Jump to content


Photo
- - - - -

Infected with browser redirect & ads running (sound) when no programs open


  • This topic is locked This topic is locked
9 replies to this topic

#1 IzzysMom

IzzysMom

    New Member

  • Members
  • Pip
  • 4 posts

Posted 12 June 2012 - 09:03 PM

Browser hijacked - redirecting on all searches (IE, Safari AND Chrome) - audio ads running even when no programs opened (computer sitting idle on desktop screen)
My Mother's computer...so not sure WHEN it started or why....
OS - Win XP
D/L ad-aware first - it found 1 item & removed it (last night)...but still happening.
D/L MBAM today - found 13 problems - removed them...but still happening.
MBAM also popping up a balloon every few seconds ''Succsfully blocked acces to a potentially malicioius website: 83.133.120.87 (plus many more addy's) - so while its stopping the ads from playing, they are apparently still trying to get thru.
As per instructions - d/l dds programs - logs below.
Thanks in advance for any guidance in clearing this bugger out.


DDS.txt below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Debbie Alvarez at 21:58:10 on 2012-06-12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2037.820 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: CA Anti-Virus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website
inspector\toolbar\CallingIDIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ictpb] rundll32.exe "c:\documents and settings\debbie alvarez\application data\ictpb.dll",SteamNetworking
mRun: [wlascv] "c:\windows\system32\rundll32.exe" "c:\documents and settings\debbie alvarez\application data\wlascv.dll",mpegInOpenTSStream
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DeviceDetector4.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
LSP: mswsock.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{19719792-B303-4535-B330-DDDC8C31C039} : DhcpNameServer = 167.206.245.129 167.206.245.130
Notify: igfxcui - igfxdev.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website
inspector\linkadvisor\CIDLinkAdvisor.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-6-11 64512]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-3-8 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-3-8 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-3-8 746216]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-3-8 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-3-8 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-3-8 144696]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-12 654408]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-3-8 255312]
R3 DS2490;DS2490 (USB Host for 1-Wire Microlan);c:\windows\system32\drivers\DS2490.sys [2008-3-8 49108]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-12 22344]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-3-8 185680]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-3-8 130280]
S2 gupdate1c9e303d819611e;Google Update Service (gupdate1c9e303d819611e);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-8
257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
S3 Olympus DVR Service;Olympus DVR Service;c:\program files\common files\olympus shared\devicemanager\olydvrsv.exe [2010-5-14 176128]
.
=============== Created Last 30 ================
.
2012-06-13 00:51:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 00:51:59 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-12 22:35:43 -------- d-----w- c:\documents and settings\debbie alvarez\application data\Malwarebytes
2012-06-12 22:35:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-12 22:35:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 22:35:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-12 12:53:56 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 12:53:55 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 05:09:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-06-12 02:36:55 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-06-12 02:36:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-06-12 02:27:55 -------- d-----w- c:\documents and settings\debbie alvarez\local settings\application data\Sunbelt Software
2012-06-12 02:24:00 -------- dc-h--w- c:\documents and settings\all users\application data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2012-06-12 02:23:38 -------- d-----w- c:\program files\Lavasoft
2012-06-12 02:14:30 -------- d-----w- c:\documents and settings\debbie alvarez\local settings\application data\CRE
2012-06-12 02:13:53 -------- d-----w- c:\program files\Conduit
2012-06-12 02:13:44 -------- d-----w- c:\documents and settings\debbie alvarez\local settings\application data\Conduit
2012-06-08 18:32:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-08 18:32:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-08 13:27:57 334336 ----a-w- c:\documents and settings\debbie alvarez\application data\wlascv.dll
2012-06-05 19:48:28 256000 ----a-w- c:\documents and settings\debbie alvarez\application data\rcfre.dll
2012-06-05 19:47:56 -------- d-----w- c:\program files\common files\UserDictionary
2012-06-05 19:47:55 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E64EACED20001225B2830ACA8
2012-06-05 19:47:54 141312 --sha-w- c:\documents and settings\debbie alvarez\application data\ictpb.dll
.
==================== Find3M ====================
.
2012-06-12 12:53:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2008-03-21 03:40:39 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 21:58:31.17 ===============
attach.txt below

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2008 3:52:51 PM
System Uptime: 6/12/2012 8:43:41 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 |
1795/200mhz
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 |
1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 118.191 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP444: 4/14/2012 2:14:28 PM - Software Distribution Service 3.0
RP445: 4/18/2012 6:13:23 PM - System Checkpoint
RP446: 4/20/2012 7:00:52 PM - System Checkpoint
RP447: 4/21/2012 7:21:40 PM - System Checkpoint
RP448: 4/23/2012 4:50:41 PM - System Checkpoint
RP449: 5/13/2012 12:50:31 PM - Software Distribution Service 3.0
RP450: 5/24/2012 4:16:10 PM - System Checkpoint
RP451: 5/30/2012 7:47:34 PM - System Checkpoint
RP452: 6/8/2012 10:31:34 AM - System Checkpoint
RP453: 6/12/2012 8:52:30 AM - Removed Java™ 6 Update 17
RP454: 6/12/2012 8:53:22 AM - Installed Java™ 6 Update 32
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bicycle® Solitaire
Bonjour
Browser Address Error Redirector
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
CA Website Inspector
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Case CATalyst Version 8
Compatibility Pack for the 2007 Office system
Dell Automated PC TuneUp
Dell Driver Reset Tool
eBay Desktop
File Uploader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB924455)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1150 / 1300
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.8.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 32
Java™ 6 Update 5
Java™ 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
Let It Ride 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nikon Message Center
Nikon Transfer
Olympus DSS Player Standard
Picture Control Utility
PowerDVD
QuickTime
RealArcade
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
Scrabble Blast!
SCRABBLE PLUS
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Activation Module
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896256)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
ViewNX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Games Player Plugin
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
.
==== Event Viewer Messages From Past Week ========
.
6/12/2012 8:07:56 PM, error: DCOM [10005] - DCOM got error "%1084"
attempting to start the service EventSystem with arguments "" in order to run the
server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/12/2012 8:07:21 PM, error: Service Control Manager [7026] - The following
boot-start or system-start driver(s) failed to load: Fips intelppm VET-FILT VET-REC
VETEFILE VETMONNT
6/12/2012 8:04:55 AM, error: Service Control Manager [7023] - The Network
Location Awareness (NLA) service terminated with the following error: The
specified procedure could not be found.
6/12/2012 7:59:55 PM, error: Service Control Manager [7026] - The following
boot-start or system-start driver(s) failed to load: iaStor
6/12/2012 7:59:23 PM, error: sr [1] - The System Restore filter encountered the
unexpected error '0xC0000001' while processing the file '' on the volume
'HarddiskVolume2'. It has stopped monitoring the volume.
6/11/2012 9:58:16 PM, error: Service Control Manager [7000] - The Upload
Manager service failed to start due to the following error: The account specified for
this service is different from the account specified for other services running in the
same process.
6/11/2012 9:58:16 PM, error: Service Control Manager [7000] - The DS1410D
service failed to start due to the following error: The system cannot find the device
specified.
6/11/2012 10:38:26 PM, error: Service Control Manager [7031] - The Lavasoft
Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The
following corrective action will be taken in 5000 milliseconds: Restart the service.
6/11/2012 10:02:01 PM, error: Service Control Manager [7023] - The Computer
Browser service terminated with the following error: This operation returned because
the timeout period expired.
.
==== End Of File ===========================

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 13 June 2012 - 04:17 AM

Hello IzzysMom and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Step 2

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Ad-Aware and to keep CA Anti-Virus.


Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 IzzysMom

IzzysMom

    New Member

  • Members
  • Pip
  • 4 posts

Posted 16 June 2012 - 09:12 AM

As instructed: teatime disabled - ad-aware uninstalled - malwarebytes update - quick scan performed (took over 50 minutes). Nothing found on this scan -- DDS also run - Please note: hijack still in progress. (MBAM is in almost constant pop up at task bar blocking outgoing malicious website - many ip addy's showing in message) Newest logs below as requested. Please advise as to next step, Thank you.


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Debbie Alvarez :: DEBBIE [administrator]

Protection: Enabled

6/16/2012 9:05:13 AM
mbam-log-2012-06-16 (09-05-13).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275064
Time elapsed: 54 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS LOG FILE:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Debbie Alvarez at 10:01:37 on 2012-06-16
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2037.1201 [GMT -4:00]
.
AV: CA Anti-Virus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\OLYMPUS\DeviceDetector\DeviceDetector4.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ictpb] rundll32.exe "c:\documents and settings\debbie alvarez\application data\ictpb.dll",SteamNetworking
mRun: [wlascv] "c:\windows\system32\rundll32.exe" "c:\documents and settings\debbie alvarez\application data\wlascv.dll",mpegInOpenTSStream
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DeviceDetector4.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
LSP: mswsock.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www1.snapfish.com/SnapfishActivia3.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.gamehouse.com/realarcade-webgames/bejeweled2/popcaploader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{19719792-B303-4535-B330-DDDC8C31C039} : DhcpNameServer = 167.206.245.129 167.206.245.130
Notify: igfxcui - igfxdev.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
.
============= SERVICES / DRIVERS ===============
.
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-3-8 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-3-8 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-3-8 746216]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-3-8 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-3-8 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-3-8 144696]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-12 654408]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-3-8 255312]
R3 DS2490;DS2490 (USB Host for 1-Wire Microlan);c:\windows\system32\drivers\DS2490.sys [2008-3-8 49108]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-12 22344]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-3-8 185680]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-3-8 130280]
S2 gupdate1c9e303d819611e;Google Update Service (gupdate1c9e303d819611e);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-8 257224]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 Olympus DVR Service;Olympus DVR Service;c:\program files\common files\olympus shared\devicemanager\olydvrsv.exe [2010-5-14 176128]
.
=============== Created Last 30 ================
.
2012-06-13 00:51:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-13 00:51:59 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-06-12 22:35:43 -------- d-----w- c:\documents and settings\debbie alvarez\application data\Malwarebytes
2012-06-12 22:35:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-12 22:35:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 22:35:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-12 12:53:56 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-12 12:53:55 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-12 02:36:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-06-12 02:27:55 -------- d-----w- c:\documents and settings\debbie alvarez\local settings\application data\Sunbelt Software
2012-06-12 02:23:38 -------- d-----w- c:\program files\Lavasoft
2012-06-12 02:14:30 -------- d-----w- c:\documents and settings\debbie alvarez\local settings\application data\CRE
2012-06-12 02:13:53 -------- d-----w- c:\program files\Conduit
2012-06-12 02:13:44 -------- d-----w- c:\documents and settings\debbie alvarez\local settings\application data\Conduit
2012-06-08 18:32:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-08 18:32:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-08 13:27:57 334336 ----a-w- c:\documents and settings\debbie alvarez\application data\wlascv.dll
2012-06-05 19:48:28 256000 ----a-w- c:\documents and settings\debbie alvarez\application data\rcfre.dll
2012-06-05 19:47:56 -------- d-----w- c:\program files\common files\UserDictionary
2012-06-05 19:47:55 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3E64EACED20001225B2830ACA8
2012-06-05 19:47:54 141312 --sha-w- c:\documents and settings\debbie alvarez\application data\ictpb.dll
.
==================== Find3M ====================
.
2012-06-12 12:53:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2008-03-21 03:40:39 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 10:02:09.15 ===============

ATTACH LOG FILE:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2008 3:52:51 PM
System Uptime: 6/16/2012 8:59:56 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1184/200mhz
Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | Socket 775 | 1184/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 118.568 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP444: 4/14/2012 2:14:28 PM - Software Distribution Service 3.0
RP445: 4/18/2012 6:13:23 PM - System Checkpoint
RP446: 4/20/2012 7:00:52 PM - System Checkpoint
RP447: 4/21/2012 7:21:40 PM - System Checkpoint
RP448: 4/23/2012 4:50:41 PM - System Checkpoint
RP449: 5/13/2012 12:50:31 PM - Software Distribution Service 3.0
RP450: 5/24/2012 4:16:10 PM - System Checkpoint
RP451: 5/30/2012 7:47:34 PM - System Checkpoint
RP452: 6/8/2012 10:31:34 AM - System Checkpoint
RP453: 6/12/2012 8:52:30 AM - Removed Java™ 6 Update 17
RP454: 6/12/2012 8:53:22 AM - Installed Java™ 6 Update 32
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bicycle® Solitaire
Bonjour
Browser Address Error Redirector
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
CA Website Inspector
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Case CATalyst Version 8
Compatibility Pack for the 2007 Office system
Dell Automated PC TuneUp
Dell Driver Reset Tool
eBay Desktop
File Uploader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB924455)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1150 / 1300
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.8.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 32
Java™ 6 Update 5
Java™ 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
Let It Ride 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nikon Message Center
Nikon Transfer
Olympus DSS Player Standard
Picture Control Utility
PowerDVD
QuickTime
RealArcade
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
Scrabble Blast!
SCRABBLE PLUS
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Activation Module
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896256)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
ViewNX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Games Player Plugin
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
.
==== Event Viewer Messages From Past Week ========
.
6/16/2012 9:00:40 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/16/2012 8:50:40 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/12/2012 8:44:01 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
6/12/2012 8:39:19 AM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/12/2012 8:39:19 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the device specified.
6/12/2012 8:07:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/12/2012 8:07:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm VET-FILT VET-REC VETEFILE VETMONNT
6/12/2012 7:59:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
6/12/2012 7:59:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
6/12/2012 10:12:31 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
6/11/2012 10:38:26 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 June 2012 - 09:28 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 IzzysMom

IzzysMom

    New Member

  • Members
  • Pip
  • 4 posts

Posted 18 June 2012 - 07:41 PM

Disabled anti-virus & malwarebytes software
Downloaded combofix - saved to desktop
double click on combofix - accept YES to license.
WIndow opens & shows progress of a bunch of files extracting - plus it creates a folder named : 32788R22FWJFW on my C: drive.
Status bar in this window comes to end. I get a "beep" from the system. -- that window closes (Without me touching it) and then NOTHING...no other windows open - nothing runs. No scans etc start running as displayed in the description of what to expect that were listed on the link above to bleepingcomputer.
Left system untouched for over 20 minutes - nothing started etc. (Well, except for the occasional audio commercial that seems to just play randomly as part of this whole problem.)
Not sure step I have missed or what is preventing Combofix from running.
Please advise as to what step(s) I should attempt.
Thank you.

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 June 2012 - 04:14 AM

Try again in Safe mode with Networking:
http://www.microsoft...t_failsafe.mspx
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 IzzysMom

IzzysMom

    New Member

  • Members
  • Pip
  • 4 posts

Posted 20 June 2012 - 08:20 PM

No luck. - Booted in Safe Mode w/Network. Double click combofix -- window opened - files extracted. (This is where is stalled previously) - but this time I got a second window saying it was backing up the registry - status bar moved quickly showing backing up 13 files. Then that window closed. There was a lightning fast flash of a DOS type blue screen window that closed immediately, a beep, and then the window that showed the extracted files also closed....and NOTHING. That's as far as it went. Nothing else happened. No scan - no additional messages.
What should I try next?

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 June 2012 - 04:54 AM

Run this tool in Normal mode:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 28 June 2012 - 06:22 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 June 2012 - 05:54 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users