-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.329 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\McAfee Security Scan\2.1.119\SSScheduler.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\securi~1.lnk - c:\program files\mcafee security scan\2.1.119\SSScheduler.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.nassaucountyny.gov/mynassauproperty/autodesk/DwfViewerSetup.exe
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D0C29D8E-305B-4B32-988D-DAD2DF869FC2} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-11-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-11-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-11-1 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-30 66616]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-10-28 286736]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-19 366152]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-19 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-6-23 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-22 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.119\McCHSvc.exe [2010-3-8 227232]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
.
=============== Created Last 30 ================
.
2011-12-19 22:22:38 -------- d-----w- c:\documents and settings\john meyer\application data\Malwarebytes
2011-12-19 22:22:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-19 22:22:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 22:22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 22:18:15 -------- d-----w- c:\program files\CCleaner
2011-12-19 20:59:56 -------- d-----w- c:\program files\Ask.com
2011-12-19 20:59:55 -------- d-----w- c:\documents and settings\john meyer\local settings\application data\AskToolbar
2011-12-19 20:48:26 -------- d-----w- c:\documents and settings\all users\application data\Ask
2011-12-19 20:47:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-19 14:16:28 -------- d-sha-r- C:\cmdcons
2011-12-19 14:14:42 256000 ----a-w- c:\windows\PEV.exe
2011-12-19 14:14:42 208896 ----a-w- c:\windows\MBR.exe
2011-12-19 14:14:41 98816 ----a-w- c:\windows\sed.exe
2011-12-19 14:14:41 518144 ----a-w- c:\windows\SWREG.exe
2011-12-16 16:12:35 -------- d-----w- c:\program files\Autodesk
2011-12-16 02:47:22 -------- d-----w- c:\program files\iPod
2011-12-16 02:47:07 -------- d-----w- c:\program files\iTunes
2011-12-12 21:10:29 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2011-12-12 21:10:21 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-12 17:55:33 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-12-12 17:55:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-12 17:47:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 15:34:27 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-12 15:34:27 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-12 15:34:06 -------- d-----w- c:\program files\Verizon
2011-12-12 14:37:10 -------- d-----w- c:\documents and settings\john meyer\application data\TechWizard
2011-12-10 21:55:28 -------- d-----w- c:\program files\Panda Security
2011-12-08 03:31:34 -------- d-----w- c:\program files\RegZooka
2011-12-08 03:27:47 2424 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-08 03:10:03 -------- d-----w- c:\documents and settings\john meyer\application data\Systweak
2011-12-08 03:09:48 17280 ----a-w- c:\windows\system32\roboot.exe
.
==================== Find3M ====================
.
2011-12-19 20:47:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 13:25:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 13:56:09 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 18:42:45.87 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/25/2009 1:09:08 PM
System Uptime: 12/19/2011 6:37:45 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0X8582
Processor: Intel(R) Pentium(R) D CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 294 GiB total, 219.124 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 1863 GiB total, 1742.09 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&1A646D2D&0&0108
Service: ati2mtag
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP772: 9/21/2011 2:20:27 PM - System Checkpoint
RP773: 9/22/2011 2:23:45 PM - System Checkpoint
RP774: 9/23/2011 2:23:51 PM - System Checkpoint
RP775: 9/24/2011 2:31:06 PM - System Checkpoint
RP776: 9/25/2011 3:31:08 PM - System Checkpoint
RP777: 9/26/2011 3:41:00 PM - System Checkpoint
RP778: 9/27/2011 4:12:41 PM - System Checkpoint
RP779: 9/28/2011 5:14:37 PM - System Checkpoint
RP780: 9/28/2011 11:56:44 PM - Software Distribution Service 3.0
RP781: 9/30/2011 10:50:45 AM - System Checkpoint
RP782: 10/1/2011 10:51:46 AM - System Checkpoint
RP783: 10/2/2011 11:22:17 AM - System Checkpoint
RP784: 10/3/2011 12:11:49 PM - System Checkpoint
RP785: 10/4/2011 1:15:48 PM - System Checkpoint
RP786: 10/5/2011 1:21:47 PM - System Checkpoint
RP787: 10/6/2011 1:29:45 PM - System Checkpoint
RP788: 10/7/2011 2:07:10 PM - System Checkpoint
RP789: 10/8/2011 2:39:33 PM - System Checkpoint
RP790: 10/9/2011 2:44:30 PM - System Checkpoint
RP791: 10/10/2011 4:12:48 PM - System Checkpoint
RP792: 10/11/2011 5:39:46 PM - System Checkpoint
RP793: 10/12/2011 5:59:49 PM - System Checkpoint
RP794: 10/13/2011 3:00:17 AM - Software Distribution Service 3.0
RP795: 10/14/2011 1:25:12 PM - System Checkpoint
RP796: 10/15/2011 3:17:17 PM - System Checkpoint
RP797: 10/16/2011 3:36:30 PM - System Checkpoint
RP798: 10/17/2011 3:49:19 PM - System Checkpoint
RP799: 10/18/2011 5:03:07 PM - System Checkpoint
RP800: 10/19/2011 6:02:58 PM - System Checkpoint
RP801: 10/20/2011 8:08:19 PM - System Checkpoint
RP802: 10/21/2011 8:41:37 PM - System Checkpoint
RP803: 10/22/2011 9:39:36 PM - System Checkpoint
RP804: 10/23/2011 10:17:15 PM - System Checkpoint
RP805: 10/25/2011 8:05:23 AM - System Checkpoint
RP806: 10/26/2011 9:24:53 AM - System Checkpoint
RP807: 10/27/2011 10:02:17 AM - System Checkpoint
RP808: 10/28/2011 10:30:20 AM - System Checkpoint
RP809: 10/29/2011 10:53:00 AM - System Checkpoint
RP810: 10/30/2011 11:15:32 AM - System Checkpoint
RP811: 10/31/2011 11:51:02 AM - System Checkpoint
RP812: 11/1/2011 11:59:46 AM - System Checkpoint
RP813: 11/2/2011 1:02:52 PM - System Checkpoint
RP814: 11/3/2011 1:30:19 PM - System Checkpoint
RP815: 11/4/2011 2:03:34 PM - System Checkpoint
RP816: 11/5/2011 2:23:50 PM - System Checkpoint
RP817: 11/6/2011 1:29:05 PM - System Checkpoint
RP818: 11/7/2011 2:24:20 PM - System Checkpoint
RP819: 11/8/2011 5:09:53 PM - System Checkpoint
RP820: 11/9/2011 5:11:59 PM - System Checkpoint
RP821: 11/9/2011 11:03:31 PM - Software Distribution Service 3.0
RP822: 11/11/2011 11:46:42 AM - System Checkpoint
RP823: 11/11/2011 11:06:03 PM - Software Distribution Service 3.0
RP824: 11/13/2011 9:27:05 AM - System Checkpoint
RP825: 11/14/2011 9:27:25 AM - System Checkpoint
RP826: 11/15/2011 9:38:22 AM - System Checkpoint
RP827: 11/16/2011 10:36:00 AM - System Checkpoint
RP828: 11/17/2011 10:39:36 AM - System Checkpoint
RP829: 11/18/2011 11:27:56 AM - System Checkpoint
RP830: 11/19/2011 11:45:51 AM - System Checkpoint
RP831: 1/19/2011 4:04:20 PM - System Checkpoint
RP832: 11/20/2011 1:00:15 PM - System Checkpoint
RP833: 11/21/2011 1:06:44 PM - System Checkpoint
RP834: 11/22/2011 2:05:23 PM - System Checkpoint
RP835: 11/23/2011 2:34:20 PM - System Checkpoint
RP836: 11/24/2011 8:31:27 PM - System Checkpoint
RP837: 11/25/2011 9:05:59 PM - System Checkpoint
RP838: 11/27/2011 8:56:12 AM - System Checkpoint
RP839: 11/28/2011 1:42:52 PM - System Checkpoint
RP840: 11/29/2011 2:02:37 PM - System Checkpoint
RP841: 11/30/2011 3:06:52 PM - System Checkpoint
RP842: 12/1/2011 3:26:50 PM - System Checkpoint
RP843: 12/2/2011 3:42:33 PM - System Checkpoint
RP844: 12/3/2011 4:10:01 PM - System Checkpoint
RP845: 12/4/2011 4:31:49 PM - System Checkpoint
RP846: 12/5/2011 4:39:25 PM - System Checkpoint
RP847: 12/6/2011 5:35:53 PM - System Checkpoint
RP848: 12/7/2011 6:20:04 PM - System Checkpoint
RP849: 12/7/2011 10:15:40 PM - RegClean Pro Wed, Dec 07, 11 22:15
RP850: 12/8/2011 10:31:14 PM - System Checkpoint
RP851: 12/9/2011 11:09:59 PM - System Checkpoint
RP852: 12/10/2011 11:08:34 AM - Restore Operation
RP853: 12/10/2011 3:47:18 PM - System Checkpoint
RP854: 12/10/2011 4:31:13 PM - Restore Operation
RP855: 12/11/2011 8:01:54 PM - System Checkpoint
RP856: 12/12/2011 9:37:24 AM - FiOS Installation
RP857: 12/12/2011 12:46:31 PM - Restore Operation
RP858: 12/12/2011 4:27:27 PM - Installed Vz In Home Agent.
RP859: 12/13/2011 5:22:58 PM - System Checkpoint
RP860: 12/14/2011 7:08:49 PM - System Checkpoint
RP861: 12/15/2011 7:18:31 PM - System Checkpoint
RP862: 12/16/2011 7:44:10 PM - System Checkpoint
RP863: 12/17/2011 7:57:22 PM - System Checkpoint
RP864: 12/18/2011 8:07:39 PM - System Checkpoint
RP865: 12/19/2011 3:31:56 PM - Removed Java(TM) 6 Update 22
RP866: 12/19/2011 3:32:54 PM - Removed Java(TM) 6 Update 16
RP867: 12/19/2011 3:47:09 PM - Installed Java(TM) 6 Update 30
RP868: 12/19/2011 3:48:22 PM - Installed Java Runtime Environment
RP869: 12/19/2011 6:30:36 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4 Elements
4500_Help
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Bing Bar
BlackBerry® Media Sync
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Burn4Free CD & DVD 5.1.0.0
C309a
Carbonite
CCleaner
CDBurnerXP
Clone Wars
Coupon Printer for Windows
Creative Audio Console
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DiscAPI
DocMgr
DocProc
DVD Shrink 3.2
DVDFab 8.0.8.5 (19/03/2011)
EPSON Printer Software
EPSON Scan
Fax
Google Earth Plug-in
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 1.0
HP Imaging Device Functions 12.0
HP Officejet J4500 Series
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IHA_MessageCenter
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
iTunes
J4500
Java Auto Updater
Java(TM) 6 Update 30
KODAK Gallery Upload Software
LightScribe 1.4.142.1
Logitech Vid
Logitech Webcam Software
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft Streets and Trips 2005
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Word 2000
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Network
OCR Software by I.R.I.S. 12.0
OpenOffice.org 3.3
OverDrive Media Console
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
ProductContext
PS_AIO_05_C309_Software_Min
QuickTime
RAPID
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SecurityScan
Shop for HP Supplies
Skype™ 5.5
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
Studio 10
Studio 10 Bonus DVD
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vz In Home Agent
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 9:45:49 AM, error: PlugPlayManager [11] - The device Root\LEGACY_RKHIT\0000 disappeared from the system without first being prepared for removal.
12/19/2011 9:14:20 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
12/18/2011 5:47:34 PM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A dynamic link library (DLL) initialization routine failed.
12/12/2011 2:23:37 PM, error: VolSnap [20] - The shadow copy of volume C: was aborted because of a failed free space computation.
12/12/2011 12:56:57 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================
 
Joined
Aug 9, 2007
Messages
686
Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

  • First, go to Add/Remove Programs and uninstall Adobe Reader 9.4.6.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

Note: Adobe Reader X (10.1.1) is a large program and if you prefer a smaller program you can get Foxit 5.1.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 5.1.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



In your next post/reply, I need to see the following:

1. ESET Log
2. How is your computer doing, any problems?
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
My computer has been running OK. Before your help, I was not able to do any Windows updates. That has not been resolved. Here is the eset log.

C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01 Win32/Adware.DriverRobot application
C:\Documents and Settings\John Meyer\Application Data\Sun\Java\Deployment\cache\6.0\61\29ebbdbd-32eba65a Java/Exploit.CVE-2011-3544.H trojan
C:\Documents and Settings\John Meyer\Application Data\Sun\Java\Deployment\cache\6.0\61\4e2557bd-4bced11e a variant of Java/Exploit.CVE-2011-3544.C trojan
C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe Win32/Adware.DriverRobot application
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\9dfafc4-61ca0adb a variant of Java/Exploit.CVE-2011-3544.C trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\5\4c092f05-4b12a9e7 a variant of Java/Exploit.CVE-2011-3544.C trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\684d1fba-4be09b5d a variant of Win32/Kryptik.XBK trojan
C:\Qoobox\Quarantine\C\Documents and Settings\John Meyer\Local Settings\Application Data\cfe.exe.vir a variant of Win32/Kryptik.XBK trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\RKHit.sys.vir Win32/Adware.SpywareCease application
C:\System Volume Information\_restore{84ADBF8E-42F7-4ADB-9AA4-8435EA614D0C}\RP864\A0095410.exe a variant of Win32/Kryptik.XBK trojan
C:\System Volume Information\_restore{84ADBF8E-42F7-4ADB-9AA4-8435EA614D0C}\RP864\A0095415.sys Win32/Adware.SpywareCease application
C:\System Volume Information\_restore{84ADBF8E-42F7-4ADB-9AA4-8435EA614D0C}\RP864\A0095505.dll a variant of Win32/Adware.SpywareCease.AA application
 
Joined
Aug 9, 2007
Messages
686
ESET found some files in the Qoobox folder which is where ComboFix keeps its quarantined files. I'll be having you remove ComboFix in an upcoming post. ESET also found some infected System Restore points. They are harmless where they are. I'll show you how to remove them in an upcoming post.


I was not able to do any Windows updates. That has not been resolved.
When you try to run/turn on Windows Updates, do you get any error messages? And if so, what are they?

Try the following to see if it fixes the problem:

Click Start, select Run
Type: regsvr32 wuaueng.dll
Press OK.


I'd also like for you to do the following as well:



Step # 1 Clear Java's Cache

Click Start > Control Panel

  • Double-click the Java icon in the control panel. (coffeecup icon)
  • Click Settings under Temporary Internet Files.

    -The Temporary Files Settings dialog box appears.

  • Click Delete Files.

    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.

  • Applications and Applets
  • Trace and Log Files

Make sure both are checked

Click OK on Delete Temporary Files window.

-Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.
Close the Java Control Panel



Step # 2 Download and Run OTMoveIt3

Please download OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Files
    C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01
    C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


In your next post/reply, I need to see the following:

1. OTMoveIt3 Log
2. An update on your Windows Update problem.
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
The windows update works fine now. There are no issues with it. I have attached the log you requested. It seems there was a problem with it.

Error: Unable to interpret <C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe> in the current context!

OTM by OldTimer - Version 3.1.19.0 log created on 12202011_160902
 
Joined
Aug 9, 2007
Messages
686
The windows update works fine now.
Great to hear. :) (y)


Let's try removing those files/folders a different way:


Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code:
    KILLALL::
    
    File::
    
    C:\Documents and Settings\John Meyer\My Documents\Downloads\DriverRobot_Setup.exe
    C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01
    
    Folder::
    
    C:\BackupData\Documents and Settings\John Meyer.D6WC0W71\Local Settings\Application Data\Mozilla\Firefox\Profiles\mq29184l.default\Cache\54821E74d01
    
    DDS::
    
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {597A9974-8CB0-4f41-B61F-ED065738A397} - No File
    BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







    Note: This CFScript is for use on nov2897's computer only! Do not use it on your computer.

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
I did what you said. My program froze up and was stuck in the scan mode for hours. It says it should take around 10 minutes. I had to shut down the computer to close the program.
 
Joined
Aug 9, 2007
Messages
686
See if you can find ComboFix.txt in either C:\ComboFix or C:\Qoobox folders.

If you do, post it here in your next post/reply.
 

nov2897

Thread Starter
Joined
Dec 11, 2011
Messages
10
ComboFix 11-12-21.02 - John Meyer 12/21/2011 9:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.409 [GMT -5:00]
Running from: c:\documents and settings\John Meyer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-20 21:09 . 2011-12-20 21:09 -------- d-----w- C:\_OTM
2011-12-19 22:22 . 2011-12-19 22:22 -------- d-----w- c:\documents and settings\John Meyer\Application Data\Malwarebytes
2011-12-19 22:22 . 2011-12-19 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-19 22:22 . 2011-12-19 22:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-19 22:22 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-19 22:18 . 2011-12-19 22:18 -------- d-----w- c:\program files\CCleaner
2011-12-19 20:59 . 2011-12-19 21:00 -------- d-----w- c:\program files\Ask.com
2011-12-19 20:59 . 2011-12-19 22:13 -------- d-----w- c:\documents and settings\John Meyer\Local Settings\Application Data\AskToolbar
2011-12-19 20:48 . 2011-12-19 20:48 -------- d-----w- c:\program files\Common Files\Java
2011-12-19 20:48 . 2011-12-19 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2011-12-19 20:47 . 2011-12-19 20:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-16 16:12 . 2011-12-16 16:12 -------- d-----w- c:\program files\Autodesk
2011-12-16 02:47 . 2011-12-16 02:47 -------- d-----w- c:\program files\iPod
2011-12-16 02:47 . 2011-12-16 02:48 -------- d-----w- c:\program files\iTunes
2011-12-13 21:12 . 2011-12-13 21:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\McAfee
2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-12 21:10 . 2011-12-12 21:10 -------- d-----w- c:\program files\McAfee Security Scan
2011-12-12 21:07 . 2011-12-12 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-12-12 17:55 . 2008-04-14 05:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2011-12-12 17:55 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-12-12 17:47 . 2011-12-12 17:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-12 15:34 . 2011-12-12 21:05 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-12-12 15:34 . 2011-12-12 21:05 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-12-12 15:34 . 2011-12-12 15:34 -------- d-----w- c:\program files\Verizon
2011-12-12 14:37 . 2011-12-12 15:33 -------- d-----w- c:\documents and settings\John Meyer\Application Data\TechWizard
2011-12-10 21:55 . 2011-12-10 21:55 -------- d-----w- c:\program files\Panda Security
2011-12-10 20:23 . 2011-12-10 20:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-10 20:17 . 2011-12-10 20:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-10 17:36 . 2011-12-10 17:41 -------- d-----w- c:\documents and settings\Administrator.JOHN-0E3D4B5DE9
2011-12-08 03:31 . 2011-12-08 03:41 -------- d-----w- c:\program files\RegZooka
2011-12-08 03:27 . 2011-12-08 03:44 2424 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-08 03:10 . 2011-12-08 03:30 -------- d-----w- c:\documents and settings\John Meyer\Application Data\Systweak
2011-12-08 03:09 . 2011-11-19 16:52 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-22 16:51 . 2011-11-22 16:51 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 20:47 . 2010-05-28 14:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 13:25 . 2011-05-21 12:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2009-09-25 17:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-02 13:56 . 2011-10-02 13:56 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( [email protected]_14.49.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-21 14:41 . 2011-12-21 14:41 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2011-12-21 14:41 . 2011-12-21 14:41 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
- 2009-09-25 17:55 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2009-09-25 17:55 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2004-08-04 12:00 . 2011-12-19 14:49 67740 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-12-21 12:57 67740 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2009-09-25 18:35 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-09-25 18:35 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 08:31 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-09-25 18:35 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-09-25 18:35 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 08:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
+ 2011-12-21 14:41 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2011-12-19 14:48 . 2009-04-30 20:01 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2011-12-21 12:57 432784 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-12-19 14:49 432784 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 08:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
- 2011-08-05 04:09 . 2011-02-03 02:40 157472 c:\windows\system32\javaws.exe
+ 2011-12-19 20:47 . 2011-12-19 20:47 157472 c:\windows\system32\javaws.exe
+ 2011-12-19 20:47 . 2011-12-19 20:47 149280 c:\windows\system32\javaw.exe
+ 2011-12-19 20:47 . 2011-12-19 20:47 149280 c:\windows\system32\java.exe
- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2009-09-25 12:55 . 2011-10-13 07:24 165120 c:\windows\system32\FNTCACHE.DAT
+ 2009-09-25 12:55 . 2011-12-19 23:38 165120 c:\windows\system32\FNTCACHE.DAT
+ 2009-06-26 16:50 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
- 2009-03-08 08:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 08:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 08:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:32 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-09-25 18:35 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-25 18:35 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-09-25 18:35 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-09-25 18:35 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2009-03-08 08:31 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2009-03-08 08:31 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 17:28 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 17:28 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 18:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 18:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-08 08:32 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
- 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2011-12-19 20:48 . 2011-12-19 20:48 203776 c:\windows\Installer\a644f.msi
+ 2011-12-19 20:47 . 2011-12-19 20:47 902656 c:\windows\Installer\a643b.msi
+ 2011-12-19 20:59 . 2011-12-19 20:59 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-19 23:35 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-19 23:35 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-19 23:35 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-19 23:35 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
- 2009-03-08 08:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2009-04-17 12:26 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2009-06-26 16:50 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2009-06-26 16:50 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
+ 2009-09-25 18:14 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-09-25 18:14 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-09-25 18:14 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-09-25 18:14 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-09-25 18:14 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-09-25 18:14 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-07-18 16:05 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2009-09-25 18:35 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2009-09-25 18:35 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-12-20 13:49 . 2011-12-20 13:49 2295808 c:\windows\Installer\c0c22.msi
+ 2011-12-19 20:59 . 2011-12-19 21:00 2095616 c:\windows\Installer\16337e.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-12-19 23:35 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-19 23:35 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-19 23:35 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
- 2009-09-25 18:14 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-09-25 18:14 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-09-25 18:14 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-09-25 18:14 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-07 23:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-09-25 18:14 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-09-25 18:14 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-09-25 18:34 . 2011-12-19 23:32 52988224 c:\windows\system32\MRT.exe
- 2009-03-08 08:39 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
+ 2009-03-08 08:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2009-09-25 18:35 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2009-09-25 18:35 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\c0c23.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-12-19 23:35 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-07 149040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-11 406016]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SecurityScan.lnk - c:\program files\McAfee Security Scan\2.1.119\SSScheduler.exe [2010-3-8 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\BackupData\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 8:14 PM 136360]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/28/2011 6:20 PM 286736]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/19/2011 5:22 PM 366152]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/19/2011 5:22 PM 22216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/5/2009 8:09 PM 47360]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2010 8:10 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2011 11:51 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.119\McCHSvc.exe [3/8/2010 10:39 AM 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-22 16:51]
.
2011-12-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 09:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2011-12-21 09:52:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-21 14:52
ComboFix2.txt 2011-12-19 14:57
.
Pre-Run: 234,137,083,904 bytes free
Post-Run: 235,020,447,744 bytes free
.
- - End Of File - - 5A72A2421B5B70EEFE6DE1E22AA0E5B3
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top