1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive my Internet searches constantly being redirected

Discussion in 'Malware and Virus Removal Archive' started by kbcochran, 2010/05/17.

Thread Status:
Not open for further replies.
  1. 2010/05/17
    kbcochran

    kbcochran Inactive Thread Starter

    Joined:
    2010/05/17
    Messages:
    8
    Likes Received:
    0
    [Inactive] my Internet searches constantly being redirected

    I am having trouble with my internet searches. I am using IE8 on WindowsXP laptop. When I click on any link I always get redirected. My daugher downloaded Aim last week and I suspect this is where the problem started. I cannot uninstall Aim however. It does not come up in Add or Remove programs and when I go to the Aim folder and click on Uninst.exe I get "could not load messages ".
     
    kbcochran,
    #1
  2. 2010/05/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Welcome to WindowsBBS :)

    Your thread moved to the Malware & Virus Removal forum.

    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2010/05/17
    kbcochran

    kbcochran Inactive Thread Starter

    Joined:
    2010/05/17
    Messages:
    8
    Likes Received:
    0
    Results of my scans

    I have completed the scans but cannot post them, receive a network error when I try.

    Kevin
     
    kbcochran,
    #3
  5. 2010/05/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Open each .txt file in turn - Select all > Copy and paste into your next post here. You may need to spread over 2 posts depending on size.
     
    PeteC,
    #4
  6. 2010/05/17
    kbcochran

    kbcochran Inactive Thread Starter

    Joined:
    2010/05/17
    Messages:
    8
    Likes Received:
    0
    Results of scans

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Kevin Cochran at 12:30:33.42 on Mon 05/17/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1059 [GMT -7:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    svchost.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Intel\AMT\atchksrv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
    C:\Program Files\WinPcap\rpcapd.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\AMT\UNS.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Microsoft IntelliPoint\IPoint.exe
    c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\TINA-VPN\Extranet_serv.exe
    C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
    C:\Program Files\InterCall Unified Meeting\Modules\Calendar\AddInMon.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\irftp.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Kevin Cochran\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://www.msn.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {06ec6572-7280-485a-a712-c380526bc048} - IEocx Class
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRun: [H/PC Connection Agent] c:\progra~1\mi3aa1~1\wcescomm.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\kevin cochran\start menu\programs\imvu\Run IMVU.lnk
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    DPF: MCInstallCAB - hxxps://content101.mc.iconf.net/gcc_installer/IUM/mcInstall.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228721559505
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228721592186
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxps://www.ktimecollect.com/wfcstatic/plugins/jre-1_5_0_06-windows-i586-p.exe
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: {8C28CE72-67B5-4A54-B9D3-1B5DF1BBAD9A} = 167.4.20.20,167.4.198.248
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 209.44.111.57 alarm-security.microsoft.com
    Hosts: 209.44.111.57 inetantivir.com
    Hosts: 209.44.111.57 www.inetantivir.com

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-5-17 25096]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-5-17 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-17 216200]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-17 29512]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-17 242896]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-17 308064]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-5-17 5888008]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-5-7 32512]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-5-17 122376]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-5-17 30216]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-5-17 26120]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-12-8 9161]
    R3 ExtranetAccess;Contivity VPN Service;c:\program files\tina-vpn\Extranet_serv.exe [2008-12-8 614400]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-12-8 47616]
    S2 gupdate1c9e6ca60a6c336;Google Update Service (gupdate1c9e6ca60a6c336);c:\program files\google\update\GoogleUpdate.exe [2009-6-6 133104]
    S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-12-8 114016]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-5-17 430152]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-12-8 193840]
    S3 MTPUSB;%MTPUSB.SvcDesc%;c:\windows\system32\drivers\MTPUSB.sys [2009-12-15 16512]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 99200]

    =============== Created Last 30 ================

    2010-05-17 18:21:51 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure
    2010-05-17 08:43:34 0 d--h--w- C:\$AVG
    2010-05-17 08:18:30 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2010-05-17 08:18:30 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-05-17 08:18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-05-17 08:18:28 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-05-17 08:18:24 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-05-17 08:18:16 0 d-----w- c:\windows\system32\drivers\Avg
    2010-05-17 08:18:11 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
    2010-05-17 08:15:51 0 d-----w- c:\program files\AVG
    2010-05-17 08:15:30 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2010-05-17 07:24:20 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
    2010-05-17 07:24:19 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
    2010-05-17 07:24:19 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
    2010-05-17 07:24:19 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
    2010-05-17 07:24:18 20480 ----a-w- c:\windows\system32\IVIresize.dll
    2010-05-17 07:24:18 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
    2010-05-17 03:51:36 10196424 ----a-w- c:\program files\windows-kb890830-v3.7.exe
    2010-05-16 23:35:04 0 d-----w- c:\windows\system32\wbem\Repository
    2010-05-16 23:34:29 0 d-----w- c:\program files\Glamour Strip Poker Video Edition 6 DEMO
    2010-05-16 23:34:29 0 d-----w- c:\program files\Glamour Strip Poker Video Edition 5 DEMO
    2010-05-16 23:34:29 0 d-----w- c:\program files\Glamour Strip Poker Video Edition 5
    2010-05-16 19:28:58 0 d-----w- c:\windows\system32\en
    2010-05-16 19:28:58 0 d-----w- c:\windows\system32\bits
    2010-05-16 19:25:35 0 d-----w- c:\program files\FusionSoft DVD Player XP
    2010-05-16 03:58:47 0 dc-h--w- c:\windows\ie8
    2010-05-16 01:04:31 0 d-----w- c:\program files\InterVideo
    2010-05-15 23:07:03 0 d-----w- c:\program files\Microsoft LifeCam
    2010-05-12 18:14:22 0 d-----w- c:\windows\system32\scripting
    2010-05-12 18:14:22 0 d-----w- c:\windows\l2schemas
    2010-05-12 17:56:58 397312 ------w- c:\windows\system32\mmcex.dll
    2010-05-12 08:47:42 0 d-----w- c:\program files\common files\Software Update Utility
    2010-05-12 08:47:42 0 d-----w- c:\program files\AIM
    2010-05-12 08:29:15 0 d-----w- c:\program files\common files\AOL
    2010-05-12 08:29:06 994 ---ha-w- C:\IPH.PH
    2010-05-12 00:16:57 1934 ----a-w- c:\windows\system32\Microsoft Office Outlook.lnk
    2010-05-12 00:13:05 0 d-----w- c:\program files\Microsoft Office Communicator
    2010-05-12 00:12:46 986 ----a-w- c:\windows\system32\Communicator.vbs
    2010-05-11 17:47:35 5954 ----a-w- c:\windows\hpbicoin.ini
    2010-05-11 17:43:56 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
    2010-05-11 17:43:56 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
    2010-05-11 17:43:52 206976 ----a-w- c:\windows\system32\drivers\dot4.sys
    2010-05-11 17:43:51 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
    2010-05-11 17:43:51 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
    2010-05-11 17:37:20 168192 ----a-w- c:\windows\system32\drivers\GenHC.sys
    2010-05-11 17:37:13 0 d-----w- c:\program files\USB Server
    2010-05-11 14:05:53 0 d-----w- c:\program files\Microsoft Office Outlook Connector
    2010-05-11 14:03:02 0 d-----w- c:\program files\Microsoft
    2010-05-11 13:48:32 1146696 ----a-w- c:\program files\wlsetup-custom.exe
    2010-05-08 04:13:06 0 d-----w- c:\docume~1\kevinc~1\applic~1\AVS4YOU
    2010-05-08 04:11:21 0 d-----w- c:\program files\common files\AVSMedia
    2010-05-08 04:11:15 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2010-05-08 04:11:15 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2010-05-08 04:11:15 0 d-----w- c:\program files\AVS4YOU
    2010-05-08 04:11:15 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
    2010-05-08 04:09:30 54469632 ----a-w- c:\program files\AVSVideoConverter.exe
    2010-05-08 02:17:26 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
    2010-05-08 02:17:04 81920 ----a-w- c:\windows\system32\packet.dll
    2010-05-08 02:17:04 61440 ----a-w- c:\windows\system32\wanpacket.dll
    2010-05-08 02:17:04 57395 ----a-w- c:\windows\system32\pthreadVC.dll
    2010-05-08 02:17:04 32512 ----a-w- c:\windows\system32\drivers\npf.sys
    2010-05-08 02:17:04 233472 ----a-w- c:\windows\system32\wpcap.dll
    2010-05-08 02:17:04 0 d-----w- c:\program files\WinPcap
    2010-05-08 02:16:57 0 d-----w- c:\program files\Belkin
    2010-05-08 02:16:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Affinegy
    2010-05-03 21:22:47 0 d-----w- c:\program files\OASIS
    2010-04-30 22:56:35 0 d-----w- c:\program files\Microsoft IntelliPoint

    ==================== Find3M ====================

    2010-05-06 17:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-03 00:56:41 162724 ----a-w- c:\program files\Cochran_-_id_cards.pdf
    2010-03-31 20:13:17 1259672 ----a-w- c:\program files\video_strip_poker.exe
    2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet(3).dll
    2010-03-11 12:38:54 1168384 ----a-w- c:\windows\system32\urlmon(3).dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript(2).dll
    2010-03-01 18:17:29 271060312 ----a-w- c:\program files\501_b049_multilanguage.exe
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet(2).dll
    2010-02-25 06:24:37 1209344 ----a-w- c:\windows\system32\urlmon(2).dll
    2010-02-25 06:24:36 5944832 ----a-w- c:\windows\system32\mshtml(2).dll
    2010-02-25 06:24:35 1985536 ----a-w- c:\windows\system32\iertutil(2).dll
    2010-02-16 22:38:41 3112261 ----a-w- c:\program files\FSoftDVD45_Setup.exe
    2010-01-22 00:50:49 25568400 ----a-w- c:\program files\MSNOIE8_ENUS_XP.EXE
    2010-01-08 07:03:39 102378326 ----a-w- c:\program files\EGirlInstaller_v1.5.2.exe
    2009-12-17 19:19:20 9034488 ----a-w- c:\program files\mssefullinstall-x86fre-en-us-xp.exe
    2009-09-26 05:08:48 7886336 ----a-w- c:\program files\setup.msi
    2009-08-14 03:51:40 1617145430 ----a-w- c:\program files\gsp_ve_5_full_ds.exe
    2009-06-18 23:06:36 3327360 ----a-w- c:\program files\winzipemailcomp20.exe
    2009-06-18 18:53:05 26739584 ----a-w- c:\program files\AdbeRdr910_en_US.exe
    2009-06-11 18:30:26 1045536 ----a-w- c:\program files\DriverDetective.exe
    2009-04-21 19:46:15 3323192 ----a-w- c:\program files\cps2000.exe
    2009-04-01 23:40:40 38004040 ----a-w- c:\program files\TaxCut2007PSF.exe

    ============= FINISH: 12:32:52.59 ===============
     
    kbcochran,
    #5
  7. 2010/05/17
    kbcochran

    kbcochran Inactive Thread Starter

    Joined:
    2010/05/17
    Messages:
    8
    Likes Received:
    0
    2nd Scan

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/7/2008 11:00:18 PM
    System Uptime: 5/17/2010 11:37:44 AM (1 hours ago)

    Motherboard: Hewlett-Packard | | 30C1
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U10 | 1995/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 11.153 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP624: 5/8/2010 04:29:56 PM - System Checkpoint
    RP625: 5/10/2010 07:26:17 AM - System Checkpoint
    RP626: 5/10/2010 08:02:43 PM - Removed Network Magic
    RP627: 5/11/2010 07:04:33 AM - Installed DirectX
    RP628: 5/11/2010 09:06:56 AM - Software Distribution Service 3.0
    RP629: 5/11/2010 10:37:13 AM - Installed Networking USB Server
    RP630: 5/11/2010 05:13:03 PM - Installed Microsoft Office Communicator 2007
    RP631: 5/11/2010 05:13:35 PM - Removed Microsoft Office Live Meeting 2007
    RP632: 5/11/2010 05:13:49 PM - Installed Microsoft Office Live Meeting 2007
    RP633: 5/11/2010 05:16:56 PM - Installed OutlookClientOBS
    RP634: 5/11/2010 06:02:24 PM - Software Distribution Service 3.0
    RP635: 5/12/2010 09:20:16 AM - Software Distribution Service 3.0
    RP636: 5/12/2010 09:36:54 AM - Printer Driver Microsoft Office Document Image Writer Installed
    RP637: 5/12/2010 10:58:18 AM - Software Distribution Service 3.0
    RP638: 5/13/2010 03:00:31 AM - Software Distribution Service 3.0
    RP639: 5/13/2010 09:33:43 AM - Software Distribution Service 3.0
    RP640: 5/14/2010 06:09:59 AM - Software Distribution Service 3.0
    RP641: 5/14/2010 09:49:48 PM - Software Distribution Service 3.0
    RP642: 5/15/2010 08:20:35 AM - Software Distribution Service 3.0
    RP643: 5/15/2010 08:57:31 AM - Software Distribution Service 3.0
    RP644: 5/15/2010 04:06:42 PM - Installed DirectX
    RP645: 5/15/2010 08:59:08 PM - Installed Windows Internet Explorer 8.
    RP646: 5/15/2010 08:59:56 PM - Software Distribution Service 3.0
    RP647: 5/16/2010 09:39:29 AM - Software Distribution Service 3.0
    RP648: 5/16/2010 09:40:35 AM - Restore Operation
    RP649: 5/16/2010 11:02:02 AM - Software Distribution Service 3.0
    RP650: 5/16/2010 11:49:10 AM - Restore Operation
    RP651: 5/16/2010 12:24:58 PM - Restore Operation
    RP652: 5/16/2010 12:43:32 PM - Software Distribution Service 3.0
    RP653: 5/16/2010 04:33:05 PM - Restore Operation
    RP654: 5/16/2010 04:54:06 PM - Software Distribution Service 3.0
    RP655: 5/16/2010 06:03:27 PM - Software Distribution Service 3.0
    RP656: 5/16/2010 08:04:59 PM - Software Distribution Service 3.0
    RP657: 5/16/2010 08:22:02 PM - Installed Windows Internet Explorer 8.
    RP658: 5/16/2010 08:23:02 PM - Software Distribution Service 3.0
    RP659: 5/16/2010 08:32:40 PM - Software Distribution Service 3.0
    RP660: 5/17/2010 12:18:15 AM - Software Distribution Service 3.0
    RP661: 5/17/2010 12:32:01 AM - Software Distribution Service 3.0
    RP662: 5/17/2010 01:15:30 AM - Installed AVG 9.0
    RP663: 5/17/2010 09:32:46 AM - Avg Update

    ==== Installed Programs ======================

    4200
    4200_Help
    4200Tour
    4200Trb
    Adobe Acrobat 6.0.1 Standard
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Apple Mobile Device Support
    Apple Software Update
    ATI Display Driver
    AuthenTec Fingerprint Sensor Minimum Install
    AVG 9.0
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.4
    Belkin Setup and Router Monitor
    Bing Maps 3D
    BlackBerry Desktop Software 5.0.1
    BlackBerry® Media Sync
    Bonjour
    Centra Client
    Check Printing Software 2000 V2.0
    Choice Guard
    Copy
    CreativeProjects
    Critical Update for Windows Media Player 11 (KB959772)
    DeductionPro 2009
    Director
    DocProc
    eFile Express 2009
    EGirl 1.5 (remove only)
    Embedded Security for HP ProtectTools Driver
    Fax
    FusionSoft DVD Player XP Version 4.5
    Glamour Strip Poker Video Edition 5.0
    Glamour Strip Poker Video Edition 6.0
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    H&R Block Deluxe + Efile + State 2009
    H&R Block Minnesota 2009
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Image Zone 3.5
    HP Integrated Module with Bluetooth wireless technology
    HP Product Detection
    HP PSC & OfficeJet 3.5
    HP Quick Launch Buttons 6.40 H2
    HP Software Update
    HPSystemDiagnostics
    IMVU Avatar Chat Software
    InstantShare
    Intel(R) Active Management Technology Device Software
    Intel(R) Management Engine Interface
    Intel(R) Network Connections Drivers
    InterCall Unified Meeting
    InterVideo DVD Check
    InterVideo WinDVD
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Junk Mail filter update
    Maxtor Manager
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 7.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access 2003
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Meeting 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mobile Broadband Generic Drivers
    MSN
    MSN Toolbar
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Network Magic
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    Overland
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    PhotoGallery
    PrintScreen
    QFolder
    QuickProjects
    QuickTime
    Readme
    RegCure
    RICOH R5C853 Driver WXP Ver.1.01.05
    Scan
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB980470)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB978262)
    Segoe UI
    SkinsHP1
    SkinsHP2
    Soft Data Fax Modem with SmartCP
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    Sprint Mobile Broadband (Novatel Wireless)
    TaxCut Colorado 2007
    TaxCut Colorado 2008
    TaxCut Minnesota 2008
    TaxCut Premium + Efile 2008
    TaxCut Premium + State 2007
    TINA-VPN
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Access 2007 Help (KB957241)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)
    Update for Microsoft Office Publisher 2007 Help (KB957249)
    Update for Microsoft Office Word 2007 Help (KB957252)
    Update for Microsoft Script Editor Help (KB957253)
    Update for Outlook 2007 Junk Email Filter (kb981726)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Webcam Watchdog 4.65a
    WebFldrs XP
    WebReg
    Windows Defender
    Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
    Windows Driver Package - Pure Networks, Inc. Network Magic Device Discovery Driver (03/14/2007 4.1.7073.2)
    Windows Driver Package - Pure Networks, Inc. Network Magic Wireless Driver (03/14/2007 4.1.7073.2)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WinZip E-Mail Companion
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger

    ==== Event Viewer Messages From Past Week ========

    5/17/2010 12:30:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the rpcapd service.
    5/17/2010 08:16:20 AM, error: Service Control Manager [7000] - The Pure Networks Network Magic Service service failed to start due to the following error: The system cannot find the path specified.
    5/17/2010 08:16:20 AM, error: Service Control Manager [7000] - The Network Magic Wireless Driver service failed to start due to the following error: The system cannot find the file specified.
    5/17/2010 08:16:20 AM, error: Service Control Manager [7000] - The Network Magic Device Discovery Driver service failed to start due to the following error: The system cannot find the file specified.
    5/16/2010 12:22:36 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid.
    5/16/2010 12:22:36 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid.
    5/16/2010 12:20:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IPSec Tcpip
    5/16/2010 12:20:32 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2010 08:28:23 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    5/15/2010 08:28:15 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology System Status Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:28:10 AM, error: Service Control Manager [7034] - The Maxtor Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:28:00 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    5/15/2010 08:27:55 AM, error: Service Control Manager [7034] - The Office Source Engine service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:27:46 AM, error: Service Control Manager [7034] - The AffinegyService service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:27:41 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/15/2010 08:27:36 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:27:26 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:27:16 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    5/15/2010 08:27:09 AM, error: Service Control Manager [7034] - The OSCM Utility Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:26:50 AM, error: Service Control Manager [7034] - The Intel(R) Active Management Technology User Notification Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:26:45 AM, error: Service Control Manager [7034] - The Viewpoint Manager Service service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:26:40 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    5/15/2010 08:26:34 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:26:12 AM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
    5/15/2010 08:19:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    5/15/2010 08:19:47 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/15/2010 08:15:44 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    5/15/2010 04:18:32 PM, error: Service Control Manager [7022] - The MSCamSvc service hung on starting.
    5/15/2010 03:57:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    5/15/2010 03:57:12 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2010 03:57:12 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2010 03:57:12 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2010 03:57:12 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2010 03:57:12 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/15/2010 03:56:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/15/2010 03:56:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/15/2010 03:56:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/14/2010 11:44:57 PM, error: System Error [1003] - Error code 10000050, parameter1 ba795000, parameter2 00000001, parameter3 8053a8e3, parameter4 00000000.
    5/14/2010 04:52:33 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    5/14/2010 04:21:26 PM, error: Service Control Manager [7034] - The Contivity VPN Service service terminated unexpectedly. It has done this 2 time(s).
    5/13/2010 11:58:18 AM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 192.168.2.2 (The DHCP Server sent a DHCPNACK message).
    5/13/2010 09:12:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
    5/13/2010 07:41:19 AM, error: Microsoft Antimalware [1008] -
    5/13/2010 05:56:19 PM, error: Dhcp [1002] - The IP address lease 192.168.2.102 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    5/13/2010 01:50:36 PM, error: Dhcp [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 192.168.2.2 (The DHCP Server sent a DHCPNACK message).
    5/12/2010 11:05:47 AM, error: Service Control Manager [7034] - The Contivity VPN Service service terminated unexpectedly. It has done this 1 time(s).
    5/12/2010 09:37:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    5/12/2010 09:37:38 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/12/2010 09:37:38 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/12/2010 09:09:19 AM, error: Dhcp [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 192.168.2.2 (The DHCP Server sent a DHCPNACK message).
    5/12/2010 09:08:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    5/12/2010 09:08:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    5/12/2010 07:25:48 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/12/2010 07:25:33 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    5/12/2010 07:06:23 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/12/2010 07:06:18 PM, error: Service Control Manager [7034] - The Remote Packet Capture Protocol v.0 (experimental) service terminated unexpectedly. It has done this 1 time(s).
    5/12/2010 06:51:02 PM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    5/12/2010 04:51:02 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer ST-DELL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDBFCEE8-4649-4D3A-A. The master browser is stopping or an election is being forced.
    5/12/2010 02:06:17 PM, error: Dhcp [1002] - The IP address lease 192.168.2.108 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 192.168.2.2 (The DHCP Server sent a DHCPNACK message).
    5/11/2010 05:47:11 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    5/11/2010 05:47:11 PM, error: Dhcp [1002] - The IP address lease 192.168.2.117 for the Network Card with network address 00215C97FB09 has been denied by the DHCP server 192.168.2.2 (The DHCP Server sent a DHCPNACK message).
    5/11/2010 01:25:42 PM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001EECEA2912 has been denied by the DHCP server 167.4.215.13 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
    kbcochran,
    #6
  8. 2010/05/17
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.

    BTW - As a new member with less than 10 posts any post you make which contains a URL requires approval (moderation) before it is visible.
     
    PeteC,
    #7
  9. 2010/05/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    ==============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
     
    broni,
    #8
  10. 2010/05/19
    kbcochran

    kbcochran Inactive Thread Starter

    Joined:
    2010/05/17
    Messages:
    8
    Likes Received:
    0
    GMER files

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-18 00:36:24
    Windows 5.1.2600 Service Pack 3
    Running: 6q3ozvuo[1].exe; Driver: C:\DOCUME~1\KEVINC~1\LOCALS~1\Temp\awtoruow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .rsrc C:\WINDOWS\system32\DRIVERS\ipsec.sys entry point in ".rsrc" section [0xB9EEE614]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DD000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[296] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
    .text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
    .text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DD000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[848] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
    .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\Explorer.EXE[1520] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\Temp\cf9ff221-cf08-43cc-b6db-f47e0bd45f7e.tmp (size mismatch) 200287/0 bytes executable
    File C:\WINDOWS\system32\DRIVERS\ipsec.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----
     
    kbcochran,
    #9
  11. 2010/05/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Go on...
     
    broni,
    #10
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...