Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with W32/Blaster.Worm


  • This topic is locked This topic is locked
22 replies to this topic

#1 jflynnde

jflynnde

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 02 August 2013 - 07:36 PM

Hello,

I haven't had the need for your assistance, since 2010; but I need it now - please. The problem started 8/1/2013 with a pop-up in the bottom right saying "Internet Security": saying that it detected a leak to another host computer and I need to "block attack" (then it wanted a registration for something. I cancelled this and the little pop-up then started saying this and that exe file couldn't run because they were infected with W32/Blaster.Worm.

After normal boot-up of my Windows XP (SP3) system it goes to the desktop and then nothing will run (malware programs, internet browser, e-mail, etc. etc.) except my Panda IS 2013; however when I run a scan with this, it doesn't find anything wrong.

I'm running this via Safe Mode and it's pretty cumbersome; but, at least I can make contact. From Safe Mode, I was able to run "SUPERantispyware" but it didn't help either - still have my problem when I let the normal boot-up, occur. So, I downloaded the DDS.exe and ran that. Here is my DDS.txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_33
Run by Administrator at 20:00:20 on 2013-08-02
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.658 [GMT -4:00]
.
AV: Panda Internet Security 2013 *Enabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2013 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dellnet.com
uDefault_Page_URL = hxxp://www.dellnet.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [nwiz] nwiz.exe /install
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RDListener] c:\program files\registry defense\RDListener.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [RDFNSListener] c:\program files\regdefense\RDFNSListener.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [RDFNSAgent] c:\program files\regdefense\RDFNSAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2013\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2013\Inicio.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BackupNoCDBurning = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156699940875
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1373922165390
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://ace.synerfac.com/ARViewer/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{DDC566AA-52FB-4641-85FC-60F3D118E44A} : DHCPNameServer = 192.168.1.1 71.242.0.12
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2012-12-10 159112]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R3 NETIMFLT01060044;PANDA NDIS IM Filter v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [2012-12-10 201032]
S0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-12-10 26696]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2012-12-10 83528]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2012-12-10 53256]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2012-12-10 22024]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2012-12-10 193864]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2012-12-10 37448]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2012-12-10 46856]
S2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2012-12-10 63240]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2013\PsCtrlS.exe [2012-12-10 177440]
S2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2013\PavFnSvr.exe [2012-12-10 202016]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2012-12-10 164488]
S2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2012-12-10 62768]
S2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2013\pavsrvx86.exe [2012-12-10 313664]
S2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2013\psksvc.exe [2012-12-10 28992]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2012-12-10 13880]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandai~2\PavScrip.exe "%1" %*
FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandai~2\PavScrip.exe "%1" %*
FileExt: .js: JSFile=c:\progra~1\pandas~1\pandai~2\PavScrip.exe "%1" %*
FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandai~2\PavScrip.exe "%1" %*
FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandai~2\PavScrip.exe "%1" %*
ShellExec: mkwACT.exe: verify="c:\program files\michael k. weise\mkw audio compression toolkit\mkwACT.exe"
.
=============== Created Last 30 ================
.
2013-08-02 17:06:30 -------- d-----w- c:\documents and settings\administrator.dg68qg21\application data\SUPERAntiSpyware.com
2013-08-02 17:05:20 -------- d-sh--w- c:\documents and settings\administrator.dg68qg21\PrivacIE
2013-08-02 17:04:26 -------- d-sh--w- c:\documents and settings\administrator.dg68qg21\IETldCache
2013-08-01 17:25:07 839168 ----a-w- c:\documents and settings\all users\application data\wmdefender.exe
2013-07-15 21:09:05 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-08-02 10:03:05 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-23 22:21:49 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-23 22:21:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 04:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2002-08-29 11:00:00 92032 --shatr- c:\windows\system32\mga.dll
.
============= FINISH: 20:02:05.25 ===============
 

I'm attaching the "Attach.txt" zipped file as instructed. Anything you can do for me, would be deeply appreciated.

Not sure if I can even get to e-mail, so this should be a lot of fun trying to know when / if, someone responds.

Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:21 PM

Posted 03 August 2013 - 12:32 AM





Hello jflynnde

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 03 August 2013 - 01:05 PM

Hi Gringo,

 

Thanks for getting back to me so fast.

As instructed, here is the "FRST.TXT" file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01
Ran by Administrator (administrator) on 03-08-2013 13:47:58
Running from C:\Documents and Settings\Administrator.DG68QG21\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [x]
HKLM\...\Run: [diagent] - C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [135264 2002-04-03] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [DVDSentry] - C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering)
HKLM\...\Run: [Microsoft Works Update Detection] - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28672 2002-07-16] (Microsoft® Corporation)
HKLM\...\Run: [nwiz] - nwiz.exe /install [x]
HKLM\...\Run: [mmtask] - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [53248 2004-10-08] (Musicmatch Inc.)
HKLM\...\Run: [DwlClient] - C:\Program Files\Common Files\Dell\EUSW\Support.exe [323584 2004-05-27] (Dell)
HKLM\...\Run: [Disc Detector] - C:\Program Files\Creative\ShareDLL\CtNotify.exe [191488 2001-12-26] (Creative Technology Ltd.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2595792 2008-04-09] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2008-04-09] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [136472 2008-04-09] (Acronis)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [RDListener] - C:\Program Files\Registry Defense\RDListener.exe [115312 2009-02-06] ()
HKLM\...\Run: [Nikon Transfer Monitor] - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2008-12-16] (Nikon Corporation)
HKLM\...\Run: [RDFNSListener] - C:\Program Files\RegDefense\RDFNSListener.exe [105472 2010-12-06] ()
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-10-26] (Citrix Systems, Inc.)
HKLM\...\Run: [RDFNSAgent] - C:\Program Files\RegDefense\RDFNSAgent.exe [211456 2010-12-06] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [413696 2008-03-28] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [APVXDWIN] - C:\Program Files\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE [1037600 2012-11-07] (Panda Security, S.L.)
HKLM\...\Run: [SCANINICIO] - C:\Program Files\Panda Security\Panda Internet Security 2013\Inicio.exe [70432 2012-06-08] (Panda Security, S.L.)
Winlogon\Notify\avldr: avldr.dll (On-Access Anti-Malware Scanner Sync)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\RECYCLER\S-1-5-18\$4598ce333e0cce4d13c9878099f06069\o. ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [x]
HKU\John Flynn\...\Run: [Adobe CSS5.1 Manager] - C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe [ 2013-08-01] () <===== ATTENTION
HKU\John Flynn\...\Run: [Internet Security] - C:\Documents and Settings\All Users\Application Data\wmdefender.exe [ 2013-08-01] (TorchSoft)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
SearchScopes: HKLM - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolsoftonic-chromesbox-en-us&tb_uuid=20120720224147312&tb_oid=20-07-2012&tb_mrud=20-07-2012
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolsoftonic-chromesbox-en-us&tb_uuid=20120720224147312&tb_oid=20-07-2012&tb_mrud=20-07-2012
SearchScopes: HKCU - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156699940875
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://ace.synerfac.com/ARViewer/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-07-22] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-22] (SUPERAntiSpyware.com)
S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [431384 2008-04-09] (Acronis)
S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-02-18] (Apple, Inc.)
S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
S2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
S2 dvpapi; C:\Program Files\Common Files\Command Software\dvpapi.exe [142416 2006-01-20] (Command Software Systems, Inc.)
S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-10-10] (Intel Corporation)
S2 Panda Software Controller; C:\Program Files\Panda Security\Panda Internet Security 2013\PsCtrls.exe [177440 2012-06-19] (Panda Security, S.L.)
S2 PAVFNSVR; C:\Program Files\Panda Security\Panda Internet Security 2013\PavFnSvr.exe [202016 2012-06-15] (Panda Security, S.L.)
S2 PavPrSrv; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
S2 PAVSRV; C:\Program Files\Panda Security\Panda Internet Security 2013\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
S2 PSHost; c:\program files\panda security\panda internet security 2013\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
S2 PSIMSVC; C:\Program Files\Panda Security\Panda Internet Security 2013\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
S2 PskSvcRetail; C:\Program Files\Panda Security\Panda Internet Security 2013\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
S2 TPSrv; C:\Program Files\Panda Security\Panda Internet Security 2013\TPSrv.exe [156960 2012-11-16] (Panda Security, S.L.)
S2 TryAndDecideService; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [492896 2008-04-09] ()
S2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S2 AmFSM; C:\Windows\System32\DRIVERS\amm8651.sys [63240 2012-03-26] (Panda Security, S.L.)
S1 APPFLT; C:\WINDOWS\system32\Drivers\APPFLT.SYS [83528 2011-01-31] (Panda Security, S.L.)
S2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 ComFiltr; C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [13880 2013-08-02] ()
S2 CSS DVP; C:\Windows\System32\DRIVERS\css-dvp.sys [783984 2006-01-20] (Command Software Systems, Inc.)
S1 DSAFLT; C:\WINDOWS\system32\Drivers\DSAFLT.SYS [53256 2009-09-25] (Panda Security, S.L.)
S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S1 FNETMON; C:\WINDOWS\system32\Drivers\fnetmon.SYS [22024 2009-09-25] (Panda Security, S.L.)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel® Corporation)
S1 IDSFLT; C:\WINDOWS\system32\Drivers\IDSFLT.SYS [193864 2010-09-09] (Panda Security, S.L.)
S3 Jukebox; C:\Windows\System32\DRIVERS\ctpdusb2.sys [16890 2003-10-28] (Creative Technology Ltd.)
S3 MRENDIS5; C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2004-11-22] (Motive, Inc.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 NETFLTDI; C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [159112 2009-09-25] (Panda Security, S.L.)
R3 NETIMFLT01060044; C:\Windows\System32\DRIVERS\neti1644.sys [201032 2010-09-01] (Panda Security, S.L.)
S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-10-10] (Intel Corporation)
S3 P16X; C:\Windows\System32\drivers\P16X.sys [1293440 2002-08-30] (Creative Technology Ltd.)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S0 pavboot; C:\Windows\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.)
S2 PavProc; C:\WINDOWS\system32\DRIVERS\PavProc.sys [164488 2012-05-08] (Panda Security, S.L.)
S3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2002-09-27] (Padus, Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 ShldDrv; C:\Windows\System32\DRIVERS\ShlDrv51.sys [37448 2011-02-21] (Panda Security, S.L.)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2008-08-19] (Acronis)
S2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2008-08-19] (Acronis)
S1 WNMFLT; C:\WINDOWS\system32\Drivers\WNMFLT.SYS [46856 2009-09-25] (Panda Security, S.L.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [x]
S3 AvFlt; \SystemRoot\system32\drivers\av5flt.sys [x]
S3 bvrp_pci; No ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [x]
S3 PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys [x]
S3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [x]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

NETSVC: Ip6FwHlp -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-08-03 13:47 - 2013-08-03 13:47 - 00000000 ____D C:\FRST
2013-08-03 13:46 - 2013-08-03 13:44 - 01222124 _____ (Farbar) C:\Documents and Settings\Administrator.DG68QG21\Desktop\FRST.exe
2013-08-03 13:46 - 2013-08-03 13:44 - 01222124 _____ (Farbar) C:\Documents and Settings\Administrator.DG68QG21\Desktop\FRST.exe
2013-08-03 13:03 - 2013-08-03 13:03 - 00001487 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\Windows Explorer.lnk
2013-08-03 13:03 - 2013-08-03 13:03 - 00001487 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\Windows Explorer.lnk
2013-08-03 13:00 - 2013-08-03 13:00 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Malwarebytes
2013-08-03 13:00 - 2013-08-03 13:00 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Malwarebytes
2013-08-02 20:41 - 2013-08-02 20:41 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Macromedia
2013-08-02 20:41 - 2013-08-02 20:41 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Macromedia
2013-08-02 20:13 - 2013-08-02 20:14 - 00006480 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.zip
2013-08-02 20:13 - 2013-08-02 20:14 - 00006480 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.zip
2013-08-02 20:10 - 2013-08-02 20:10 - 00000736 _____ C:\Documents and Settings\All Users\Desktop\WinZip.lnk
2013-08-02 20:03 - 2013-08-02 20:17 - 00000000 ____D C:\( ) DDS 08022013
2013-08-02 20:02 - 2013-08-02 20:02 - 00031741 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.txt
2013-08-02 20:02 - 2013-08-02 20:02 - 00031741 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.txt
2013-08-02 20:02 - 2013-08-02 20:02 - 00013142 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.txt
2013-08-02 20:02 - 2013-08-02 20:02 - 00013142 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.txt
2013-08-02 19:59 - 2013-08-02 19:59 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.com
2013-08-02 19:59 - 2013-08-02 19:59 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.com
2013-08-02 13:06 - 2013-08-02 13:06 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\SUPERAntiSpyware.com
2013-08-02 13:06 - 2013-08-02 13:06 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\SUPERAntiSpyware.com
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\PrivacIE
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\PrivacIE
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Adobe
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Adobe
2013-08-02 13:04 - 2013-08-02 13:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\IETldCache
2013-08-02 13:04 - 2013-08-02 13:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\IETldCache
2013-08-01 23:04 - 2013-08-02 06:00 - 00000426 ____H C:\WINDOWS\Tasks\{EEF2C9ED-98DA-40BC-837C-8F3903CFF191}.job
2013-08-01 23:04 - 2013-08-01 23:04 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad
2013-08-01 13:25 - 2013-08-02 06:00 - 00000416 ____H C:\WINDOWS\Tasks\{4FE38D58-303E-4F8B-87D7-8DAFA23FB1A7}.job
2013-08-01 13:25 - 2013-08-01 13:26 - 00000000 ____D C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad
2013-08-01 13:25 - 2013-08-01 13:25 - 00839168 _____ (TorchSoft) C:\Documents and Settings\All Users\Application Data\wmdefender.exe
2013-08-01 13:25 - 2013-08-01 13:25 - 00000807 _____ C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
2013-08-01 13:24 - 2013-08-01 13:24 - 00000000 _____ C:\Documents and Settings\John Flynn\jqs.exe
2013-08-01 13:23 - 2013-08-01 13:23 - 00000000 _____ C:\Documents and Settings\John Flynn\notepad.exe
2013-07-30 16:43 - 2013-07-30 16:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-07-28 15:47 - 2013-07-28 15:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-07-20 16:05 - 2013-07-20 16:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real
2013-07-15 17:09 - 2013-07-15 17:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-13 11:53 - 2013-07-30 16:43 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-13 11:53 - 2013-07-13 11:53 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2013-07-12 15:00 - 2013-07-12 17:08 - 00000000 ____D C:\Documents and Settings\John Flynn\Caliber Library (Zombie Coll)
2013-07-10 04:09 - 2013-07-10 04:09 - 00128627 _____ C:\WINDOWS\KB2834904.log
2013-07-10 04:09 - 2013-07-10 04:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-10 04:06 - 2013-07-10 04:07 - 00129454 _____ C:\WINDOWS\KB2834886.log
2013-07-10 04:06 - 2013-07-10 04:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-10 04:06 - 2013-07-10 04:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-10 04:05 - 2013-07-10 04:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-10 03:37 - 2013-07-10 03:42 - 00133724 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-10 02:47 - 2013-07-10 04:06 - 00135712 _____ C:\WINDOWS\KB2850851.log
2013-07-10 02:47 - 2013-07-10 04:05 - 00135549 _____ C:\WINDOWS\KB2845187.log

==================== One Month Modified Files and Folders =======

2013-08-03 13:47 - 2013-08-03 13:47 - 00000000 ____D C:\FRST
2013-08-03 13:44 - 2013-08-03 13:46 - 01222124 _____ (Farbar) C:\Documents and Settings\Administrator.DG68QG21\Desktop\FRST.exe
2013-08-03 13:44 - 2013-08-03 13:46 - 01222124 _____ (Farbar) C:\Documents and Settings\Administrator.DG68QG21\Desktop\FRST.exe
2013-08-03 13:03 - 2013-08-03 13:03 - 00001487 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\Windows Explorer.lnk
2013-08-03 13:03 - 2013-08-03 13:03 - 00001487 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\Windows Explorer.lnk
2013-08-03 13:01 - 2004-08-01 20:20 - 00000000 ___RD C:\Documents and Settings\Administrator.DG68QG21\Start Menu\Programs\Accessories
2013-08-03 13:00 - 2013-08-03 13:00 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Malwarebytes
2013-08-03 13:00 - 2013-08-03 13:00 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Malwarebytes
2013-08-03 13:00 - 2003-02-25 20:09 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL
2013-08-02 21:00 - 2004-10-30 15:07 - 01985376 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-02 21:00 - 2004-08-01 20:20 - 00000178 ___SH C:\Documents and Settings\Administrator.DG68QG21\NTUSER.INI
2013-08-02 21:00 - 2004-08-01 20:20 - 00000178 ___SH C:\Documents and Settings\Administrator.DG68QG21\NTUSER.INI
2013-08-02 20:41 - 2013-08-02 20:41 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Macromedia
2013-08-02 20:41 - 2013-08-02 20:41 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Macromedia
2013-08-02 20:17 - 2013-08-02 20:03 - 00000000 ____D C:\( ) DDS 08022013
2013-08-02 20:14 - 2013-08-02 20:13 - 00006480 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.zip
2013-08-02 20:14 - 2013-08-02 20:13 - 00006480 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.zip
2013-08-02 20:10 - 2013-08-02 20:10 - 00000736 _____ C:\Documents and Settings\All Users\Desktop\WinZip.lnk
2013-08-02 20:10 - 2003-03-21 17:45 - 00000000 ____D C:\Program Files\WinZip
2013-08-02 20:02 - 2013-08-02 20:02 - 00031741 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.txt
2013-08-02 20:02 - 2013-08-02 20:02 - 00031741 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\attach.txt
2013-08-02 20:02 - 2013-08-02 20:02 - 00013142 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.txt
2013-08-02 20:02 - 2013-08-02 20:02 - 00013142 _____ C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.txt
2013-08-02 19:59 - 2013-08-02 19:59 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.com
2013-08-02 19:59 - 2013-08-02 19:59 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator.DG68QG21\Desktop\dds.com
2013-08-02 19:28 - 2011-12-17 08:52 - 00000080 _____ C:\WINDOWS\system32\Drivers\etc\NetLoc.wlt
2013-08-02 19:27 - 2003-02-25 20:11 - 00032422 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-02 19:27 - 2003-02-25 20:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-02 19:27 - 2002-09-03 10:53 - 00000353 _____ C:\WINDOWS\WIADEBUG.LOG
2013-08-02 19:26 - 2012-12-10 13:06 - 00000064 _____ C:\WINDOWS\system32\Drivers\etc\NetAR.wlt.bck
2013-08-02 19:26 - 2012-12-10 13:06 - 00000064 _____ C:\WINDOWS\system32\Drivers\etc\NetAR.wlt
2013-08-02 19:26 - 2011-12-16 16:44 - 00000088 _____ C:\WINDOWS\system32\Drivers\etc\NetAdapt.cfg.bck
2013-08-02 19:26 - 2011-12-16 16:44 - 00000088 _____ C:\WINDOWS\system32\Drivers\etc\NetAdapt.cfg
2013-08-02 19:26 - 2003-03-03 21:42 - 00000278 ___SH C:\Documents and Settings\John Flynn\NTUSER.INI
2013-08-02 19:24 - 2012-12-10 13:07 - 00000068 _____ C:\WINDOWS\system32\Drivers\etc\NetFlt.cfg.bck
2013-08-02 19:24 - 2012-12-10 13:07 - 00000068 _____ C:\WINDOWS\system32\Drivers\etc\NetFlt.cfg
2013-08-02 19:23 - 2013-06-13 19:16 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-02 19:23 - 2002-09-03 10:53 - 00000048 _____ C:\WINDOWS\WIASERVC.LOG
2013-08-02 19:20 - 2004-11-12 19:47 - 00000000 ____D C:\StartUpList
2013-08-02 13:09 - 2010-12-12 17:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-02 13:06 - 2013-08-02 13:06 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\SUPERAntiSpyware.com
2013-08-02 13:06 - 2013-08-02 13:06 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\SUPERAntiSpyware.com
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\PrivacIE
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\PrivacIE
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Adobe
2013-08-02 13:05 - 2013-08-02 13:05 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21\Application Data\Adobe
2013-08-02 13:05 - 2004-08-01 20:20 - 00000000 ____D C:\Documents and Settings\Administrator.DG68QG21
2013-08-02 13:04 - 2013-08-02 13:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\IETldCache
2013-08-02 13:04 - 2013-08-02 13:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DG68QG21\IETldCache
2013-08-02 12:56 - 2012-12-10 13:08 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\WnmFlt.cfg.bck
2013-08-02 12:56 - 2012-12-10 13:08 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\WnmFlt.cfg
2013-08-02 12:56 - 2012-12-10 13:08 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.cfg.bck
2013-08-02 12:56 - 2012-12-10 13:08 - 00000056 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.cfg
2013-08-02 12:56 - 2012-12-10 13:07 - 00000252 _____ C:\WINDOWS\system32\Drivers\etc\IdsFlt.cfg.bck
2013-08-02 12:56 - 2012-12-10 13:07 - 00000252 _____ C:\WINDOWS\system32\Drivers\etc\IdsFlt.cfg
2013-08-02 12:56 - 2012-12-10 12:58 - 00001132 _____ C:\WINDOWS\system32\Drivers\APPFLTR.CFG.bck
2013-08-02 12:56 - 2012-12-10 12:58 - 00001132 _____ C:\WINDOWS\system32\Drivers\APPFLTR.CFG
2013-08-02 06:03 - 2012-12-10 13:07 - 00013880 _____ C:\WINDOWS\system32\Drivers\COMFiltr.sys
2013-08-02 06:03 - 2012-12-10 12:58 - 00303044 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.rls.bck
2013-08-02 06:03 - 2012-12-10 12:58 - 00303044 _____ C:\WINDOWS\system32\Drivers\etc\DsaFlt.rls
2013-08-02 06:03 - 2011-12-17 08:52 - 00000080 _____ C:\WINDOWS\system32\Drivers\etc\NetLoc.wlt.bck
2013-08-02 06:03 - 2007-12-26 10:53 - 00000432 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{67EB1B04-375D-4C57-805D-B84B0FFFD548}.job
2013-08-02 06:00 - 2013-08-01 23:04 - 00000426 ____H C:\WINDOWS\Tasks\{EEF2C9ED-98DA-40BC-837C-8F3903CFF191}.job
2013-08-02 06:00 - 2013-08-01 13:25 - 00000416 ____H C:\WINDOWS\Tasks\{4FE38D58-303E-4F8B-87D7-8DAFA23FB1A7}.job
2013-08-01 23:04 - 2013-08-01 23:04 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad
2013-08-01 22:31 - 2013-06-13 19:16 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 20:40 - 2012-12-09 16:00 - 00000464 _____ C:\WINDOWS\Tasks\At2.job
2013-08-01 15:52 - 2003-03-03 21:42 - 00000000 ____D C:\Documents and Settings\John Flynn
2013-08-01 15:00 - 2012-12-09 16:00 - 00000464 _____ C:\WINDOWS\Tasks\At3.job
2013-08-01 14:00 - 2012-12-09 16:00 - 00000464 _____ C:\WINDOWS\Tasks\At4.job
2013-08-01 13:29 - 2012-12-10 12:58 - 00275204 _____ C:\WINDOWS\system32\Drivers\APPFCONT.DAT.bck
2013-08-01 13:29 - 2012-12-10 12:58 - 00275204 _____ C:\WINDOWS\system32\Drivers\APPFCONT.DAT
2013-08-01 13:26 - 2013-08-01 13:25 - 00000000 ____D C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad
2013-08-01 13:25 - 2013-08-01 13:25 - 00839168 _____ (TorchSoft) C:\Documents and Settings\All Users\Application Data\wmdefender.exe
2013-08-01 13:25 - 2013-08-01 13:25 - 00000807 _____ C:\Documents and Settings\All Users\Desktop\Internet Security Pro.lnk
2013-08-01 13:24 - 2013-08-01 13:24 - 00000000 _____ C:\Documents and Settings\John Flynn\jqs.exe
2013-08-01 13:23 - 2013-08-01 13:23 - 00000000 _____ C:\Documents and Settings\John Flynn\notepad.exe
2013-08-01 13:14 - 2003-09-08 18:11 - 00368452 _____ C:\WINDOWS\cdPlayer.ini
2013-08-01 10:10 - 2012-12-09 16:00 - 00000464 _____ C:\WINDOWS\Tasks\At1.job
2013-07-31 19:42 - 2006-12-01 19:29 - 00000000 ____D C:\Documents and Settings\John Flynn\Application Data\uTorrent
2013-07-30 23:43 - 2013-06-13 19:20 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-07-30 17:38 - 2007-02-23 19:01 - 00000000 ____D C:\Books
2013-07-30 16:43 - 2013-07-30 16:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-07-30 16:43 - 2013-07-13 11:53 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-29 16:57 - 2009-09-16 16:31 - 00000000 ____D C:\Ryan Price list and recipes
2013-07-29 16:51 - 2003-03-07 16:57 - 00002483 _____ C:\Documents and Settings\John Flynn\Desktop\Microsoft Word.lnk
2013-07-29 10:41 - 2013-03-27 11:50 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2013-07-28 17:03 - 2003-02-25 19:53 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-07-28 15:47 - 2013-07-28 15:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-07-27 17:04 - 2010-01-08 20:31 - 00000000 ____D C:\Documents and Settings\John Flynn\Calibre Library
2013-07-20 16:05 - 2013-07-20 16:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real
2013-07-18 19:25 - 2013-04-27 11:03 - 00000000 ____D C:\Documents and Settings\John Flynn\Caliber Library B
2013-07-15 17:19 - 2013-07-15 17:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-15 17:03 - 2008-12-08 14:41 - 00666576 _____ C:\WINDOWS\setupapi.log
2013-07-13 11:53 - 2013-07-13 11:53 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2013-07-13 09:47 - 2006-07-22 17:39 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-07-12 17:08 - 2013-07-12 15:00 - 00000000 ____D C:\Documents and Settings\John Flynn\Caliber Library (Zombie Coll)
2013-07-10 05:01 - 2003-02-25 20:17 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-10 04:46 - 2012-12-09 16:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 04:46 - 2002-09-30 07:15 - 00376056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-10 04:15 - 2003-02-25 20:10 - 00602398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-10 04:09 - 2013-07-10 04:09 - 00128627 _____ C:\WINDOWS\KB2834904.log
2013-07-10 04:09 - 2013-07-10 04:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-10 04:09 - 2002-09-30 07:16 - 01239987 _____ C:\WINDOWS\TSOC.LOG
2013-07-10 04:09 - 2002-09-30 07:16 - 00509932 _____ C:\WINDOWS\IIS6.LOG
2013-07-10 04:09 - 2002-09-03 11:04 - 00970138 _____ C:\WINDOWS\COMSETUP.LOG
2013-07-10 04:09 - 2002-09-03 11:04 - 00589024 _____ C:\WINDOWS\ntdtcsetup.log
2013-07-10 04:09 - 2002-09-03 11:04 - 00001374 _____ C:\WINDOWS\imsins.log
2013-07-10 04:09 - 2002-09-03 10:56 - 03228553 _____ C:\WINDOWS\FaxSetup.log
2013-07-10 04:09 - 2002-09-03 10:56 - 01566472 _____ C:\WINDOWS\OCGEN.LOG
2013-07-10 04:09 - 2002-09-03 10:56 - 00161568 _____ C:\WINDOWS\MSGSOCM.LOG
2013-07-10 04:09 - 2002-09-03 10:56 - 00151733 _____ C:\WINDOWS\OCMSN.LOG
2013-07-10 04:07 - 2013-07-10 04:06 - 00129454 _____ C:\WINDOWS\KB2834886.log
2013-07-10 04:07 - 2002-09-03 11:04 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-07-10 04:06 - 2013-07-10 04:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-07-10 04:06 - 2013-07-10 04:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-07-10 04:06 - 2013-07-10 02:47 - 00135712 _____ C:\WINDOWS\KB2850851.log
2013-07-10 04:05 - 2013-07-10 04:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-07-10 04:05 - 2013-07-10 02:47 - 00135549 _____ C:\WINDOWS\KB2845187.log
2013-07-10 03:42 - 2013-07-10 03:37 - 00133724 _____ C:\WINDOWS\KB2846071-IE8.log
2013-07-10 03:41 - 2005-08-22 20:07 - 00425766 _____ C:\WINDOWS\updspapi.log
2013-07-10 03:40 - 2010-07-11 09:57 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-10 03:02 - 2008-12-06 19:03 - 00000000 ____D C:\WINDOWS\system32\XPSViewer

ZeroAccess:
C:\RECYCLER\S-1-5-21-1557272208-2023390021-2826664556-1006\$4598ce333e0cce4d13c9878099f06069

Files to move or delete:
====================
C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe
C:\Documents and Settings\John Flynn\jqs.exe
C:\Documents and Settings\John Flynn\notepad.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\{4FE38D58-303E-4F8B-87D7-8DAFA23FB1A7}.job
C:\Windows\Tasks\{EEF2C9ED-98DA-40BC-837C-8F3903CFF191}.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

*******************************************************************************************************************************

 

As directed, here is the "Additional.txt" file:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-08-2013 01
Ran by Administrator at 2013-08-03 13:49:18
Running from C:\Documents and Settings\Administrator.DG68QG21\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Installed Programs =======================

Acronis True Image Home (Version: 11.0.8101)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Reader 9 (Version: 9.0.0)
Amazon Kindle
Anti-Spyware (Version: 5.6.608)
Apple Mobile Device Support (Version: 1.1.4.7)
Apple Software Update (Version: 2.0.2.92)
Authentium (Version: 4.93.7)
AutoCAD 2000 Migration Assistance
AutoUpdate (Version: 1.0)
Bing Bar (Version: 7.1.391.0)
Bonjour (Version: 1.0.104)
calibre (Version: 0.9.33)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities EOS Utility (Version: 1.1.0.8)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.0.20)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Citrix online plug-in (Web) (Version: 11.2.2.3)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
ConvertXtoDVD 3 english manual
ConvertXtoDVD 3.5.3.139 (Version: 3.5.3.139)
Coupon Printer for Windows (Version: 5.0.0.0)
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell Picture Studio - Dell Image Expert (Version: 3.4.1)
Dell Solution Center (Version: 1.00.0000)
Dell Support 5.0.0 (766)
Digital Line Detect (Version: 1.06.2)
Digital Voice Recorder (Version: 4.00.0400)
DivX Player (Version: 2.6)
DivX Web Player (Version: 1.4.0)
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDSentry (Version: 1.00.0001)
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
File Uploader (Version: 1.2.0)
FileASSASSIN (Version: 1.06)
FLAC Installer 1.1.2a (remove only) (Version: 1.1.2a)
foobar2000 v1.1.1 (Version: 1.1.1)
Google Chrome (Version: 28.0.1500.95)
Google Update Helper (Version: 1.3.21.153)
Guitar Pro 5.2
Help and Support Customization (Version: 1.00.0000)
HijackThis 1.99.1 (Version: 1.99.1)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.002.005.003)
ImagXpress (Version: 7.0.74.0)
ImgBurn (Version: 2.5.5.0)
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II (Version: 2.00.0020)
iTunes (Version: 7.6.2.9)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 6 Update 5 (Version: 1.6.0.50)
Kits Configuration Installer (Version: 8.59.25584)
K-Lite Codec Pack 3.8.0 Full (Version: 3.8.0)
LiveReg (Symantec Corporation) (Version: 2.1.5.1502)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Magic ISO Maker v5.5 (build 0261)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Shredder (Version: 1.00.0000)
MediaMonkey 4.0 (Version: 4.0)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft Encarta Encyclopedia Standard 2003 (Version: 2003)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional (Version: 9.00.3821)
Microsoft Picture It! Photo 7.0 (Version: 7.0.0.0000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Streets and Trips 2002 (Version: 9.00.17.0200)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word 2002 (Version: 10.0.6626.0)
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0 (Version: 07.02.0710.1)
Microsoft Works Suite Add-in for Microsoft Word (Version: 2.0.0.0000)
mkw Audio Compression Toolkit
Modem Helper
MotionDV STUDIO 5.6E LE for DV
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 9.00.2062b)
MyDVD
neroxml (Version: 1.0.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.4.0)
NOOK for PC (Version: 2.5.6.9575)
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Paint Shop Pro 7 (Version: 7.05.0000)
Panasonic DVC USB Driver (Version: 2.02.0000)
Panda ActiveScan 2.0 (Version: 01.03.02.0000)
Panda Internet Security 2012 (Version: 17.00.00)
Panda Internet Security 2013 (Version: 18.00.01)
Panda Secure Vault 5
Password Depot 6 - Panda Secure Vault Edition (Version: 6.1.5)
Picture Control Utility (Version: 1.1.5)
PowerDVD
PrimoPDF (Version: 1.00.0000)
Qualxserve Service Agreement (Version: 1.00.0004)
Quick Movie Magic 1.0E
QuickTime (Version: 7.4.5.67)
Real Alternative 1.43 (Version: 1.43)
RegDefense (Version: 4.1.3.3)
RegistryDefense (Version: 4.1.0.5)
SDK Debuggers (Version: 8.59.25584)
Shockwave
SnagIt 6 (Version: 6.1)
Snapshot Viewer
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.5.2)
SpywareBlaster 4.4 (Version: 4.4.0)
Subtitle Workshop 2.51
SUPERAntiSpyware (Version: 4.46.1000)
Uninstall Startup Inspector for Windows
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VeohTV BETA (Version: 3.9.1)
Verizon PC Security Checkup (Version: 1.5.5)
Verizon Quick Support
ViewNX (Version: 1.3.0)
Vivitar Experience Image Manager
VobSub v2.23 (Remove Only)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Software Development Kit (Version: 8.59.25584)
Windows Software Development Kit EULA (Version: 8.59.25584)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip (Version:  8.1  (4331))
Works Suite OS Pack (Version: 3.0.0.0000)
XML Paper Specification Shared Components Pack 1.0
 

==================== Restore Points  =========================

25-05-2013 12:22:19 System Checkpoint
26-05-2013 20:22:28 System Checkpoint
27-05-2013 21:00:51 System Checkpoint
28-05-2013 23:14:57 System Checkpoint
29-05-2013 23:23:25 System Checkpoint
30-05-2013 23:35:10 System Checkpoint
31-05-2013 21:07:07 Installed calibre
01-06-2013 22:00:58 System Checkpoint
02-06-2013 22:37:32 System Checkpoint
03-06-2013 22:53:04 System Checkpoint
04-06-2013 23:59:29 System Checkpoint
06-06-2013 00:40:04 System Checkpoint
07-06-2013 02:11:44 System Checkpoint
08-06-2013 02:26:39 System Checkpoint
09-06-2013 02:38:59 System Checkpoint
10-06-2013 07:40:01 System Checkpoint
11-06-2013 08:35:06 System Checkpoint
13-06-2013 07:01:14 Software Distribution Service 3.0
14-06-2013 16:05:05 System Checkpoint
15-06-2013 16:36:56 System Checkpoint
16-06-2013 18:17:58 System Checkpoint
17-06-2013 20:18:47 System Checkpoint
18-06-2013 22:03:34 System Checkpoint
19-06-2013 23:26:52 System Checkpoint
20-06-2013 23:40:18 System Checkpoint
22-06-2013 00:29:24 System Checkpoint
23-06-2013 01:19:48 System Checkpoint
24-06-2013 02:20:53 System Checkpoint
25-06-2013 02:45:12 System Checkpoint
26-06-2013 03:44:05 System Checkpoint
27-06-2013 04:44:04 System Checkpoint
28-06-2013 05:10:38 System Checkpoint
29-06-2013 06:04:40 System Checkpoint
30-06-2013 07:04:59 System Checkpoint
01-07-2013 08:05:01 System Checkpoint
02-07-2013 08:21:34 System Checkpoint
03-07-2013 08:45:34 System Checkpoint
04-07-2013 09:33:34 System Checkpoint
05-07-2013 10:24:18 System Checkpoint
06-07-2013 11:24:21 System Checkpoint
07-07-2013 12:36:24 System Checkpoint
08-07-2013 14:14:10 System Checkpoint
09-07-2013 14:22:13 System Checkpoint
10-07-2013 07:01:04 Software Distribution Service 3.0
11-07-2013 07:51:45 System Checkpoint
12-07-2013 08:20:31 System Checkpoint
13-07-2013 08:33:49 System Checkpoint
15-07-2013 09:53:20 System Checkpoint
15-07-2013 21:07:09 Software Distribution Service 3.0
16-07-2013 22:12:06 System Checkpoint
17-07-2013 22:39:14 System Checkpoint
19-07-2013 06:44:20 System Checkpoint
28-07-2013 11:31:37 System Checkpoint

==================== Hosts content: ==========================

2007-10-06 12:51 - 2010-12-24 12:04 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISP signup reminder 1.job => ?
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{67EB1B04-375D-4C57-805D-B84B0FFFD548}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{4FE38D58-303E-4F8B-87D7-8DAFA23FB1A7}.job => C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe
Task: C:\WINDOWS\Tasks\{EEF2C9ED-98DA-40BC-837C-8F3903CFF191}.job => C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2013 01:01:09 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (08/01/2013 00:14:24 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 11:30:57 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 11:28:22 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 11:27:53 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 10:56:08 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 10:55:58 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 10:55:48 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 09:19:13 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

Error: (08/01/2013 09:14:56 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.

System errors:
=============
Error: (08/03/2013 01:49:20 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/03/2013 01:46:36 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/03/2013 01:20:27 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (08/03/2013 01:20:27 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (08/03/2013 01:20:27 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}

Error: (08/03/2013 01:16:05 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/03/2013 01:12:08 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/03/2013 01:07:10 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/03/2013 01:07:03 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/03/2013 01:04:05 PM) (Source: DCOM) (User: DG68QG21)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Microsoft Office Sessions:
=========================
Error: (08/03/2013 01:01:09 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C

Error: (08/01/2013 00:14:24 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 11:30:57 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 11:28:22 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 11:27:53 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 10:56:08 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 10:55:58 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 10:55:48 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 09:19:13 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (08/01/2013 09:14:56 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No valid source could be found for product Microsoft Office 2000 SR-1 Professional.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 1023 MB
Available physical RAM: 729.18 MB
Total Pagefile: 2462.94 MB
Available Pagefile: 2338.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.01 GB) (Free:73.69 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:0.96 GB) (Free:0.27 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 980 MB) (Disk ID: 59673CB9)
Partition 1: (Active) - (Size=979 MB) - (Type=06)

==================== End Of Log ============================

 

 

*******************************************************************************************************************************

 

 

Thanks for the help

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:21 PM

Posted 03 August 2013 - 04:11 PM

Hello jflynnde



I need you to download this script I have made for you --> Attached File  fixlist.txt   936bytes   4 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 03 August 2013 - 08:55 PM

Gringo,

 

I did as you instructed and here is the fixlog.txt file:

 

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\RECYCLER\S-1-5-18\$4598ce333e0cce4d13c9878099f06069\o. ATTENTION! ====> ZeroAccess?
HKU\John Flynn\...\Run: [Adobe CSS5.1 Manager] - C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe [ 2013-08-01] () <===== ATTENTION
NETSVC: Ip6FwHlp -> No Registry Path.
C:\RECYCLER\S-1-5-21-1557272208-2023390021-2826664556-1006\$4598ce333e0cce4d13c9878099f06069
C:\Documents and Settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe
C:\Documents and Settings\John Flynn\jqs.exe
C:\Documents and Settings\John Flynn\notepad.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\{4FE38D58-303E-4F8B-87D7-8DAFA23FB1A7}.job
C:\Windows\Tasks\{EEF2C9ED-98DA-40BC-837C-8F3903CFF191}.job
 

Thanks



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:21 PM

Posted 03 August 2013 - 09:16 PM



Hello jflynnde

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 04 August 2013 - 10:41 AM

Gringo,

Let me start off by saying I appreciate your efforts; however, even after the last exe file was run (JRT.exe), I see no difference in the operation of my desktop.

I want to say again, that my PC will only work in "Safe Mode", so I've been doing all these trials (generating all these text log files) from safe mode.

If they need to be run in "Normal Mode", then I might be in real trouble.

 

Anyway, I did as instructed and here is the first text file (AdwCleaner[S1].exe):

 

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 09:56:48
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - DG68QG21
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Administrator.DG68QG21\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [4320 octets] - [04/08/2013 09:56:48]

########## EOF - C:\AdwCleaner[S1].txt - [4380 octets] ##########

 

 

**************************************************************************************************************************

 

Here is the 2nd text file (JRT.txt):

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.2 (08.03.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Sun 08/04/2013 at 10:16:42.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/04/2013 at 10:20:36.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

*************************************************************************************************************************

 

 

Thanks again



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:21 PM

Posted 04 August 2013 - 08:34 PM


Hello jflynnde

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 05 August 2013 - 06:56 AM

Gringo,

I have a problem trying to run ComboFix; you wanted me to turn off my anti-virus software (I'm

running Panda IS 2013) and I can't find it. Your links say to right click on the Panda-Head in

the bottom right (I think that's called the system tray?), however, I don't see one. I'm running

in Safe Mode at the moment, but I've tried using the Panda-head to turn it off (when running in

Normal Mode) and it would just come right back on. So I then tried killing Panda from the Task

Manager, but from Safe Mode, Task Manager doesen't give you a Description for all the processes

that are running so I have no idea what to turn off. I went to the "View" pulldown and selected

"Columns" but there's nothing to check that says "Description". At the moment, the only things

checked are shown below (Image name, user name, CPU and Mem usage) and when I look at the

processes displayed in task manager, I see the following (I didn't list anything under the

columns for CPU and Mem Usage; because it was very useful; at least it didn't seem like it to

me):

 

Image Name           User Name        CPU    Mem Usage

 

SASCORE.exe          SYSTEM          
svchost.exe          LOCAL SERVICE
svchost.exe          NETWORK SERVICE
svchost.exe          SYSTEM
svchost.exe          NETWORK SERVICE
svchost.exe          SYSTEM
lsass.exe            SYSTEM
services.exe         SYSTEM
winlogon.exe         SYSTEM
csrss.exe            SYSTEM
smss.exe             SYSTEM
taskmgr.exe          Administrator
explorer.exe         Administrator
System               SYSTEM
System Idle Process  SYSTEM

 

I tried looking up each one of these files and the only one that appears anti-virus related is

"SASCORE.EXE" (my search, said it was used with SuperAntiSpyware - I will go back home tonight

and try ending that to see what happens).

 

But, last night I didn't know what (if any) process to end (and with no descriptors listed), so

I tried running ComboFix and it displayed a pop-up saying that it determined Panda IS 2013 was

running and I needed to turn it off; I hit the "X" (at the top right of the pop-up instead of

using the <OK> button) hoping that it would terminate ComboFix but it didn't. Another pop-up was

displayed saying that Panda was still running and I should proceed at my own risk - since there

was no option to terminate this program, I chickened out and hit the power switch.

 

Like I said earlier, tonight I'll try ending the process "SASCORE.EXE" but if you can't point me

towards another file in the process list to "end", then I'm stuck. Should I just go ahead and

run ComboFix or do you have some other trick I can use, to turn off Panda?

 

Thanks

 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:21 PM

Posted 05 August 2013 - 09:45 AM

Hello

Go ahead and run it and you can even try in safe mode


grin go
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 05 August 2013 - 05:51 PM

Gringo,

I tried to the "End Process" on the SASCORE.exe file from Task Manager but it just kept coming right back; did it several times and then finally gave up.

As instructed, I proceeded to run ComboFix in Safe Mode and it gave me the same 2 warning pop-ups about Panda IS 2013 still running and I ignored them; proceeding to let it run. It went fine for awhile (one of the first lines it displayed, was that this should take around 10 minutes but could double that for severly infected computers), so after one hour I'm thinking it's hosed-up. The screen hasn't changed in about 30 minutes; On the screen I see:

 

Completed Stage_45
Completed Stage_46
Completed Stage_47
Completed Stage_48
Completed Stage_49
Completed Stage_50

 

Deleting Files:

 

C:\Documents and Settings\All Users\Application Data\0tbpw.pad
C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
C:\Documents and Settings\All Users\Application Data\wmdefender.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-
1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe

 

Deleting Folders:

 

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\John Flynn\Local Settings\Application Data\.#
C:\Documents and Settings\John Flynn\WINDOWS
C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-
1303-433a-bfc1-6b582bd25551ad

__

 

The "__" at the bottom, represents the flashing cursor; that's all I've got and so, here I sit.
Should I re-start the computer (back to Safe Mode) and try running ComboFix again?

 

Thanks

 



#12 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 05 August 2013 - 05:55 PM

Hi Gringo,

 

I tried to do the "End Process" on the SASCORE.exe file from Task Manager but it just kept coming right back; did it several times and then finally gave up.

As instructed, I proceeded to run ComboFix in Safe Mode and it gave me the same 2 warning pop-ups about Panda IS 2013 still running and I ignored them; proceeding to let it run. It went fine for awhile (one of the first lines it displayed, was that this should take around 10 minutes but could double that for severly infected computers), so after one hour I'm thinking it's hosed-up. The screen hasn't changed in about 30 minutes; On the screen I see:

 

Completed Stage_45
Completed Stage_46
Completed Stage_47
Completed Stage_48
Completed Stage_49
Completed Stage_50

 

Deleting Files:

 

C:\Documents and Settings\All Users\Application Data\0tbpw.pad
C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
C:\Documents and Settings\All Users\Application Data\wmdefender.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-
1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe

 

Deleting Folders:

 

C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\John Flynn\Local Settings\Application Data\.#
C:\Documents and Settings\John Flynn\WINDOWS
C:\Documents and Settings\LocalService\Local Settings\Application Data\1dce0e75-
1303-433a-bfc1-6b582bd25551ad

__

 

The "__" at the bottom, represents the flashing cursor; that's all I've got and so, here I sit.
Should I re-start the computer (back to Safe Mode) and try running ComboFix again?

 

Thanks



#13 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 05 August 2013 - 08:11 PM

Gringo,

Please ignore my previous "double" post. Apparently, ComboFix wasn't hosed-up; it just took a couple of hours to do whatever it was doing. Here's the ComboFix log:

 

ComboFix 13-08-05.03 - Administrator 08/05/2013  17:19:01.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.788 [GMT -4:00]
Running from: c:\documents and settings\Administrator.DG68QG21\Desktop\ComboFix.exe
AV: Panda Internet Security 2013 *Enabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2013 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\0tbpw.pad
c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\wmdefender.exe
c:\documents and settings\John Flynn\Local Settings\Application Data\.#
c:\documents and settings\John Flynn\WINDOWS
c:\documents and settings\LocalService\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad
c:\documents and settings\LocalService\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad\dceeabfcbbdad.exe
C:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-06 to 2013-08-06  )))))))))))))))))))))))))))))))
.
.
2013-08-04 14:16 . 2013-08-04 14:16 -------- d-----w- c:\windows\ERUNT
2013-08-04 13:55 . 2013-08-04 14:53 -------- d-----w- C:\( ) AdwCleaner
2013-08-04 13:55 . 2013-08-04 14:53 -------- d-----w- C:\( ) JunkRemovalTool
2013-08-03 18:16 . 2013-08-04 01:40 -------- d-----w- C:\( ) FRST 08032013
2013-08-03 17:47 . 2013-08-03 17:47 -------- d-----w- C:\FRST
2013-08-03 17:00 . 2013-08-03 17:00 -------- d-----w- c:\documents and settings\Administrator.DG68QG21\Application Data\Malwarebytes
2013-08-03 00:03 . 2013-08-03 17:52 -------- d-----w- C:\( ) DDS 08022013
2013-08-02 17:06 . 2013-08-02 17:06 -------- d-----w- c:\documents and settings\Administrator.DG68QG21\Application Data\SUPERAntiSpyware.com
2013-08-02 17:05 . 2013-08-02 17:05 -------- d-sh--w- c:\documents and settings\Administrator.DG68QG21\PrivacIE
2013-08-02 17:04 . 2013-08-02 17:04 -------- d-sh--w- c:\documents and settings\Administrator.DG68QG21\IETldCache
2013-08-01 17:25 . 2013-08-04 01:39 -------- d-----w- c:\documents and settings\John Flynn\Local Settings\Application Data\1dce0e75-1303-433a-bfc1-6b582bd25551ad
2013-07-23 15:17 . 2013-07-23 15:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-07-15 21:09 . 2013-07-15 21:19 -------- d-----w- c:\windows\system32\MRT
2013-07-12 19:00 . 2013-07-12 21:08 -------- d-----w- c:\documents and settings\John Flynn\Caliber Library (Zombie Coll)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-04 15:52 . 2012-12-10 17:07 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2013-06-08 03:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-06-23 15:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2002-08-29 11:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2002-08-29 11:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-23 22:21 . 2013-05-23 22:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-23 22:21 . 2012-01-02 15:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 04:28 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2009-10-26 20:05 . 2009-10-26 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-10-26 20:10 . 2009-10-26 20:10 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-10-26 20:08 . 2009-10-26 20:08 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-10-26 20:09 . 2009-10-26 20:09 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-10-26 20:08 . 2009-10-26 20:08 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-10-26 20:06 . 2009-10-26 20:06 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-10-26 20:08 . 2009-10-26 20:08 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-10-26 20:09 . 2009-10-26 20:09 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-19 22:58 . 2009-10-19 22:58 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-10-26 20:08 . 2009-10-26 20:08 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2002-08-29 11:00 92032 --shatr- c:\windows\SYSTEM32\mga.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 21:22 1307728 ----a-w- c:\program files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RDListener"="c:\program files\Registry Defense\RDListener.exe" [2009-02-07 115312]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"RDFNSListener"="c:\program files\RegDefense\RDFNSListener.exe" [2010-12-06 105472]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-10-26 103768]
"RDFNSAgent"="c:\program files\RegDefense\RDFNSAgent.exe" [2010-12-06 211456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE" [2012-11-07 1037600]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2013\Inicio.exe" [2012-06-08 70432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-25 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-3-21 106560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 17:55 55552 ----a-w- c:\windows\SYSTEM32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\SYSTEM32\DRIVERS\NETFLTDI.SYS [12/10/2012 12:57 PM 159112]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R3 NETIMFLT01060044;PANDA NDIS IM Filter v1.6.0.44;c:\windows\SYSTEM32\DRIVERS\neti1644.sys [12/10/2012 12:56 PM 201032]
S0 pavboot;Panda boot driver;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [12/10/2012 12:57 PM 26696]
S1 APPFLT;App Filter Plugin;c:\windows\SYSTEM32\DRIVERS\APPFLT.SYS [12/10/2012 12:57 PM 83528]
S1 DSAFLT;DSA Filter Plugin;c:\windows\SYSTEM32\DRIVERS\dsaflt.sys [12/10/2012 12:58 PM 53256]
S1 FNETMON;NetMon Filter Plugin;c:\windows\SYSTEM32\DRIVERS\fnetmon.sys [12/10/2012 12:57 PM 22024]
S1 IDSFLT;Ids Filter Plugin;c:\windows\SYSTEM32\DRIVERS\idsflt.sys [12/10/2012 12:58 PM 193864]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
S1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [12/10/2012 12:55 PM 37448]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\SYSTEM32\DRIVERS\wnmflt.sys [12/10/2012 12:58 PM 46856]
S2 AmFSM;AmFSM;c:\windows\SYSTEM32\DRIVERS\amm8651.sys [12/10/2012 12:56 PM 63240]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 5:22 PM 193616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2013 7:16 PM 116648]
S2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [12/10/2012 12:55 PM 164488]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2013\psksvc.exe [12/10/2012 12:57 PM 28992]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 5:22 PM 240208]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\SYSTEM32\DRIVERS\COMFiltr.sys [12/10/2012 1:07 PM 13880]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2013 7:16 PM 116648]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [3/9/2008 6:13 PM 47360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 03:31 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-13 23:16]
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-13 23:16]
.
2003-03-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2013-08-04 c:\windows\Tasks\User_Feed_Synchronization-{67EB1B04-375D-4C57-805D-B84B0FFFD548}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~2\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-05 20:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?` ????B???@?????P?????@?? ??????~?B~??????????@???????????????????B?????l ???????????????????P??????r?B
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1557272208-2023390021-2826664556-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,70,9d,d1,1f,a7,1a,4f,ae,96,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,70,9d,d1,1f,a7,1a,4f,ae,96,5c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2db7b099-5213-4978-a7d0-95219e8f05f2}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\ffesym.dll"
"ThreadingModel"="free"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1064)
c:\windows\SYSTEM32\avldr.dll
c:\windows\System32\l3codeca.acm
c:\windows\System32\ctmp3.acm
c:\windows\SYSTEM32\ac3acm.acm
c:\windows\SYSTEM32\lameACM.acm
c:\windows\system32\IEFRAME.dll
.
Completion time: 2013-08-05  20:10:37
ComboFix-quarantined-files.txt  2013-08-06 00:10
.
Pre-Run: 79,623,426,048 bytes free
Post-Run: 83,273,482,240 bytes free
.
- - End Of File - - 8F399C232A31A711BF1BA43DB2E2F8B4
8F558EB6672622401DA993E1E865C861

 

 

 

 

I just re-started my computer (in Normal Mode!!); LOOK MOM! NO "INTERNET SECURITY" ERROR POP-UPS!!!
So far it looks:

Internet Explorer - working (after "Unblocking" the Windows firewall and letting Panda do it's thing; why the windows firewall was on, is unknown to me?)
E-Mail - working
Windows Explorer - working
Notepad - working
Paint - working
Excel - working
Word - working

I really appreciate your help. This is excellent. Next stop, Paypal donation!
Is there anything I should do next?
Is there software you recommend that I should be running?

Thankgs again

 

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:21 PM

Posted 05 August 2013 - 10:02 PM


Hello jflynnde

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\SYSTEM32\mga.dll
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 August 2013 - 06:14 PM

Gringo,

This trial went pretty well. I was able to make this attemp at running ComboFix.exe (with your script), from "Normal Mode" (not Safe Mode).
I was also able to turn off my Panda IS 2013 from the system tray without any problems; so I didn't get any pop-up errors this time.
The program finished a LOT faster this time; about 30 minutes instead of hours.
Everything I've tried since this "ComboFix" run, has seemed to work; e-mail, internet explorer, Google Chrome, notepad,
Adobe Reader, Kindle for PC, Calibre - everything I've tried, works.
I did an update for Malwarebytes, and I'm running a scan on that PC as we speak - so far, everything looks clean.

 

Here is the ComboFix log:

 

 

ComboFix 13-08-05.03 - John Flynn 08/06/2013  17:51:06.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1023.579 [GMT -4:00]
Running from: c:\documents and settings\John Flynn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John Flynn\Desktop\CFScript.txt
AV: Panda Internet Security 2013 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2013 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
FILE ::
"c:\windows\SYSTEM32\mga.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Desktop\Internet Security Pro.lnk
c:\windows\help\wmplayer.bak
c:\windows\system32\regobj.dll
c:\windows\system32\rnaph.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-06 to 2013-08-06  )))))))))))))))))))))))))))))))
.
.
2013-08-06 00:41 . 2013-08-06 00:42 -------- d-----w- C:\( ) ComboFix
2013-08-04 14:16 . 2013-08-04 14:16 -------- d-----w- c:\windows\ERUNT
2013-08-04 13:55 . 2013-08-04 14:53 -------- d-----w- C:\( ) AdwCleaner
2013-08-04 13:55 . 2013-08-04 14:53 -------- d-----w- C:\( ) JunkRemovalTool
2013-08-03 18:16 . 2013-08-04 01:40 -------- d-----w- C:\( ) FRST 08032013
2013-08-03 17:47 . 2013-08-03 17:47 -------- d-----w- C:\FRST
2013-08-03 17:00 . 2013-08-03 17:00 -------- d-----w- c:\documents and settings\Administrator.DG68QG21\Application Data

\Malwarebytes
2013-08-03 00:03 . 2013-08-03 17:52 -------- d-----w- C:\( ) DDS 08022013
2013-08-02 17:06 . 2013-08-02 17:06 -------- d-----w- c:\documents and settings\Administrator.DG68QG21\Application Data

\SUPERAntiSpyware.com
2013-08-02 17:05 . 2013-08-02 17:05 -------- d-sh--w- c:\documents and settings\Administrator.DG68QG21\PrivacIE
2013-08-02 17:04 . 2013-08-02 17:04 -------- d-sh--w- c:\documents and settings\Administrator.DG68QG21\IETldCache
2013-08-01 17:25 . 2013-08-04 01:39 -------- d-----w- c:\documents and settings\John Flynn\Local Settings\Application Data

\1dce0e75-1303-433a-bfc1-6b582bd25551ad
2013-07-23 15:17 . 2013-07-23 15:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-07-15 21:09 . 2013-07-15 21:19 -------- d-----w- c:\windows\system32\MRT
2013-07-12 19:00 . 2013-07-12 21:08 -------- d-----w- c:\documents and settings\John Flynn\Caliber Library (Zombie Coll)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 21:16 . 2012-12-10 17:07 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2013-06-08 03:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-06-23 15:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2002-08-29 11:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2002-08-29 11:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-23 22:21 . 2013-05-23 22:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-23 22:21 . 2012-01-02 15:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 04:28 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2009-10-26 20:05 . 2009-10-26 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-10-26 20:10 . 2009-10-26 20:10 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-10-26 20:08 . 2009-10-26 20:08 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-10-26 20:09 . 2009-10-26 20:09 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-10-26 20:08 . 2009-10-26 20:08 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-10-26 20:06 . 2009-10-26 20:06 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-10-26 20:08 . 2009-10-26 20:08 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-10-26 20:09 . 2009-10-26 20:09 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-19 22:58 . 2009-10-19 22:58 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-10-26 20:08 . 2009-10-26 20:08 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2002-08-29 11:00 92032 --shatr- c:\windows\SYSTEM32\mga.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-06-11 21:22 1307728 ----a-w- c:\program files\Microsoft\BingBar\7.1.391.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RDListener"="c:\program files\Registry Defense\RDListener.exe" [2009-02-07 115312]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"RDFNSListener"="c:\program files\RegDefense\RDFNSListener.exe" [2010-12-06 105472]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-10-26 103768]
"RDFNSAgent"="c:\program files\RegDefense\RDFNSAgent.exe" [2010-12-06 211456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2013\APVXDWIN.EXE" [2012-11-07 1037600]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2013\Inicio.exe" [2012-06-08 70432]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-25 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2003-3-21 106560]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 17:55 55552 ----a-w- c:\windows\SYSTEM32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Panda Security\\Panda Internet Security 2013\\ApVxdWin.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [12/10/2012 12:57 PM 26696]
R1 APPFLT;App Filter Plugin;c:\windows\SYSTEM32\DRIVERS\APPFLT.SYS [12/10/2012 12:57 PM 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\SYSTEM32\DRIVERS\dsaflt.sys [12/10/2012 12:58 PM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\SYSTEM32\DRIVERS\fnetmon.sys [12/10/2012 12:57 PM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\SYSTEM32\DRIVERS\idsflt.sys [12/10/2012 12:58 PM 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\SYSTEM32\DRIVERS\NETFLTDI.SYS [12/10/2012 12:57 PM 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [12/10/2012 12:55 PM 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\SYSTEM32\DRIVERS\wnmflt.sys [12/10/2012 12:58 PM 46856]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 AmFSM;AmFSM;c:\windows\SYSTEM32\DRIVERS\amm8651.sys [12/10/2012 12:56 PM 63240]
R2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [12/10/2012 12:55 PM 164488]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2013\psksvc.exe [12/10/2012 12:57 PM 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 5:22 PM 240208]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\SYSTEM32\DRIVERS\COMFiltr.sys [12/10/2012 1:07 PM 13880]
R3 NETIMFLT01060044;PANDA NDIS IM Filter v1.6.0.44;c:\windows\SYSTEM32\DRIVERS\neti1644.sys [12/10/2012 12:56 PM 201032]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [3/9/2008 6:13 PM 47360]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 5:22 PM 193616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2013 7:16 PM 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2013 7:16 PM 116648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 03:31 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-13 23:16]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-13 23:16]
.
2003-03-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2013-08-06 c:\windows\Tasks\User_Feed_Synchronization-{67EB1B04-375D-4C57-805D-B84B0FFFD548}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: musicmatch.com
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-06 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@??

C?????E?@?????????@?B???A????? ?A?` ????B???@?????P?????@?? ??????~?B~??????????@?O?????????????????B?????l ??????????????????????????r?B
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1557272208-2023390021-2826664556-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2db7b099-5213-4978-a7d0-95219e8f05f2}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\ffesym.dll"
"ThreadingModel"="free"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\avldr.dll
.
Completion time: 2013-08-06  18:15:39
ComboFix-quarantined-files.txt  2013-08-06 22:15
.
Pre-Run: 82,097,774,592 bytes free
Post-Run: 83,625,934,848 bytes free
.
- - End Of File - - A0F5DFC6A94A7BD79BBE2CF73C0AF536
8F558EB6672622401DA993E1E865C861

 

 

I'll check back to see if you have any other recommendations or suggestions.
Thank you, thank you, thank you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users