Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan and possible rootkit-- please help Me!!


  • Please log in to reply
25 replies to this topic

#1 cjsafrit

cjsafrit

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2013 - 03:29 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2013/08/09 14:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6C81000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C9000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6831000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF731C000 Size: 385024 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7222000 Size: 950272 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\ǫǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\ǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\ǫ又ǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\ȁ
Status: Locked to the Windows API!

Path: C:\WINDOWS\Ά
Status: Locked to the Windows API!

Path: C:\WINDOWS\և
Status: Locked to the Windows API!

Path: C:\WINDOWS\ـǫـǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\又ძ
Status: Locked to the Windows API!

Path: C:\WINDOWS\叐ǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\提ǫ提ǫ
Status: Locked to the Windows API!

Hidden Services
-------------------
Service Name: MBAMSwissArmy
Image Path: C:\WINDOWS\system32\drivers\mbamswissarmy.sys

==EOF==


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Carrie :: D24VZ5C1 [administrator]

Protection: Disabled

8/8/2013 9:32:40 PM
mbam-log-2013-08-08 (21-32-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 293889
Time elapsed: 47 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)




I've run tdss killer, malwarebyts anti-rootkit, gmer, and rootrepeal. I dont know what to do next! I have little to no knowledge about computer systems, so dumb it down please!!!
Thanks :)

BC AdBot (Login to Remove)

 


#2 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2013 - 03:34 PM

Sorry root repeal data was incomplete. I'll try to repost it!

#3 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2013 - 04:23 PM

Here's the full rootrepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2013/08/09 15:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE595000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A4D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7CC5000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF723C000 Size: 385024 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7142000 Size: 950272 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\ǫǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\ǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\ǫ又ǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\ȁ
Status: Locked to the Windows API!

Path: C:\WINDOWS\Ά
Status: Locked to the Windows API!

Path: C:\WINDOWS\և
Status: Locked to the Windows API!

Path: C:\WINDOWS\ـǫـǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\又ძ
Status: Locked to the Windows API!

Path: C:\WINDOWS\叐ǫ
Status: Locked to the Windows API!

Path: C:\WINDOWS\提ǫ提ǫ
Status: Locked to the Windows API!

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_136.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\bash\bashv2.db
Status: Size mismatch (API: 747520, Raw: 745472)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x85767f90

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8609ac98

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8576c788

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x857250c0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8619b008

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb053ed0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8571a0d8

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x857090e0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86248980

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x857251a0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb054150

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb054810

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8579dc18

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x861ae788

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8574c0a0

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8574c008

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8615cbe0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8575c7e0

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8572a008

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x86229808

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86226620

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x857481a0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x860964f8

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x857091d0

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb054d70

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86191270

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x861ad508

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x861ad5e8

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x85748058

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xeb054a90

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8572a090

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86191330

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x85746140

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8617c798

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x85778f70

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x861ae878

Stealth Objects
-------------------
Object: Hidden Handle [Index: 1144, Type: Key]
Process: services.exe (PID: 704) Address: 0xe4bf8470 Size: -

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x8617d170

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x862a79c8

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x862cb0a8

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x862b98d0

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x862d7d50

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x862ce4c8

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x8570a9d8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x862d02d8

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x85073248

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x861d86a0

==EOF==

#4 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 09 August 2013 - 04:38 PM

Here is my DSS :

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 7.0.6000.21342 BrowserJavaVersion: 10.25.2
Run by Carrie at 17:29:23 on 2013-08-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.600 [GMT -4:00]
.
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www1.snapfish.com/SnapfishOutlookImport.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.dotphoto.com/ImageUploader4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{177B50AC-490F-44B3-8DCF-F0E4861170DD} : DHCPNameServer = 192.168.1.1
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-18 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-18 934488]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-18 134744]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-18 175264]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 JEPPDRIVEG2;Smart Modular JeppDrive USB G2 Driver; [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-8 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-8 701512]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccsvchst.exe [2013-6-18 144368]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\netgear genie\bin\NETGEARGenieDaemon.exe [2012-9-25 195400]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2013-5-8 131512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-1-21 35088]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-12 126392]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 CEUSBAUD;DigiTech RP500 USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [2010-4-3 17920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-11-30 30192]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\ipsdefs\20130808.001\IDSXpx86.sys [2013-8-9 373728]
S3 JeppDrive;JeppDrive Service;c:\windows\system32\drivers\JeppDrive.sys [2010-4-7 24344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-8 22856]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\virusdefs\20130808.016\NAVENG.SYS [2013-8-9 93272]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.3.1.22\definitions\virusdefs\20130808.016\NAVEX15.SYS [2013-8-9 1611992]
S3 SynasUSB;SynasUSB; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-08-09 14:29:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-08-09 04:02:27 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-08-09 04:01:30 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-08-09 04:00:32 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-08-09 04:00:31 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-08-09 04:00:29 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-08-09 04:00:27 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-08-09 04:00:26 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-08-09 04:00:23 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-08-09 01:30:52 -------- d-----w- c:\documents and settings\carrie\application data\Malwarebytes
2013-08-09 01:30:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-08-09 01:30:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 01:30:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-07 15:32:01 -------- d-----w- c:\documents and settings\carrie\local settings\application data\NETGEARGenie
2013-08-06 01:03:54 -------- d-----w- c:\program files\Garmin GPS Plugin
2013-07-14 00:27:17 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M ====================
.
2013-06-25 02:40:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 02:40:13 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-25 02:40:13 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 02:40:12 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 01:24:38 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-12 14:52:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:52:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 14:51:01 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-07 21:30:55 841216 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:30:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-06-07 21:30:54 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-07 21:30:54 17408 ----a-w- c:\windows\system32\corpol.dll
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-23 05:25:28 934488 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symefa.sys
2013-05-21 05:02:00 367704 ----a-w- c:\windows\system32\drivers\n360\1404000.028\symds.sys
2013-05-16 05:02:14 603224 ----a-w- c:\windows\system32\drivers\n360\1404000.028\srtsp.sys
2013-05-12 05:31:49 59 ----a-w- c:\windows\wpd99.drv
.
============= FINISH: 17:32:07.82 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2006 11:05:42 PM
System Uptime: 8/9/2013 5:18:06 PM (0 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2003/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 75.86 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/8/2013 4:06:50 PM - System Checkpoint
.
==== Installed Programs ======================
.
725plc32
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
BlackBerry Desktop Software 6.0.2
Bonjour
Broadcom Management Programs
Canon MP Navigator EX 1.0
Canon MP470 series
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Convert MP4 to MP3 1.5
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports Basic Runtime for Visual Studio 2008
CutePDF Professional 3.7 (Evaluation)
Data Lifeguard Diagnostic for Windows
Dell CinePlayer
Dell Game Console
Dell Support 3.2.1
Dell Support Center (Support Software)
Dell System Restore
Digital Content Portal
Digital Line Detect
DigiTech RP355 Drivers
DigiTech RP500 ASIO (remove only)
Documentation & Support Launcher
EducateU
eLicenser Control
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Garmin MapSource
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Garmin WebUpdater
GearDrvs
GemMaster Mystic
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 25
Java Auto Updater
Jeppesen Services
Jeppesen Services Update Manager
L&H TTS3000 Español
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
Math 1-2
Math 3 Teaching Textbook
Math 4 Teaching Textbook
Math 5 Teaching Textbook
Math 6 Teaching Textbook
Math 7 Teaching Textbook
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SOSHOME309)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Molecular Workbench
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Amazing Human Body
NETGEAR Genie
NetWaiting
NetZero For Riverdeep
Norton 360
Norton PC Checkup
Norton Security Scan
NVIDIA Control Panel 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Update 1.3.5
NVIDIA Update Components
oggcodecs 0.71.0946
Otto
Pdf995
Photo Explosion SE
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
ScanSoft OmniPage SE 4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB2761465)
Security Update for Windows Internet Explorer 7 (KB2792100)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB2799329)
Security Update for Windows Internet Explorer 7 (KB2809289)
Security Update for Windows Internet Explorer 7 (KB2817183)
Security Update for Windows Internet Explorer 7 (KB2829530)
Security Update for Windows Internet Explorer 7 (KB2838727)
Security Update for Windows Internet Explorer 7 (KB2846071)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smilebox
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sony Picture Utility
Sound Blaster Audigy
Spelling Dictionaries Support For Adobe Reader 9
Steinberg Cubase LE 4
Steinberg HALionOne
Steinberg HALionOne Essential Set
Switched-On Schoolhouse 2011 - Home Edition
Switched-On Schoolhouse 2011 - Home Edition Database
Switched-On Schoolhouse 2011 - Home Edition Tutorials
swMSM
Time, Money and Fractions
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wnciper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wnciper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnciper
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnciper
TurboTax 2012 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
VoiceOver Kit
WebFldrs XP
WexTech AnswerWorks
WildTangent Web Driver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Word Roots A1
Word Wacker 3.52
X-Edit
Yahoo! Browser Services
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zoodles
.
==== Event Viewer Messages From Past Week ========
.
8/9/2013 5:18:47 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00188B58C07F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/9/2013 2:48:15 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address B8:C7:5D:F0:A0:6A. Network operations on this system may be disrupted as a result.
8/9/2013 2:48:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00188B58C07F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/9/2013 12:49:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Update Service Daemon service to connect.
8/9/2013 12:49:50 AM, error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/9/2013 12:27:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Norton 360 service to connect.
8/9/2013 12:27:57 PM, error: Service Control Manager [7000] - The Norton 360 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/9/2013 11:25:42 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
8/9/2013 11:20:53 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/9/2013 11:15:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/9/2013 1:28:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 ccSet_N360 eeCtrl Fips nvatabus nvraid SRTSPX SymIRON SYMTDI
8/8/2013 9:12:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
8/8/2013 9:12:32 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2013 8:42:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
8/8/2013 6:44:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 BHDrvx86 ccSet_N360 eeCtrl Fips nvatabus nvraid SRTSP SRTSPX SymIRON SYMTDI
8/8/2013 6:43:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/8/2013 4:23:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SupportSoft Sprocket Service (dellsupportcenter) service to connect.
8/8/2013 4:23:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Driver Helper Service service to connect.
8/8/2013 4:23:09 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2013 4:23:09 PM, error: Service Control Manager [7000] - The NVIDIA Driver Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2013 4:21:04 PM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 00188B58C07F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/8/2013 1:29:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
8/8/2013 1:09:36 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00188B58C07F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/7/2013 12:37:51 PM, error: Print [6161] - The document 6.pdf owned by Carrie failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 27590656. Number of bytes printed: 26426404. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D24VZ5C1. Win32 error code returned by the print processor: 8 (0x8).
8/7/2013 12:24:37 PM, error: Print [6161] - The document 3.pdf owned by Carrie failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 85196800. Number of bytes printed: 81866100. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\D24VZ5C1. Win32 error code returned by the print processor: 13 (0xd).
8/7/2013 10:59:06 AM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
8/7/2013 1:10:11 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address B8:C7:5D:F0:A0:6A. Network operations on this system may be disrupted as a result.
8/7/2013 1:09:34 PM, error: Dhcp [1002] - The IP address lease 192.168.1.8 for the Network Card with network address 00188B58C07F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/6/2013 7:13:46 AM, error: SRTSP [4] - Error loading virus definitions.
8/6/2013 12:33:25 PM, error: Print [6161] - The document 2013-2014%20CLASS%20DESCRIPTIONS[1].pdf owned by Carrie failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 510976. Number of bytes printed: 52360. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\D24VZ5C1. Win32 error code returned by the print processor: 13 (0xd).
8/6/2013 12:33:16 PM, error: Print [6161] - The document 2013-2014%20CLASS%20DESCRIPTIONS[1].pdf owned by Carrie failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 510976. Number of bytes printed: 200052. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\D24VZ5C1. Win32 error code returned by the print processor: 13 (0xd).
8/6/2013 12:32:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
8/6/2013 12:32:27 PM, error: Service Control Manager [7000] - The Smart Modular JeppDrive USB G2 Driver service failed to start due to the following error: The system cannot find the file specified.
8/6/2013 11:28:13 AM, error: Print [6161] - The document http://www.theprairiehomestead.com/2012/06/soft-homemade-tortil owned by Carrie failed to print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 12910592. Number of bytes printed: 1945264. Total number of pages in the document: 20. Number of pages printed: 0. Client machine: \\D24VZ5C1. Win32 error code returned by the print processor: 13 (0xd).
.
==== End Of File ===========================

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:47 PM

Posted 11 August 2013 - 08:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#6 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 11 August 2013 - 10:44 AM

Thanks so much! Will do.

#7 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 11 August 2013 - 05:34 PM

Ok. Here are the results. I could not run Adwcleaner in normal mode so I ran it in safe mode. The others ran in normal.

Still no internet connection in normal mode only safe.  My home page on IE was changed to a Symantic one in both modes but in the normal mode the word "redirect" appears in the http address. Is that something to be concerned about? CPU running very high in normal mode with Services in task manager  showing 70 to 80. So, very sluggish at times and seems to be no connection to internet still (normal only). Again, I m not sure of all the things to look at so, there might be more.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.2 (08.11.2013:1)
OS: Microsoft Windows XP x86
Ran by Carrie on Sun 08/11/2013 at 10:31:42.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\Carrie\Application Data\FCTB000100573
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\Carrie\Application Data\babylontoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Carrie\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\Carrie\Application Data\pccustubinstaller"
Successfully deleted: [Folder] "C:\Documents and Settings\Carrie\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\Carrie\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\babylon"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"

~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Carrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/11/2013 at 12:06:50.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 12:43:32
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Carrie - D24VZ5C1
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Carrie\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Carrie\Application Data\Mozilla\Firefox\Profiles\pb6cuf7y.default\searchplugins\safesearch.xml
Folder Deleted : C:\Documents and Settings\Jeff\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Jeff\My Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\FCTB000100573
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.21342

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Carrie\Application Data\Mozilla\Firefox\Profiles\pb6cuf7y.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Carrie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.28] : icon_url = "hxxp://www.startnow.com/startnow/images/sn_favicon.ico",
Deleted [l.31] : keyword = "startnow.com",
Deleted [l.35] : search_url = "hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_[...]
Deleted [l.2077] : homepage = "hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provide[...]
Deleted [l.2602] : urls_to_restore_on_startup = [ "hxxp://search.startnow.com/s/?src=startpage&provider=&provide[...]

*************************

AdwCleaner[S1].txt - [4110 octets] - [11/08/2013 12:43:33]

########## EOF - C:\AdwCleaner[S1].txt - [4170 octets] ##########

 

 

 

ComboFix 13-08-11.02 - Carrie 08/11/2013  13:50:37.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.239 [GMT -4:00]
Running from: c:\documents and settings\Carrie\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-11 to 2013-08-11  )))))))))))))))))))))))))))))))
.
.
2013-08-11 17:10 . 2013-08-11 17:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-11 17:04 . 2013-08-11 17:36 -------- d-----w- C:\32788R22FWJFW
2013-08-11 14:31 . 2013-08-11 14:31 -------- d-----w- c:\windows\ERUNT
2013-08-10 12:20 . 2013-08-10 12:20 -------- d-----w- c:\documents and settings\Carrie\Desktop2
2013-08-09 22:18 . 2013-08-09 22:18 388096 ----a-r- c:\documents and settings\Carrie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-08-09 22:17 . 2013-08-09 22:17 -------- d-----w- c:\program files\Trend Micro
2013-08-09 14:29 . 2013-08-09 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-08-09 04:02 . 2004-08-10 10:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2013-08-09 04:01 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-08-09 04:00 . 2004-08-10 10:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2013-08-09 04:00 . 2004-08-10 10:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2013-08-09 04:00 . 2004-08-10 10:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2013-08-09 04:00 . 2004-08-10 10:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2013-08-09 04:00 . 2004-08-10 10:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2013-08-09 04:00 . 2004-08-10 10:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2013-08-09 01:30 . 2013-08-09 01:30 -------- d-----w- c:\documents and settings\Carrie\Application Data\Malwarebytes
2013-08-09 01:30 . 2013-08-09 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-09 01:30 . 2013-08-09 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-09 01:30 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-08 23:01 . 2013-08-08 23:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Chromium
2013-08-07 15:32 . 2013-08-08 15:08 -------- d-----w- c:\documents and settings\Carrie\Local Settings\Application Data\NETGEARGenie
2013-08-06 01:03 . 2013-08-06 01:03 -------- d-----w- c:\program files\Garmin GPS Plugin
2013-07-14 00:27 . 2013-07-14 00:42 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 02:40 . 2013-06-25 02:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 02:40 . 2013-05-08 04:41 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 02:40 . 2012-08-31 22:11 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-25 02:40 . 2011-07-13 13:59 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 01:24 . 2010-04-29 22:25 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-12 14:52 . 2012-04-11 00:22 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:52 . 2011-05-27 15:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 14:51 . 2013-06-12 01:50 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-07 21:30 . 2005-08-16 09:18 841216 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:30 . 2009-03-27 16:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-06-07 21:30 . 2005-08-16 09:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-07 21:30 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2013-06-04 07:23 . 2005-08-16 09:18 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2005-08-16 09:18 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-23 05:25 . 2013-06-19 01:23 934488 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symefa.sys
2013-05-21 05:02 . 2013-06-19 01:23 367704 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symds.sys
2013-05-16 05:02 . 2013-06-19 01:23 603224 ----a-w- c:\windows\system32\drivers\N360\1404000.028\srtsp.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-30 24576]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-28 02:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2011-10-03 21:11 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 17:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-03 11:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-14 19:02 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-06 22:12 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\WildTangent\Apps\Dell Game Console\GameConsole.exe"= c:\program files\WildTangent\Apps\Dell Game Console\GameConsole.exe:120.0.0.1/255.255.255.255:Enabled:-  Play Games  -
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\symds.sys [6/18/2013 9:23 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\symefa.sys [6/18/2013 9:23 PM 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [7/16/2013 5:04 PM 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccsetx86.sys [6/18/2013 9:23 PM 134744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\ironx86.sys [6/18/2013 9:23 PM 175264]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/8/2013 9:30 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/8/2013 9:30 PM 701512]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 7:29 PM 29293408]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\20.4.0.40\ccsvchst.exe [6/18/2013 9:18 PM 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 2:02 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20130809.001\IDSXpx86.sys [8/10/2013 11:01 AM 373728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/8/2013 9:30 PM 22856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 2:57 PM 135664]
S2 JEPPDRIVEG2;Smart Modular JeppDrive USB G2 Driver; [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [9/25/2012 2:06 AM 195400]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 CEUSBAUD;DigiTech RP500 USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [4/3/2010 9:55 PM 17920]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/30/2006 8:54 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 2:57 PM 135664]
S3 JeppDrive;JeppDrive Service;c:\windows\system32\drivers\JeppDrive.sys [4/7/2010 9:02 PM 24344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/11/2013 1:10 PM 40776]
S3 SynasUSB;SynasUSB; [x]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 02:29 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 14:52]
.
2013-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-06-18 c:\windows\Tasks\Automatic Updates Checking for Word Roots A1.job
- c:\program files\Critical Thinking Software\Word Roots A1\TCTCUpdater.exe [2012-08-18 18:58]
.
2013-08-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 20:49]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 18:56]
.
2013-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 18:56]
.
2013-08-05 c:\windows\Tasks\Norton Security Scan for Carrie.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2011-08-03 15:20]
.
2013-08-10 c:\windows\Tasks\PC Checkup 3 Weekly Scan.job
- c:\program files\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-05-08 04:12]
.
2013-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205591165-3713606016-835050342-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205591165-3713606016-835050342-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205591165-3713606016-835050342-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205591165-3713606016-835050342-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2205591165-3713606016-835050342-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205591165-3713606016-835050342-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-07-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205591165-3713606016-835050342-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205591165-3713606016-835050342-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205591165-3713606016-835050342-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2013-08-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2205591165-3713606016-835050342-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.4.0.40
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-11 17:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2944)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-11  18:01:11
ComboFix-quarantined-files.txt  2013-08-11 22:00
ComboFix2.txt  2013-08-10 14:20
.
Pre-Run: 85,782,761,472 bytes free
Post-Run: 85,946,654,720 bytes free
.
- - End Of File - - CD79589695AFF13A3812D033400891EF
5CB90281D1A59B251F6603134774EEC3
 



#8 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 11 August 2013 - 05:42 PM

Also, I have a mysterious folder on my desktop that just appeared yesterday. The name is %USER PROFILE% . I'm afraid to open it bc of all the screwiness! It could be something from one of the many anti malware programs I've been running, but idk. FYI.

Thanks for your help!

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:47 PM

Posted 12 August 2013 - 07:59 AM

Lets try to restore you Internet.

Open the StartBtn.gif > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

If that fails,

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List installed programs
  • Click Go and copy/paste the log (Result.txt) into your next post.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    Keep me posted on this issue.


#10 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 13 August 2013 - 08:21 AM

I tried your cmd instructions but it Did not help. Now everything is even slower and I cannot get the mini toolbox to run in normal or safe mode. It starts, but it jams midway through the process. I tried turning off norton and malwarebytes but still no luck! Shut down is extremely slow as well. Also, I was able to use the Internet in safe mode but now it is extremely slow. :/

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:47 PM

Posted 13 August 2013 - 09:07 AM

How much free space do you have on your Hard Drive?

Before you check run this cleaning tool.

Download ATF Cleaner by Atribune from here hereand save it to your Desktop.
Follow the instructions for the browser you use.

Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

* The purpose of Prefetch folder is to increase the speed at which you can access the programs that you use on your PC. Unfortunately, Windows doesn't differentiate between a program you use every day and one you use every blue moon, which means that it may be prefetching a lot of stuff that you rarely use, adding to your startup time.
You may find that the first time you boot up after cleaning out this folder, your PC takes longer to get into gear - the second, and subsequent, boots should be quicker.

#12 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 13 August 2013 - 08:00 PM

Ok. I ran ATF cleaner successfully. Also, mini toolbox runs until " ip configuration" , then it jams every time on that phase. The pc has 81.1 GB of free space available.

#13 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 13 August 2013 - 10:25 PM

I decided to run this getservices after reading one of bleeping computer's tutorials. Don't now if this is helpful but I saw a tremendous amount of services running and was "trying" to analyze!;0 

Here's the log:

 

 

 
SERVICE_NAME: AppMgmt
DISPLAY_NAME: Application Management
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Provides software installation services such as Assign, Publish, and Remove.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Application Management
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Browser
DISPLAY_NAME: Computer Browser
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Computer Browser
        DEPENDENCIES       : LanmanWorkstation
                           : LanmanServer
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: CryptSvc
DISPLAY_NAME: CryptSvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : CryptSvc
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: DcomLaunch
DISPLAY_NAME: DCOM Server Process Launcher
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 808
        FLAGS              : 
        DESCRIPTION        : Provides launch functionality for DCOM services.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k DcomLaunch
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : DCOM Server Process Launcher
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Dhcp
DISPLAY_NAME: DHCP Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Manages network configuration by registering and updating IP addresses and DNS names.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DHCP Client
        DEPENDENCIES       : Tcpip
                           : Afd
                           : NetBT
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: dmserver
DISPLAY_NAME: Logical Disk Manager
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Logical Disk Manager
        DEPENDENCIES       : RpcSs
                           : PlugPlay
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: Dnscache
DISPLAY_NAME: DNS Client
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1128
        FLAGS              : 
        DESCRIPTION        : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : DNS Client
        DEPENDENCIES       : Tcpip
        SERVICE_START_NAME : NT AUTHORITY\NetworkService
 
SERVICE_NAME: Eventlog
DISPLAY_NAME: Event Log
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 632
        FLAGS              : SERVICE_RUNS_IN_SYSTEM_PROCESS
        DESCRIPTION        : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\services.exe
        LOAD_ORDER_GROUP   : Event log
        TAG                : 0
        DISPLAY_NAME       : Event Log
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: helpsvc
DISPLAY_NAME: Help and Support
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Help and Support
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: lanmanserver
DISPLAY_NAME: Server
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Server
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: lanmanworkstation
DISPLAY_NAME: Workstation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : NetworkProvider
        TAG                : 0
        DISPLAY_NAME       : Workstation
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: LmHosts
DISPLAY_NAME: TCP/IP NetBIOS Helper
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1244
        FLAGS              : 
        DESCRIPTION        : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : TCP/IP NetBIOS Helper
        DEPENDENCIES       : NetBT
                           : Afd
        SERVICE_START_NAME : NT AUTHORITY\LocalService
 
SERVICE_NAME: Netman
DISPLAY_NAME: Network Connections
        TYPE               : 120  WIN32_SHARE_PROCESS (interactive)
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
 
        TYPE               : 120  WIN32_SHARE_PROCESS (interactive)
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Network Connections
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: PlugPlay
DISPLAY_NAME: Plug and Play
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 632
        FLAGS              : SERVICE_RUNS_IN_SYSTEM_PROCESS
        DESCRIPTION        : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\services.exe
        LOAD_ORDER_GROUP   : PlugPlay
        TAG                : 0
        DISPLAY_NAME       : Plug and Play
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: RpcSs
DISPLAY_NAME: Remote Procedure Call (RPC)
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 904
        FLAGS              : 
        DESCRIPTION        : Provides the endpoint mapper and other miscellaneous RPC services.
 
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k rpcss
        LOAD_ORDER_GROUP   : COM Infrastructure
        TAG                : 0
        DISPLAY_NAME       : Remote Procedure Call (RPC)
        SERVICE_START_NAME : NT Authority\NetworkService
 
SERVICE_NAME: SharedAccess
DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS)
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Firewall/Internet Connection Sharing (ICS)
        DEPENDENCIES       : Netman
                           : WinMgmt
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: srservice
DISPLAY_NAME: System Restore Service
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : System Restore Service
        DEPENDENCIES       : RpcSs
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: TermService
DISPLAY_NAME: Terminal Services
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 808
        FLAGS              : 
        DESCRIPTION        : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k DComLaunch
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Terminal Services
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: winmgmt
DISPLAY_NAME: Windows Management Instrumentation
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\WINDOWS\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows Management Instrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : LocalSystem
 
SERVICE_NAME: WZCSVC
DISPLAY_NAME: Wireless Zero Configuration
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0
        PID                : 1040
        FLAGS              : 
        DESCRIPTION        : Provides automatic configuration for the 802.11 adapters
 
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\WINDOWS\System32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : TDI
        TAG                : 0
        DISPLAY_NAME       : Wireless Zero Configuration
        DEPENDENCIES       : RpcSs
                           : Ndisuio
        SERVICE_START_NAME : LocalSystem


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:47 PM

Posted 14 August 2013 - 07:27 AM

Also, mini toolbox runs until " ip configuration" , then it jams every time on that phase.


Please run the Mini toolbox but remove the IP configuration from the list.

#15 cjsafrit

cjsafrit
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 15 August 2013 - 08:36 AM

Here you go. Minitoolbox minus IP configuration:

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Carrie (administrator) on 15-08-2013 at 09:18:35
Running from "C:\Documents and Settings\Carrie\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/15/2013 07:21:22 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 07:21:22 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 05:48:32 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 05:48:32 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 05:40:21 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 05:40:21 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 04:07:32 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 04:07:32 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 03:48:20 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/15/2013 03:48:20 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (08/14/2013 05:33:33 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
nvatabus
nvraid
 
Error: (08/14/2013 05:32:59 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (08/14/2013 05:32:59 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (08/14/2013 05:32:59 PM) (Source: Service Control Manager) (User: )
Description: The Smart Modular JeppDrive USB G2 Driver service failed to start due to the following error: 
%%2
 
Error: (08/14/2013 05:15:42 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (08/14/2013 05:15:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (08/14/2013 05:15:13 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (08/14/2013 05:15:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
Error: (08/14/2013 05:06:20 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error: 
%%1053
 
Error: (08/14/2013 05:06:20 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (08/15/2013 07:21:22 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/15/2013 07:21:22 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/15/2013 05:48:32 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/15/2013 05:48:32 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/15/2013 05:40:21 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/15/2013 05:40:21 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/15/2013 04:07:32 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/15/2013 04:07:32 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
Error: (08/15/2013 03:48:20 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 
Error: (08/15/2013 03:48:20 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 
 
=========================== Installed Programs ============================
 
725plc32 (Version: 1.0.0)
Acrobat.com (Version: 2.1.0)
Adobe Acrobat 5.0 (Version: 5.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Media Player (Version: 1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 9.03.01)
Canon MP Navigator EX 1.0
Canon MP470 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (Version: 3.22)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Convert MP4 to MP3 1.5
Creative MediaSource 5 (Version: 5.00)
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports Basic Runtime for Visual Studio 2008 (Version: 10.5.0.0)
CutePDF Professional 3.7 (Evaluation)
Data Lifeguard Diagnostic for Windows (Version: 1.13)
Dell CinePlayer (Version: 3.0)
Dell Game Console
Dell Support 3.2.1 (Version: 5.5.2087)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell System Restore (Version: 2.00.0000)
Digital Content Portal (Version: 1.00.0000)
Digital Line Detect (Version: 1.10)
DigiTech RP355 Drivers (Version: 1.0.0.1)
DigiTech RP500 ASIO (remove only)
Documentation & Support Launcher (Version: 1.00.0000)
EducateU (Version: 1.00.0000)
eLicenser Control
Games, Music, & Photos Launcher (Version: 1.00.0000)
Garmin Communicator Plugin (Version: 4.0.4)
Garmin MapSource (Version: 6.15.11)
Garmin Trip and Waypoint Manager v5 (Version: 5.0.0.0)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
iTunes (Version: 11.0.4.4)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jeppesen Services (Version: 1.00.000)
Jeppesen Services Update Manager (Version: 1.0)
L&H TTS3000 Español
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Math 3 Teaching Textbook
Math 4 Teaching Textbook
Math 5 Teaching Textbook
Math 6 Teaching Textbook
Math 7 Teaching Textbook
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.0 Security Update (KB2833951)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SOSHOME309) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
MobileMe Control Panel (Version: 3.1.8.0)
Molecular Workbench
MSRedist (Version: 9.0.30729.4148)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGEAR Genie (Version: 2.2.27.1 )
NetWaiting (Version: 2.5.12)
NetZero For Riverdeep (Version: 1.0.0)
Norton 360 (Version: 20.4.0.40)
Norton PC Checkup (Version: 3.0.1.56.0)
Norton Security Scan (Version: 2.3.0.44)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
oggcodecs 0.71.0946 (Version: 0.71.0946)
Otto
Pdf995
Photo Explosion SE (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Safari (Version: 5.34.57.2)
ScanSoft OmniPage SE 4 (Version: 15.2.0020)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
Sony Picture Utility (Version: 3.0.00.11220)
Sound Blaster Audigy (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Steinberg Cubase LE 4 (Version: 4.1.2.851)
Steinberg HALionOne (Version: 1.1.0.457)
Steinberg HALionOne Essential Set (Version: 1.0.1.457)
Switched-On Schoolhouse 2011 - Home Edition (Version: 6.1.0.17)
Switched-On Schoolhouse 2011 - Home Edition Database (Version: 6.1.0.17)
Switched-On Schoolhouse 2011 - Home Edition Tutorials (Version: 6.1.0.17)
swMSM (Version: 12.0.0.1)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0324)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0214)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0169)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0969)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0412)
TurboTax 2008 wnciper (Version: 008.000.0129)
TurboTax 2008 wrapper (Version: 008.000.0063)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.1779)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0311)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0227)
TurboTax 2009 wnciper (Version: 009.000.0621)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3337)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0407)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0195)
TurboTax 2010 wnciper (Version: 010.000.1025)
TurboTax 2010 wrapper (Version: 010.000.0155)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wnciper (Version: 011.000.1545)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wnciper (Version: 012.000.1358)
TurboTax 2012 wrapper (Version: 012.000.0127)
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
WexTech AnswerWorks (Version: 1.00.000)
WildTangent Web Driver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0017.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
Word Roots A1 (Version: 1.6.2.0)
Word Wacker 3.52
X-Edit (Version: 2.7.1.1)
Yahoo! Toolbar
Zoodles (Version: 2.0.4)
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users