Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

several Problems win update msconfig not admin??


  • This topic is locked This topic is locked
35 replies to this topic

#1 john baptist

john baptist

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 16 November 2012 - 08:12 PM

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Administrator at 20:02:37 on 2012-11-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2361 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Outlook Express\msimn.exe
C:\windows\system32\dllhost.exe
C:\windows\System32\alg.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\windows\system32\spoolsv.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msdtc.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\5.2.2.3\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\5.2.2.3\coieplg.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [{D32470A1-B10C-4059-BA53-CF0486F68EBC}] RunDll32.exe c:\docume~1\admini~1\locals~1\temp\3.3.61.28-easyshrx.dll,_uninstallplatform@16 c:\documents and settings\all users\application data\kodak\EasyShareSetup
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/Oneclickfix/tgctlsr.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342010531625
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C0501485-EDF1-4593-8DD0-DA994B10BF24} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-7-27 163840]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-9-13 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.4.131\ccSvcHst.exe [2010-9-13 126392]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-11-9 20704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [2008-1-5 40448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121115.001\IDSXpx86.sys [2012-11-15 373728]
R3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121116.009\NAVENG.SYS [2012-11-16 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121116.009\NAVEX15.SYS [2012-11-16 1601184]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2012-11-17 00:04:25 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-11-17 00:04:24 -------- d-----w- c:\program files\Trend Micro
2012-11-16 01:38:51 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PCHealth
2012-11-12 16:26:41 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 13:32:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:32:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 03:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-10 00:07:17 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-10 00:07:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-10 00:07:17 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:03:14.66 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/20/2008 6:18:27 PM
System Uptime: 11/16/2012 7:31:11 PM (1 hours ago)
.
Motherboard: Intel Corporation | | OEMD975XBGG1
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | LGA 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 151.497 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.74 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 596 GiB total, 538.295 GiB free.
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP946: 11/7/2012 8:42:18 PM - killer
RP947: 11/8/2012 10:38:37 PM - System Checkpoint
RP948: 11/10/2012 12:47:33 AM - System Checkpoint
RP949: 11/11/2012 1:45:42 AM - System Checkpoint
RP950: 11/12/2012 12:03:20 PM - System Checkpoint
RP951: 11/13/2012 5:25:16 PM - System Checkpoint
RP952: 11/14/2012 11:35:15 PM - System Checkpoint
RP953: 11/15/2012 7:29:57 PM - Software Distribution Service 3.0
RP954: 11/16/2012 9:26:54 AM - Software Distribution Service 3.0
RP955: 11/16/2012 9:33:32 AM - Software Distribution Service 3.0
RP956: 11/16/2012 9:47:41 AM - Software Distribution Service 3.0
RP957: 11/16/2012 12:49:06 PM - Software Distribution Service 3.0
RP958: 11/16/2012 4:54:45 PM - Software Distribution Service 3.0
RP959: 11/16/2012 5:02:07 PM - Installed Windows XP KB2509553.
RP960: 11/16/2012 5:02:37 PM - Software Distribution Service 3.0
RP961: 11/16/2012 5:28:11 PM - Software Distribution Service 3.0
RP962: 11/16/2012 6:43:31 PM - Restore Operation
RP963: 11/16/2012 7:02:22 PM - Norton Security Suite Registry
RP964: 11/16/2012 7:04:24 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Software Update
Auslogics Disk Defrag
BigFix
CameraHelperMsi
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Comcast Access
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
DVD Solution
EA Download Manager
erLT
Facebook Video Calling 1.2.0.159
FrostWire 4.21.3
Google Chrome
Google Talk (remove only)
gtw_logo
GWCares
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP USB Disk Storage Format Tool
Intel Audio Studio 2.0
Intel® Matrix Storage Manager
Intel® Network Connections 14.5.1.0
Intel® Processor ID Utility
Intel® Viiv™ Software
Java 7 Update 9
Java Auto Updater
K-Lite Mega Codec Pack 9.2.0
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite 2006
Microsoft Digital Image Suite 2006 Editor
Microsoft Digital Image Suite 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft WinUsb 1.0
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Network Recording Player
Norton PC Checkup
Norton Security Suite
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Power2Go 4.0
PowerDVD
proDAD Heroglyph 2.5
proDAD Vitascene 1.0
QuickTime
Recovery Software Suite Gateway
RivaTuner v2.24
runtime
ScanSoft OmniPage SE 4
Secunia PSI (2.0.0.3003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
Skype™ 6.0
Soft Data Fax Modem with SmartCP
Sonic Encoders
Sony Player Plug-in for Windows Media Player
Spybot - Search & Destroy
SpywareBlaster 4.6
SUPERAntiSpyware
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VS10RuntimeWin32
WD Diagnostics
Web Games Player Plugin
WebEx
WebEx Recorder and Player
WebFldrs XP
Windows Easy Transfer
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows PowerShell™ 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Xiph QuickTime Components
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/9/2012 7:40:04 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 001CC035CFE1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/9/2012 11:28:12 AM, error: Print [6161] - The document Microsoft Word - Jim Lawlor Jr11-09-2012 owned by Administrator failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 196608. Number of bytes printed: 86092. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\YOUR-52343A8659. Win32 error code returned by the print processor: 13 (0xd).
11/16/2012 7:38:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the KodakCCS service.
11/16/2012 5:56:57 PM, error: Service Control Manager [7022] - The Intel® Software Services Manager service hung on starting.
11/16/2012 5:56:57 PM, error: Service Control Manager [7022] - The Intel® Application Tracker service hung on starting.
11/16/2012 5:56:57 PM, error: Service Control Manager [7001] - The Intel® Viiv™ Media Server service depends on the Intel® Software Services Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/16/2012 5:56:57 PM, error: Service Control Manager [7001] - The Intel® Remoting Service service depends on the Intel® Application Tracker service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/15/2012 7:34:12 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).
11/15/2012 7:31:14 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450).
11/12/2012 11:48:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
11/12/2012 11:47:35 AM, error: Dhcp [1002] - The IP address lease 192.168.1.106 for the Network Card with network address 001CC035CFE1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/11/2012 8:07:01 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer COURTNEY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C0501485-EDF1-45. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 18 November 2012 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Please post the 4 logs for my review.

#3 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 18 November 2012 - 12:30 PM

ComboFix 12-11-16.02 - Administrator 11/18/2012 11:23:17.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2471 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\bleep\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-17 00:04 . 2012-11-17 00:04 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-17 00:04 . 2012-11-17 00:04 -------- d-----w- c:\program files\Trend Micro
2012-11-16 01:38 . 2012-11-16 01:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-11-12 16:26 . 2012-11-16 22:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-11-12 16:26 . 2012-11-12 16:26 -------- d-----w- c:\program files\Common Files\Skype
2012-11-12 16:26 . 2012-11-12 16:26 -------- d-----r- c:\program files\Skype
2012-11-12 16:26 . 2012-11-12 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2006-06-17 09:23 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 13:32 . 2012-09-15 02:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:32 . 2012-09-15 02:12 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04 . 2006-06-17 09:23 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 00:54 . 2009-10-26 20:02 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 03:16 . 2012-09-10 00:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-10 00:07 . 2012-06-18 15:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-10 00:07 . 2011-05-24 23:51 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-10 00:07 . 2008-02-02 20:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2006-06-17 09:23 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2006-06-17 09:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2006-06-17 09:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2006-06-17 09:23 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2006-06-17 09:23 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2006-06-17 09:23 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 05:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
2006-07-27 17:54 303104 ----a-w- c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
2004-02-09 00:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AlertService"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 6:36 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 6:36 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [10/23/2012 6:34 PM 995488]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 6:36 PM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 6:38 PM 116608]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 6:35 PM 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [9/13/2010 11:27 AM 177080]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [9/13/2010 11:27 AM 126392]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [11/9/2010 9:46 PM 20704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/10/2012 7:46 PM 106656]
R3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [1/5/2008 5:23 AM 40448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121116.001\IDSXpx86.sys [11/16/2012 11:42 PM 373728]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/19/2012 4:14 PM 160944]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 13:32]
.
2012-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1995133639-196831184-3723666647-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 13:10]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1995133639-196831184-3723666647-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-28 13:10]
.
2008-01-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
2008-01-31 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-18 11:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1995133639-196831184-3723666647-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,0b,30,6b,2b,c4,fb,49,ad,65,5d,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,0b,30,6b,2b,c4,fb,49,ad,65,5d,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,d1,fd,2e,ae,b8,d0,4d,b7,8a,4f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,4f,99,db,04,97,ab,4a,ad,e4,d2,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,52,ba,96,2a,f4,b8,41,87,0d,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-18 11:29:02
ComboFix-quarantined-files.txt 2012-11-18 16:28
ComboFix2.txt 2012-11-07 15:01
ComboFix3.txt 2012-10-24 18:03
ComboFix4.txt 2012-10-01 00:16
ComboFix5.txt 2012-11-18 16:21
.
Pre-Run: 162,091,634,688 bytes free
Post-Run: 162,073,198,592 bytes free
.
- - End Of File - - 4AB88161FCDECC683E4EE45F0F42EA82
------------------------------------------------------------------------------------------------
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (2.0.0.3003)
CWShredder
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 9
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````
-# AdwCleaner v2.008 - Logfile created 11/18/2012 at 12:15:47
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - YOUR-52343A8659
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\bleep\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [743 octets] - [18/11/2012 12:15:47]
AdwCleaner[S2].txt - [2035 octets] - [30/09/2012 18:31:56]
AdwCleaner[S3].txt - [1609 octets] - [24/10/2012 12:09:45]
AdwCleaner[S4].txt - [1607 octets] - [07/11/2012 09:44:14]

########## EOF - C:\AdwCleaner[R1].txt - [982 octets] ##########
-----------------------------------------------------------------------------------------------
Farbar Service Scanner Version: 09-11-2012
Ran by Administrator (administrator) on 18-11-2012 at 12:19:29
Running from "C:\Documents and Settings\Administrator\Desktop\bleep"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\Drivers\ipsec.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\netman.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\srsvc.dll => MD5 is legit
C:\windows\system32\Drivers\sr.sys => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuauserv.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(11) Tcpip(3)
0x0B000000040000000100000002000000030000000B0000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

GOT MESSAGE FROM COMBO THAT BOOT.INI NOT CORECTLY FORMATTED

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 18 November 2012 - 01:59 PM

Your logs look good. Lets find out what boot.ini will report.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    BOOT.INI

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#5 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 18 November 2012 - 02:51 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:50 on 18/11/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "BOOT.INI"
C:\boot.ini -rahs-- 200 bytes [09:25 17/06/2006] [23:53 16/11/2012] 3E4024A77D2CFA64E9E0EB253C1A3A66

-= EOF =-

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 19 November 2012 - 07:37 AM

Only one file available.

Double-click SystemLook.exe to run it.
Copy and paste the content of the following bold text into the main textfield:


:contents
C:\boot.ini


[*]Click the Look button to start the scan.

Post the content of the file.

#7 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 19 November 2012 - 09:17 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 09:10 on 19/11/2012 by Administrator
Administrator - Elevation successful

========== contents ==========

C:\boot.ini - Opened succesfully.

[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect


-= EOF =-



Windows update still not working download failures tried from the site and ran the fix they recommended

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 19 November 2012 - 02:07 PM

Repeat the instructions on post no.6 with this

:contents
c:\Boot.bak


Post the results.

I would like to know what if you get a black screen with a message when you boot your computer.
It would seem that you get a message about the Microsoft Windows Recovery Console and that you may have to press the enter key to continue.

If you have any other experience with you boot please explain.

#9 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 19 November 2012 - 06:13 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:32 on 19/11/2012 by Administrator
Administrator - Elevation successful

========== contents ==========

c:\Boot.bak - Opened succesfully.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect


-= EOF =-

#10 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 19 November 2012 - 06:17 PM

I do get a screen for recovery during boot. Still have update problem. it says I am not admin when trying to change msconfig.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 20 November 2012 - 10:40 AM

You need to edit your boot.ini file.

How to: http://www.thpc.info/how/editbootini.html#strt

Select Method #1: Use 'Startup and Recovery' to Edit Boot.ini

This will get you to these instructions.

#1 Use XP/2K 'Startup and Recovery' to Edit Boot.ini

Right-click My Computer, and click Properties.
- or -
in Control Panel, start the Performance and Maintenance tool, and then click System.
On the Advanced tab, click Settings under Startup and Recovery.
Under System Startup, select your Default operating system
Still under System Startup, click the Edit button.
This opens the file in Notepad ready for editing.
In Notepad, click File on the Menu bar, and then click Save As. Set Save as type: to All files, and save it as Boot.inn (or similar) somewhere safe. Close Notepad.
Reopen Boot.ini in Notepad (as described here) and edit it now.
When finished, click File on the Menu bar, and then Save.


To modify your Boot.ini I suggest the following.

Reopen Boot.ini in Notepad

Replace the content of your boot.ini file with the following.
Copy and paste the following as as to not make an error while typing.

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect


Save the file.

p.s. I have change one value from the boot.bak file
Timeout=30
to
Timeout=3

This means that the message will only last 3 seconds at start up.
If you want more time you can change it later.

Restart the computer normally.

Let me know what problem persists.

If you need more instructions before beginning please ask.

#12 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 20 November 2012 - 02:55 PM

I modified the file with note pad did not do anything else & rebooted machine it worked okay...I am still confused why Microsoft update is continuing to fail update installs...And msconfig says I am not admin.Was I supposed to do other things other then modifying that boot file??

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 21 November 2012 - 10:15 AM

If you have or had a HP printer connected to this computer see if this article can solve you Admin problem with MSCONFIG.

http://www.pchell.com/support/msconfig_access_denied_error.shtml

===

Try this fix.

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

Is still a problem do you see any error message from Microsoft that could help in identifying the problem?
Post it.

#14 john baptist

john baptist
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Galloway NJ
  • Local time:02:44 PM

Posted 21 November 2012 - 02:23 PM

Never had a HP printer ran fix it 4 times this week still not allowing update

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:44 PM

Posted 22 November 2012 - 08:06 AM

11/15/2012 7:34:12 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2698023).

This error is present in your first Extra.txt file submitted on your first log.

Run this Microsoft fix.

Error codes “0x80070643” or “0x643” occur when you install the .NET Framework updates
http://support.microsoft.com/kb/976982

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users