Infected with Trojan.Zeroaccess!inf Need Help Removing

I have a computer that has been infected by Trojan.Zeroaccess!inf . Norton detects it but says manual removal is required. Infected computer is running Windows XP SP3. Any help removing this would be GREATLY appreciated.

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

TDSSKiller I ran earlier this morning. It found and fixed 1 trojan (I cant remember it's name, it was 4 AM and I was frustrated) and one locked object. Thank you for your prompt response... I'm running aswMBR now, will post log as soon as its done.


I should add that I have to do all of this in safe mode...the zeroaccess trojan will not allow any programs at all to run if I boot normally.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 11:07:36
-----------------------------
11:07:36.437 OS Version: Windows 5.1.2600 Service Pack 3
11:07:36.437 Number of processors: 2 586 0x170A
11:07:36.437 ComputerName: LANGSTON-P5QL UserName: Charlene
11:07:39.171 Initialize success
11:09:44.359 AVAST engine defs: 12073101
11:10:17.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
11:10:17.281 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
11:10:17.312 Disk 0 MBR read successfully
11:10:17.312 Disk 0 MBR scan
11:10:17.343 Disk 0 Windows XP default MBR code
11:10:17.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
11:10:17.390 Disk 0 scanning sectors +976752000
11:10:17.484 Disk 0 scanning C:\WINDOWS\system32\drivers
11:10:26.546 Service scanning
11:10:37.765 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:10:41.828 Modules scanning
11:10:45.390 Disk 0 trace - called modules:
11:10:45.437 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spak.sys >>UNKNOWN [0x8ae76938]<<
11:10:45.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae06ab8]
11:10:45.515 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ae23bc0]
11:10:45.578 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8ad7c940]
11:10:52.281 AVAST engine scan C:\WINDOWS
11:10:59.296 AVAST engine scan C:\WINDOWS\system32
11:13:34.687 AVAST engine scan C:\WINDOWS\system32\drivers
11:13:58.078 AVAST engine scan C:\Documents and Settings\Charlene
11:15:12.296 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
11:15:12.312 The log file has been saved successfully to "F:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 11:16:26
-----------------------------
11:16:26.984 OS Version: Windows 5.1.2600 Service Pack 3
11:16:26.984 Number of processors: 2 586 0x170A
11:16:26.984 ComputerName: LANGSTON-P5QL UserName: Charlene
11:16:29.515 Initialize success
11:16:33.656 AVAST engine defs: 12073101
11:16:41.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
11:16:41.937 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
11:16:41.968 Disk 0 MBR read successfully
11:16:41.984 Disk 0 MBR scan
11:16:42.015 Disk 0 Windows XP default MBR code
11:16:42.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
11:16:42.046 Disk 0 scanning sectors +976752000
11:16:42.140 Disk 0 scanning C:\WINDOWS\system32\drivers
11:16:56.171 Service scanning
11:17:05.921 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
11:17:10.218 Modules scanning
11:17:16.968 Disk 0 trace - called modules:
11:17:17.015 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spak.sys >>UNKNOWN [0x8ae76938]<<
11:17:17.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae06ab8]
11:17:17.093 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ae23bc0]
11:17:17.156 5 ACPI.sys[f7496620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8ad7c940]
11:17:20.312 AVAST engine scan C:\WINDOWS
11:17:42.515 AVAST engine scan C:\WINDOWS\system32
11:21:35.328 AVAST engine scan C:\WINDOWS\system32\drivers
11:22:18.687 AVAST engine scan C:\Documents and Settings\Charlene
11:31:52.593 File: C:\Documents and Settings\Charlene\My Documents\Downloads\PDFConverterSetup.exe **INFECTED** Win32:Spyware-gen [Spy]
11:33:38.765 AVAST engine scan C:\Documents and Settings\All Users
11:33:39.343 File: C:\Documents and Settings\All Users\Application Data\036DFF85CD13E2A23618403D7B07D287\036DFF85CD13E2A23618403D7B07D287.exe **INFECTED** Win32:Winwebsec-Z [Trj]
11:38:40.265 Scan finished successfully
11:42:40.656 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
11:42:40.671 The log file has been saved successfully to "F:\aswMBR.txt"






scanning with ESET now, will post when done

ok after several hours....




C:\Documents and Settings\All Users\Application Data\036DFF85CD13E2A23618403D7B07D287\036DFF85CD13E2A23618403D7B07D287.exe a variant of Win32/Kryptik.AJEA trojan cleaned by deleting - quarantined
C:\Documents and Settings\Charlene\Application Data\Sun\Java\Deployment\cache\6.0\23\70584657-2f22269e Win32/TrojanDownloader.Agent.RIB trojan cleaned by deleting - quarantined
C:\Documents and Settings\Charlene\My Documents\Downloads\PDFConverterSetup.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\31.07.2012_08.47.32\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan cleaned by deleting - quarantined

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.11

Windows XP Service Pack 3 x86 FAT
Internet Explorer 6.0.2900.5512
Charlene :: LANGSTON-P5QL [administrator]

Protection: Enabled

7/31/2012 3:48:12 PM
mbam-log-2012-08-01 (08-30-14).txt

Scan type: Full scan (C:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 609072
Time elapsed: 6 hour(s), 48 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 1
C:\Documents and Settings\Charlene\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Files Detected: 6
C:\System Volume Information\_restore{7FD976C7-6BD3-4073-96C0-C257DAC251A8}\RP869\A0138557.sys (Rootkit.0Access) -> No action taken.
C:\System Volume Information\_restore{7FD976C7-6BD3-4073-96C0-C257DAC251A8}\RP869\A0138855.sys (Rootkit.0Access) -> No action taken.
C:\System Volume Information\_restore{7FD976C7-6BD3-4073-96C0-C257DAC251A8}\RP869\A0139155.sys (Rootkit.0Access) -> No action taken.
C:\System Volume Information\_restore{7FD976C7-6BD3-4073-96C0-C257DAC251A8}\RP869\A0139184.exe (Trojan.FakeAV) -> No action taken.
C:\tmp\usb_format.exe (Packer.ModifiedUPX) -> No action taken.
C:\Documents and Settings\Charlene\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> No action taken.

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Charlene (administrator) on 01-08-2012 at 08:37:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link DWA-140 RangeBooster N USB Adapter(rev.B2) = Wireless Network Connection 2 (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : langston-p5ql

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

Physical Address. . . . . . . . . : 00-24-8C-7B-88-6D



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : D-Link DWA-140 RangeBooster N USB Adapter(rev.B2)

Physical Address. . . . . . . . . : B8-A3-86-95-E5-EA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.71

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Wednesday, August 01, 2012 8:34:03 AM

Lease Expires . . . . . . . . . . : Thursday, August 02, 2012 8:34:03 AM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.43.4, 173.194.43.5, 173.194.43.6, 173.194.43.7
173.194.43.8, 173.194.43.9, 173.194.43.14, 173.194.43.0, 173.194.43.1
173.194.43.2, 173.194.43.3



Pinging google.com [74.125.226.225] with 32 bytes of data:



Reply from 74.125.226.225: bytes=32 time=31ms TTL=53

Reply from 74.125.226.225: bytes=32 time=28ms TTL=53



Ping statistics for 74.125.226.225:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 31ms, Average = 29ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=78ms TTL=47

Reply from 209.191.122.70: bytes=32 time=70ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 70ms, Maximum = 78ms, Average = 74ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 8c 7b 88 6d ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller - Packet Scheduler Miniport
0x10004 ...b8 a3 86 95 e5 ea ...... D-Link DWA-140 RangeBooster N USB Adapter(rev.B2) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.71 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.71 192.168.1.71 20
192.168.1.0 255.255.255.0 192.168.1.71 192.168.1.71 10
192.168.1.71 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.71 192.168.1.71 10
224.0.0.0 240.0.0.0 192.168.1.71 192.168.1.71 10
255.255.255.255 255.255.255.255 192.168.1.71 2 1
255.255.255.255 255.255.255.255 192.168.1.71 192.168.1.71 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2012 03:20:28 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (07/15/2012 01:15:57 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (07/13/2012 03:03:18 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (07/12/2012 00:21:38 PM) (Source: Application Error) (User: )
Description: Faulting application WDFME.exe, version 1.4.5.2, faulting module msvcr90.dll, version 9.0.30729.4137, fault address 0x0006ccb5.
Processing media-specific event for [WDFME.exe!ws!]

Error: (07/11/2012 08:44:10 AM) (Source: Application Hang) (User: )
Description: Hanging application winamp.exe, version 5.5.6.2512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/10/2012 01:08:25 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (07/09/2012 01:06:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers. Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (07/06/2012 01:36:06 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (07/06/2012 01:36:05 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (07/06/2012 01:36:05 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (08/01/2012 08:35:07 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (08/01/2012 08:35:07 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/31/2012 02:59:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (07/31/2012 02:59:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/31/2012 02:56:29 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/31/2012 02:53:57 PM) (Source: DCOM) (User: LANGSTON-P5QL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 02:53:44 PM) (Source: DCOM) (User: LANGSTON-P5QL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 02:53:27 PM) (Source: DCOM) (User: LANGSTON-P5QL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 11:43:09 AM) (Source: DCOM) (User: LANGSTON-P5QL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 11:15:05 AM) (Source: DCOM) (User: LANGSTON-P5QL)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (07/31/2012 03:20:28 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/15/2012 01:15:57 PM) (Source: VSS)(User: )
Description:

Error: (07/13/2012 03:03:18 AM) (Source: VSS)(User: )
Description:

Error: (07/12/2012 00:21:38 PM) (Source: Application Error)(User: )
Description: WDFME.exe1.4.5.2msvcr90.dll9.0.30729.41370006ccb5

Error: (07/11/2012 08:44:10 AM) (Source: Application Hang)(User: )
Description: winamp.exe5.5.6.2512hungapp0.0.0.000000000

Error: (07/10/2012 01:08:25 PM) (Source: VSS)(User: )
Description:

Error: (07/09/2012 01:06:50 PM) (Source: VSS)(User: )
Description:

Error: (07/06/2012 01:36:06 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/06/2012 01:36:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (07/06/2012 01:36:05 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


=========================== Installed Programs ============================

µTorrent (Version: 1.8.3)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Acrobat 5.0
Adobe Acrobat 7.0 Standard (Version: 7.1.0)
Adobe Acrobat 7.1.0 Standard (Version: 7.1.0)
Adobe AIR (Version: 3.0.0.4080)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.5.23)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 1.8)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Amazon Kindle
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.71)
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30)
ATI - Software Uninstall Utility (Version: 6.14.10.1021)
ATI AVIVO Codecs (Version: 9.15.0.20713)
ATI Catalyst Control Center (Version: 2.008.0328.2321)
ATI Display Driver (Version: 8.476-080328a-062315C-VisionTek)
ATI Parental Control & Encoder (Version: 3.0)
ATI Problem Report Wizard (Version: 8.10)
Bonjour (Version: 3.0.0.10)
Brother P-touch Editor 4.2 (Version: 4.2.011)
Brother P-touch Quick Editor 2.0 (Version: 2.0.201)
Brother P-touch Software (Version: 1.0.006)
BufferChm (Version: 53.0.13.000)
Capture NX 2 (Version: 2.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0328.2322.39969)
Catalyst Control Center Graphics Full Existing (Version: 2008.0328.2322.39969)
Catalyst Control Center Graphics Full New (Version: 2008.0328.2322.39969)
Catalyst Control Center Graphics Light (Version: 2008.0328.2322.39969)
Catalyst Control Center Graphics Previews Common (Version: 2008.0328.2322.39969)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0328.2322.39969)
Catalyst Control Center Localization French (Version: 2008.0328.2322.39969)
Catalyst Control Center Localization German (Version: 2008.0328.2322.39969)
Catalyst Control Center Localization Spanish (Version: 2008.0328.2322.39969)
ccc-core-preinstall (Version: 2008.0328.2322.39969)
ccc-core-static (Version: 2008.0328.2322.39969)
ccc-utility (Version: 2008.0328.2322.39969)
CCC Help Chinese Standard (Version: 2008.0328.2321.39969)
CCC Help English (Version: 2008.0328.2321.39969)
CCC Help French (Version: 2008.0328.2321.39969)
CCC Help German (Version: 2008.0328.2321.39969)
CCC Help Spanish (Version: 2008.0328.2321.39969)
CCScore (Version: 7.00.0000.0001)
Comcast Access (Version: 1.57)
Comcast Access (Version: ComcastAccess-1.57)
ConvertXtoDVD 3.4.7.121 (Version: 3.4.7.121)
CustomerResearchQFolder (Version: 1.00.0000)
Destinations (Version: 53.0.13.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Setup (Version: 2.6.1.3)
EPSON Artisan 800 Series Printer Uninstall
EPSON Artisan 837 Series Printer Uninstall
Epson Connect
Epson Connect Printer Setup (Version: 1.0.2)
Epson Customer Participation (Version: 1.0.0.0)
Epson Download Navigator (Version: 1.0.1)
Epson Event Manager (Version: 2.50.0000)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
Epson Print CD (Version: 2.05.00)
Epson Professional Print Sample
EPSON Scan
Epson Stylus Photo R2000 Printer Uninstall
EpsonNet Config V3 (Version: 3.8.0)
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
EPU-4 Engine (Version: 1.00.07)
ESET Online Scanner v3
ESSBrwr (Version: 7.01.0000.0001)
ESSCDBK (Version: 7.01.0000.0002)
ESScore (Version: 7.01.0000.0012)
ESSgui (Version: 7.01.0000.0002)
ESSini (Version: 7.01.0000.0002)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.01.0000.0001)
eSupportQFolder (Version: 1.00.0000)
File Uploader (Version: 1.2.1)
FlashFXP v4.0 (Version: 4.0.0.1548)
Full Tilt Poker (Version: 4.40.9.WIN.FullTilt.COM)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Deskjet 3900 series (Version: 5.0)
HP Extended Capabilities 5.0 (Version: 5.0)
HP Image Zone Express (Version: 1.5.1.29)
HP Imaging Device Functions 5.0 (Version: 5.0)
HP Software Update (Version: 3.0.5.001)
HP Solution Center & Imaging Support Tools 5.0 (Version: 5.0)
HPDeskjet3900Series (Version: 1.00.0000)
HPProductAssistant (Version: 53.0.13.000)
InkReset version 2.16 (Version: 2.16)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 5.03.0000.0002)
kgcmove (Version: 5.03.0000.0003)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
LTCM Client
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 53.0.13.000)
McAfee Shredder (Version: 1.00.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Picture It! Publishing Platinum 2001 (Version: 5.0.0.0000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
mIRC (Version: 6.35)
MobileMe Control Panel (Version: 3.1.8.0)
Move Media Player
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Nero 7 Demo (Version: 7.00.1461)
neroxml (Version: 1.0.0)
netbrdg (Version: 7.01.0000.0001)
Nikon Message Center (Version: 0.92.000)
Nikon RAW Codec (Version: 1.00.0000)
Nikon Transfer (Version: 1.5.0)
Norton Security Suite (Version: 5.2.2.3)
OfotoXMI (Version: 7.01.0000.0001)
PC Probe II (Version: 1.04.60)
PDF Settings (Version: 1.0)
Picture Control Utility (Version: 1.1.2)
PokerStars.net
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.5745)
Safari (Version: 5.34.57.2)
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
Shockwave
skin0001 (Version: 7.01.0000.0003)
Skins (Version: 2008.0328.2322.39969)
SKINXSDK (Version: 7.01.0000.0001)
Snagit 9.1.2 (Version: 9.1.2.304)
SolutionCenter (Version: 50.0.152.000)
SoulSeek 157 NS 13e
SSC Service Utility v4.30
staticcr (Version: 7.01.0000.0005)
Status (Version: 53.0.13.000)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
tooltips (Version: 7.01.0000.0001)
TrayApp (Version: 53.0.13.000)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0298)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0203)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0141)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0800)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0329)
TurboTax 2008 wrapper (Version: 008.000.0062)
TurboTax 2009
TurboTax 2009 wctiper (Version: 009.000.0793)
TurboTax 2009 WinPerFedFormset (Version: 009.000.1849)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0311)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0230)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wctiper (Version: 010.000.1264)
TurboTax 2010 WinPerFedFormset (Version: 010.000.3796)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0443)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0211)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wctiper (Version: 011.000.1611)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Audit Support Center 3.0
Unity Web Player (Version: 2.6.1f3_31223)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCRedistSetup (Version: 1.0.0)
ViewNX (Version: 1.1.1)
VPRINTOL (Version: 7.01.0000.0001)
WD SmartWare (Version: 1.4.5.5)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 53.0.13.000)
Winamp (Version: 5.56 )
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WIRELESS (Version: 7.01.0000.0001)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3327.04 MB
Available physical RAM: 2415.21 MB
Total Pagefile: 5209.66 MB
Available Pagefile: 4397.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.98 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:89.04 GB) NTFS
5 Drive f: () (Removable) (Total:0.12 GB) (Free:0.09 GB) FAT
6 Drive g: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
7 Drive i: (My Book) (Fixed) (Total:1862.36 GB) (Free:898.38 GB) NTFS

========================= Users: ========================================

User accounts for \\LANGSTON-P5QL

Administrator ASPNET Charlene
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

Farbar Service Scanner Version: 26-07-2012
Ran by Charlene (administrator) on 01-08-2012 at 08:40:15
Running from "C:\Documents and Settings\Charlene\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v1.703 - Logfile created 08/01/2012 at 08:41:21
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Charlene - LANGSTON-P5QL
# Running from : C:\Documents and Settings\Charlene\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Charlene\Application Data\Mozilla\Firefox\Profiles\jrskq383.default\prefs.js

C:\Documents and Settings\Charlene\Application Data\Mozilla\Firefox\Profiles\jrskq383.default\user.js ... Deleted !

Deleted : user_pref("keyword.url", "hxxp://www.startsearcher.com/?q=");
Deleted : user_pref("startup.homepage_override_url", "hxxp://www.startsearcher.com/");

*************************

AdwCleaner[S1].txt - [1063 octets] - [01/08/2012 08:41:21]

########## EOF - C:\AdwCleaner[S1].txt - [1191 octets] ##########

Malwarebytes infections have not been removed.Remove them.Scan again and post the log

I think I saved the log and then removed. I will run again to make sure though and post results.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Charlene :: LANGSTON-P5QL [administrator]

Protection: Enabled

8/1/2012 9:00:32 AM
mbam-log-2012-08-01 (09-00-32).txt

Scan type: Full scan (C:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 857354
Time elapsed: 7 hour(s), 28 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Download

Sharedaccess
wscsvc

Launch them,click YES

Restart the PC ,post the new FSS log