Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Scotty barking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Scotty barking

Unread postby kassie126 » June 12th, 2011, 7:03 am

Problem:
===========
I am using WinXP with SP3.

Scotty gives one bark every few minutes but no pop-up. This started today. Winpatrol had a pop-up before this about flashplayer removal. I was going to upgrade flashplayer anyway, so I clicked to not allow.

Firefox browser stopped working earlier this year, but I don't know if that is related. I upgraded Firefox, did a clean install, tried a stand-alone version, but nothing worked. I tried Firefox again before posting to remind myself what the problem is. It loaded a page fine. I then opened the add-ons page which seemed a bit slow, so I started to type the previous info. I then went back to firefox. The add-on page had opened. Nothing happens when clicking to open one of the add-ons. I noticed Process Explorer from sysinternals showed Firefox at 48%. I then tried opening another web page with no luck.
When I couldn't fix Firefox, I moved to Google Chrome but it used up all my memory when I have a lot of tabs open. I am using Opera at the moment but it also has issues.

dds.txt log file:
=============
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by user at 12:54:23 on 2011-06-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.620 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
G:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
G:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
G:\WINDOWS\System32\svchost.exe -k netsvcs
G:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
G:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
G:\WINDOWS\Explorer.EXE
d:\Program Files\Sandboxie\SbieSvc.exe
d:\Program Files\Secunia\PSI\sua.exe
G:\Program Files\Google\Update\GoogleUpdate.exe
G:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\AA Stunnel\aa-stunnel.exe
d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
G:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Everything\Everything.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
G:\Program Files\Microsoft Security Client\msseces.exe
D:\Program Files\Vista Drive Icon\DrvIcon.exe
G:\Program Files\Common Files\Java\Java Update\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
D:\Program Files\RamBooster 2.0\Rambooster.exe
G:\Documents and Settings\user\Local Settings\Apps\F.lux\flux.exe
D:\Program Files\NetMeter\NetMeter.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\PeerBlock\peerblock.exe
D:\Program Files\Moo0 SystemMonitor 1.62 Portable\SystemMonitor.exe
D:\Program Files\CLCL\CLCL.exe
D:\Program Files\Process Explorer v14.01\procexp.exe
D:\Program Files\trayit_4_6_5_5\trayit_4_6_5_5\TrayIt!.exe
D:\Program Files\Update Notifier\updatenotifier.exe
G:\WINDOWS\system32\wscntfy.exe
svchost.exe
G:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
D:\Program Files\DCPlusPlus-0.689\DCPlusPlus.exe
D:\Program Files\Opera\opera.exe
G:\WINDOWS\explorer.exe
G:\Program Files\Microsoft Office\Office14\WINWORD.EXE
D:\Program Files\Safari\Safari.exe
G:\Program Files\Outlook Express\msimn.exe
D:\Program Files\foobar2000\foobar2000.exe
E:\SG250SA\UNZIPPED\treepad(TreePad Lite 3.0)\Treepad.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Microsoft Office\Office14\EXCEL.EXE
D:\Program Files\NetLimiter\NetLimiter.exe
G:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=g:\windows\system32\userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - d:\program files\orbitdownloader\orbitcth.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - g:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - g:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - d:\program files\orbitdownloader\GrabPro.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - g:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] g:\windows\system32\ctfmon.exe
uRun: [Taskbar Shuffle] d:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [RamBooster] d:\program files\rambooster 2.0\Rambooster.exe
uRun: [uTorrent] "d:\program files\utorrent\uTorrent.exe"
uRun: [ApplicationMonitor] "d:\program files\applicationmonitor\ApplicationMonitor.exe"
uRun: [F.lux] "g:\documents and settings\user\local settings\apps\f.lux\flux.exe" /noshow
uRun: [d:\program files\netmeter\netmeter.exe] d:\program files\netmeter\NetMeter.exe
uRun: [SandboxieControl] "d:\program files\sandboxie\SbieCtrl.exe"
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PeerBlock] d:\program files\peerblock\peerblock.exe
mRun: [DelReg] g:\program files\msi\dualcorecenter\DelReg.exe
mRun: [CoolSwitch] g:\windows\system32\taskswitch.exe
mRun: [Everything] "d:\program files\everything\Everything.exe" -startup
mRun: [WinPatrol] d:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSC] "g:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DrvIcon] d:\program files\vista drive icon\DrvIcon.exe
mRun: [SunJavaUpdateSched] "g:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "g:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [NetLimiter] d:\program files\netlimiter\NetLimiter.exe /s
dRun: [DWQueuedReporting] "g:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: g:\docume~1\user\startm~1\programs\startup\moo0 systemmonitor 1.62.lnk - d:\program files\moo0 systemmonitor 1.62 portable\SystemMonitor.exe
StartupFolder: g:\docume~1\user\startm~1\programs\startup\shortc~1.lnk - d:\program files\clcl\CLCL.exe
StartupFolder: g:\docume~1\user\startm~1\programs\startup\shortcut to procexp.exe.lnk - d:\program files\process explorer v14.01\procexp.exe
StartupFolder: g:\docume~1\user\startm~1\programs\startup\trayit!.lnk - d:\program files\trayit_4_6_5_5\trayit_4_6_5_5\TrayIt!.exe
StartupFolder: g:\docume~1\user\startm~1\programs\startup\update~1.lnk - d:\program files\update notifier\updatenotifier.exe
StartupFolder: g:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - g:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
StartupFolder: g:\docume~1\alluse~1\startm~1\programs\startup\Orbit.lnk -
StartupFolder: g:\docume~1\alluse~1\startm~1\programs\startup\autorunsdisabled\capi tray.lnk - d:\program files\intelligent isdn utilities\ccmon.exe
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - g:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - g:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - g:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - g:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - g:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
LSP: d:\program files\netlimiter\nl_lsp.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 7959226250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 9743141468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/ ... dtoolx.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: Interfaces\{1F4AE110-ABEC-47C9-B9F7-560A902A14B7} : NameServer = 196.43.38.190 196.43.42.190
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - g:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - g:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - g:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - g:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - g:\documents and settings\user\application data\mozilla\firefox\profiles\o5awtkr2.default\
FF - plugin: d:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: g:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: g:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: g:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: g:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iteraid;ITERAID_Service_Install;g:\windows\system32\drivers\iteraid.sys [2009-7-1 26112]
R1 MpFilter;Microsoft Malware Protection Driver;g:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;g:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 CAPI;CAPI 2.0 Service;g:\windows\system32\drivers\capi.sys [2008-11-28 27699]
R2 NDISCAPI;NDIS CAPI Service;g:\windows\system32\drivers\ndiscapi.sys [2008-11-28 26684]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;d:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-4-5 196912]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 TomTomHOMEService;TomTomHOMEService;d:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;g:\windows\system32\drivers\BazisVirtualCDBus.sys [2009-11-17 98400]
R3 colusb;Intelligent ISDN USB ISDN Driver;g:\windows\system32\drivers\colusb.sys [2008-11-28 100819]
R3 DualCoreCenter;DualCoreCenter;g:\program files\msi\dualcorecenter\NTGLM7X.sys [2009-1-8 28672]
R3 EPPSCSIx;EPPSCSI Driver;g:\windows\system32\drivers\eppscan.sys [2010-1-1 97880]
R3 osppsvc;Office Software Protection Platform;g:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 pbfilter;pbfilter;d:\program files\peerblock\pbfilter.sys [2011-5-3 19056]
R3 RushTopDevice2;RushTopDevice2;g:\program files\msi\dualcorecenter\RushTop.sys [2009-1-8 55296]
R3 SbieDrv;SbieDrv;d:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
R3 usb2mpa;Intelligent ISDN USB WAN Driver;g:\windows\system32\drivers\usb2mpa.sys [2008-11-28 336440]
R3 vmdmc;Intelligent VComm+ Port Driver;g:\windows\system32\drivers\vmdmc.sys [2008-11-28 355921]
R3 vmdmd;Intelligent Fax Port Driver;g:\windows\system32\drivers\vmdmd.sys [2008-11-28 186048]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\program files\moo0 systemmonitor 1.62 portable\WinRing0.sys [2008-7-26 14416]
S2 cpuz132;cpuz132;\??\g:\windows\system32\drivers\cpuz132_x32.sys --> g:\windows\system32\drivers\cpuz132_x32.sys [?]
S2 gupdate;Google Update Service (gupdate);g:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [2009-1-8 1684736]
S3 cpuz131;cpuz131;\??\g:\docume~1\user\locals~1\temp\cpuz131\cpuz_x32.sys --> g:\docume~1\user\locals~1\temp\cpuz131\cpuz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);g:\program files\google\update\GoogleUpdate.exe [2009-9-13 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;g:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 mosuport;USB Serial/Parallel Ports;g:\windows\system32\drivers\mosuport.sys [2010-1-1 867062]
S3 PSI;PSI;g:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2011-1-10 993848]
S3 UCORESYS;UCORESYS;\??\g:\progra~1\msi\liveup~1\flashuty\ami\afuwin\ucoresys.sys --> g:\progra~1\msi\liveup~1\flashuty\ami\afuwin\UCORESYS.SYS [?]
S4 tvnserver;TightVNC Server;g:\program files\tightvnc\tvnserver.exe [2010-6-30 815704]
.
=============== Created Last 30 ================
.
2011-06-11 20:30:09 6962000 ----a-w- g:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{699d0657-ae08-43c5-aac9-9f1157589b3e}\mpengine.dll
2011-06-02 18:45:38 -------- d-----w- g:\program files\Microsoft Office Labs
2011-05-30 17:35:07 -------- d-----w- g:\program files\Microsoft Synchronization Services
2011-05-30 17:34:28 -------- d-----w- g:\program files\Microsoft SQL Server Compact Edition
2011-05-30 17:34:28 -------- d-----w- g:\documents and settings\all users\Microsoft
2011-05-30 17:32:54 -------- d-----w- g:\program files\Microsoft Visual Studio 8
2011-05-30 17:32:04 -------- d-----w- g:\program files\Microsoft Analysis Services
2011-05-30 17:31:56 -------- d-----w- g:\windows\SHELLNEW
2011-05-30 17:31:41 -------- d-----w- g:\documents and settings\user\local settings\application data\Microsoft Help
2011-05-26 18:41:21 116224 -c--a-w- g:\windows\system32\dllcache\xrxwiadr.dll
2011-05-26 18:41:18 23040 -c--a-w- g:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-26 18:41:18 18944 -c--a-w- g:\windows\system32\dllcache\xrxscnui.dll
2011-05-26 18:41:14 27648 -c--a-w- g:\windows\system32\dllcache\xrxftplt.exe
2011-05-26 18:41:11 4608 -c--a-w- g:\windows\system32\dllcache\xrxflnch.exe
2011-05-26 18:41:00 99865 -c--a-w- g:\windows\system32\dllcache\xlog.exe
2011-05-26 18:39:57 64605 -c--a-w- g:\windows\system32\dllcache\vvoice.sys
2011-05-26 18:38:57 69632 -c--a-w- g:\windows\system32\dllcache\umaxu12.dll
2011-05-26 18:37:57 4992 -c--a-w- g:\windows\system32\dllcache\toside.sys
2011-05-26 18:36:59 94293 -c--a-w- g:\windows\system32\dllcache\sxports.dll
2011-05-26 18:35:59 114688 -c--a-w- g:\windows\system32\dllcache\sonypi.dll
2011-05-26 18:34:59 157696 -c--a-w- g:\windows\system32\dllcache\sisv256.dll
2011-05-26 18:32:49 17280 -c--a-w- g:\windows\system32\dllcache\scr111.sys
2011-05-26 18:31:57 79872 -c--a-w- g:\windows\system32\dllcache\rwia430.dll
2011-05-26 18:31:55 29696 -c--a-w- g:\windows\system32\dllcache\rw450ext.dll
2011-05-26 18:31:54 27648 -c--a-w- g:\windows\system32\dllcache\rw430ext.dll
2011-05-26 18:31:53 20992 -c--a-w- g:\windows\system32\dllcache\rtl8139.sys
2011-05-26 18:31:50 19017 -c--a-w- g:\windows\system32\dllcache\rtl8029.sys
2011-05-26 18:31:48 30720 -c--a-w- g:\windows\system32\dllcache\rthwcls.sys
2011-05-26 18:31:44 9216 -c--a-w- g:\windows\system32\dllcache\rsmgrstr.dll
2011-05-26 18:31:41 3840 -c--a-w- g:\windows\system32\dllcache\rpfun.sys
2011-05-26 18:31:39 79104 -c--a-w- g:\windows\system32\dllcache\rocket.sys
2011-05-26 18:31:36 37563 -c--a-w- g:\windows\system32\dllcache\rlnet5.sys
2011-05-26 18:31:33 86097 -c--a-w- g:\windows\system32\dllcache\reslog32.dll
2011-05-26 18:29:59 363520 -c--a-w- g:\windows\system32\dllcache\psisdecd.dll
2011-05-26 18:28:57 41984 -c--a-w- g:\windows\system32\dllcache\ovui2rc.dll
2011-05-26 18:27:40 9344 -c--a-w- g:\windows\system32\dllcache\ntapm.sys
2011-05-26 18:26:58 35392 -c--a-w- g:\windows\system32\dllcache\n9i128.dll
2011-05-26 18:25:57 6528 -c--a-w- g:\windows\system32\dllcache\miniqic.sys
2011-05-26 18:24:57 15744 -c--a-w- g:\windows\system32\dllcache\lit220p.sys
2011-05-26 18:23:57 13056 -c--a-w- g:\windows\system32\dllcache\inport.sys
2011-05-26 18:22:50 488383 -c--a-w- g:\windows\system32\dllcache\hsf_v124.sys
2011-05-26 18:21:59 101376 -c--a-w- g:\windows\system32\dllcache\hpgt34.dll
2011-05-26 18:19:53 24618 -c--a-w- g:\windows\system32\dllcache\fa410nd5.sys
2011-05-26 18:18:58 153631 -c--a-w- g:\windows\system32\dllcache\el90xnd5.sys
2011-05-26 18:17:59 20928 -c--a-w- g:\windows\system32\dllcache\defpa.sys
2011-05-26 18:16:59 32256 -c--a-w- g:\windows\system32\dllcache\diapi2NT.dll
2011-05-26 18:15:59 97354 -c--a-w- g:\windows\system32\dllcache\aspndis3.sys
2011-05-26 18:14:58 66048 -c--a-w- g:\windows\system32\dllcache\s3legacy.dll
2011-05-24 18:30:06 -------- d-----w- g:\documents and settings\user\application data\Millennia
2011-05-19 18:23:08 404640 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 16:21:34 73728 ----a-w- g:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2011-05-29 07:11:30 39984 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11:20 22712 ----a-w- g:\windows\system32\drivers\mbam.sys
2011-05-14 16:21:19 472808 ----a-w- g:\windows\system32\deployJava1.dll
2011-04-05 19:55:56 17712 ----a-w- g:\windows\system32\nitrolocalui.dll
2011-04-05 19:55:54 26416 ----a-w- g:\windows\system32\nitrolocalmon.dll
2011-03-18 16:40:18 1556992 ----a-w- g:\windows\is-Q2LIH.exe
.
============= FINISH: 12:55:25.09 ===============

attach.txt file:
============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 11/28/2008 6:25:21 PM
System Uptime: 6/11/2011 8:36:53 AM (28 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7528
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 2016/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 2 GiB total, 1.893 GiB free.
D: is FIXED (NTFS) - 5 GiB total, 0.744 GiB free.
E: is FIXED (NTFS) - 121 GiB total, 10.972 GiB free.
F: is FIXED (NTFS) - 84 GiB total, 10.192 GiB free.
G: is FIXED (NTFS) - 21 GiB total, 4.635 GiB free.
H: is FIXED (NTFS) - 30 GiB total, 2.505 GiB free.
I: is FIXED (NTFS) - 155 GiB total, 35.883 GiB free.
J: is FIXED (NTFS) - 155 GiB total, 59.75 GiB free.
K: is FIXED (NTFS) - 155 GiB total, 50.795 GiB free.
L: is FIXED (NTFS) - 116 GiB total, 43.361 GiB free.
M: is FIXED (NTFS) - 116 GiB total, 51.83 GiB free.
N: is FIXED (NTFS) - 48 GiB total, 5.528 GiB free.
O: is CDROM ()
P: is FIXED (NTFS) - 78 GiB total, 70.983 GiB free.
Q: is FIXED (NTFS) - 78 GiB total, 7.898 GiB free.
R: is FIXED (NTFS) - 3 GiB total, 0.227 GiB free.
S: is FIXED (NTFS) - 43 GiB total, 6.122 GiB free.
T: is FIXED (NTFS) - 47 GiB total, 5.042 GiB free.
U: is FIXED (NTFS) - 47 GiB total, 6.728 GiB free.
V: is FIXED (NTFS) - 47 GiB total, 4.814 GiB free.
W: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
1820 Settler Family Trees
7-Zip 9.20
Absolute Uninstaller 2.8.0.636
AC3Filter 1.63b
Acronis Disk Director Suite
Acronis True Image
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 2.0
Agent Ransack 2010
Alt-Tab Task Switcher Powertoy for Windows XP
ApexDC++ 1.3.6 (32-bit)
Apple Application Support
Apple Software Update
AQScript_0.7.0.134_installer_0.24
ArcSoft PhotoStudio 5.5
Ask Toolbar
Auslogics Duplicate File Finder
Belarc Advisor 8.1
Calculator Powertoy for Windows XP
Canon CanoScan Toolbox 4.8
CCleaner
CD Audio Reader Filter (remove only)
CDBurnerXP
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Cool Timer 3.7
CPUID CPU-Z 1.56
CyberLink DVD Suite
CyberLink PowerProducer
DC++ 0.770
DCoder Image Source (remove only)
Definition update for Microsoft Office 2010 (KB982726)
Device Doctor
Driver Magician Lite 3.55
DriverMax 5
DualCoreCenter
DVDFab 8.0.6.1 (18/12/2010)
DVDStyler v1.8.2
e-Backup 1.42
ESET Online Scanner v3
EULAlyzer 2.0
F.lux
FastStone Image Viewer 3.9
FFMPEG Core Files (remove only)
FitByFun
foobar2000 v1.1.1
FormatFactory 2.60
Foxit Reader
Gabest MPEG Splitter (remove only)
Garmap Africa Series 2008 Southern Africa Streetmaps, March Edition
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Update Helper
GreenBrowser
Handbrake 0.9.4
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp deskjet 5100
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
HP Smart Web Printing 4.60
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intelligent ISDN Utilities
Java Auto Updater
Java(TM) 6 Update 25
K-Lite Mega Codec Pack 6.6.6
Legacy 7.5
Legacy Charting 7.5
Levelator
LG ODD Auto Firmware Update
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware version 1.51.0.1200
Manual CanoScan 8400F
Maxthon2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.1
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel Viewer
Microsoft Office Excel Viewer 2003
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Labs Search Commands
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 14
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
MiraScan V3.41
Mozilla Firefox 4.0 (x86 en-US)
MP3-Check (v1.0.40.0)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NetLimiter 0.91 BETA 3 (remove only)
Nitro PDF Reader
Notepad++
NTFS4DOS
OGA Notifier 2.0.0048.0
OmniPage SE 2.0
OpenOffice.org 3.2
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
Opera 11.01
Opera 11.11
Orbit Downloader
PC Connectivity Solution
pcBaseline
PeerBlock 1.1 (r518)
Personal Ancestral File 5
Personal Ancestral File Companion 5.4
PhotoScape
POIEditor
PoiSpeedConvFree
PoiSpeedConvPro
Presto! PageManager 6.11
QuickTime Alternative 3.2.2
RadarSync PC Updater 2010
RadarSync PC Updater 2011
RamBooster
Real Alternative 2.0.2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Renamer 1.1
Safari
Sandboxie 3.442
SeaTools Enterprise
Secunia PSI (2.0.0.3001)
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SilverFast CanonSDK-SE
SilverFast CanonSDK-SE TWAIN
SilverFast SE CD Documentation 6.2.0
Sizer (remove only)
Skype™ 4.1
Slideshow Generator Powertoy for Windows XP
SmartWebPrinting
SoftSwitch USB Server 1 0429
Songbird 1.9.3 (Build 1959)
SpeedFan (remove only)
SRWare Iron 11.0.700.3
StrongDC++ 2.41
SUPERAntiSpyware
TeraCopy 2.12
TightVNC 2.0
Timershot Powertoy for Windows XP
TomTom HOME 2.8.1.2218
TomTom HOME Visual Studio Merge Modules
Tweak UI
UBCD4Win 3.50
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Notifier
USB Compound Device
ViewSonic Monitor Drivers
Virtual Desktop Manager Powertoy for Windows XP
Vista Drive Icon 1.4
VLC media player 1.1.7
WebFldrs XP
WinCDEmu
Windows 7 Upgrade Advisor Beta
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinMerge 2.12.4
WinPatrol
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
6/8/2011 6:50:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1314.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/7/2011 8:43:27 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The attempted operation is not supported for the type of object referenced.
6/7/2011 8:43:27 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
6/7/2011 8:43:27 PM, error: Service Control Manager [7000] - The cpuz132 service failed to start due to the following error: The system cannot find the file specified.
6/7/2011 8:35:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
6/7/2011 8:26:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'general.ini' on the volume 'HarddiskVolume6'. It has stopped monitoring the volume.
6/7/2011 8:16:41 PM, error: Service Control Manager [7034] - The stunnel service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 8:16:26 PM, error: Service Control Manager [7034] - The NitroPDFReaderDriverCreatorReadSpool service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 8:16:19 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
6/7/2011 6:18:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1314.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/12/2011 8:47:03 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1773.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80072ee2 Error description: The operation timed out
6/10/2011 6:45:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1314.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================


Thanks
Anton
kassie126
Active Member
 
Posts: 5
Joined: June 12th, 2011, 6:33 am
Advertisement
Register to Remove

Re: Scotty barking

Unread postby melboy » June 14th, 2011, 6:58 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=================================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate µTorrent and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.



CKScanner

Download CKScanner from here

  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Scotty barking

Unread postby kassie126 » June 15th, 2011, 2:01 pm

Hi, melboy

N.S. I am on dial-up but I connect on Wednesday evenings and weekends so I should be able to reply in 3 days.

I've uninstalled utorrent.

I ran CKScanner twice because it only gave me:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
kassie126
Active Member
 
Posts: 5
Joined: June 12th, 2011, 6:33 am

Re: Scotty barking

Unread postby melboy » June 15th, 2011, 2:12 pm

Hi

Ok, thanks for letting me know. Do what I ask below over the next couple of days and post the logs at the weekend.



Update Java Runtime

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is: Java Runtime Environment Version 6 Update 26.

  • Go to Oracle Java
  • Scroll down to where it says "Java Platform, Standard Edition. Java SE 6 Update 26"
  • Click the Download JRE button to the right.
  • Check the box to Accept License Agreement
  • In the list of files, Look to Windows x86 Offline & click on the link to the right which says "jre-6u26-windows-i586.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java via Start > Control Panel > Add/Remove Programs:
    Java(TM) 6 Update 25
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.



Defence Inspector

Please download Defence Inspector and save it to your desktop.

  • Double-click DefenceInspector.exe to run it.
  • When presented with the option to begin the scan, please press any key to continue.
  • When DefenceInspector has finished scanning a log will appear.
  • Please post the contents of this log in your next reply.




In your next reply:
  1. MBAM log
  2. ESET log
  3. DefenceInspector log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Scotty barking

Unread postby kassie126 » June 17th, 2011, 1:21 pm

Java updated to Version 6 Update 26

Ran TFC

Malwarebytes' Anti-Malware, ESET and Defence Inspector logs below

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6863

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/15/2011 9:30:51 PM
mbam-log-2011-06-15 (21-30-51).txt

Scan type: Quick scan
Objects scanned: 166894
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=56975a9d3aec7849b03da9479c6dd301
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-16 04:02:38
# local_time=2011-06-16 06:02:38 (+0200, South Africa Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 71456886 71456886 0 0
# compatibility_mode=5891 16776869 42 87 8748 20218442 0 0
# compatibility_mode=8192 67108863 100 0 15986230 15986230 0 0
# scanned=484855
# found=54
# cleaned=0
# scan_time=30180
E:\SG250SA\UNZIPPED\NETLIMITERpatch\Crack\patch.exe a variant of Win32/Tool.TPE.A application (unable to clean) 00000000000000000000000000000000 I
E:\SG250SA\UNZIPPED\PHARAOH\Trainer.exe a variant of Win32/GameHack.AD application (unable to clean) 00000000000000000000000000000000 I
E:\SG250SA\UNZIPPED\Protected Storage PassView\pspv.exe Win32/PassView.1_50 application (unable to clean) 00000000000000000000000000000000 I
E:\SG250SA\UNZIPPED\StartupRun v1.21\strun.exe Win32/StartupRun.AA application (unable to clean) 00000000000000000000000000000000 I
G:\UBCD4Win\BartPE\PROGRAMS\sdfix\SDFix.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
G:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\ApexDC++_1.3.6_setup-x86.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\apt(diamondcs Advanced Process Termination).zip Win32/APT application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\astlog(Asterisk Logger v1.04).zip Win32/PSWTool.AsteriskLogger.104 application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\astlog(Asterisk Logger).zip Win32/PSWTool.AsteriskLogger.103 application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\astlog.zip Win32/PSWTool.AsteriskLogger.A application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\ByeTunes(iTunes removal tool).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\cdbxp_setup_4.3.7.2423.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\cdbxp_setup_4.3.8.2474(cdburnerxp).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\cdbxp_setup_4.3.8.2474.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\CNET_TechTracker_1_3_1_55_Setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\fdminst3(Free Download Manager 3.0 build 852).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\FFSetup2(FormatFactory 2.00).zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\freeripmp3(FreeRip 3.08).exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\fsaver(2Flyer Screensaver Builder 2.1).zip probably a variant of Win32/TrojanDownloader.Agent.JHYXVKC trojan (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\hfs(Http File Server).exe a variant of Win32/Server-Web.HFS.A application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\McRem2(remove a damaged McAfee installation).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\MediaCoder-PSP-0.7.1.4450.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\MediaInfo_GUI_0.7.17_Windows_i386.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\MediaInfo_GUI_0.7.18_Windows_i386.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\MSNuisance(MSN_Live Messenger removal tool).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\NoBeReader(Adobe Acrobat Reader removal tool).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitDownloaderSetup(Orbit Downloader 3.0.0.1).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitDownloaderSetup(Orbit Downloader 3.0.0.3).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitDownloaderSetup4002.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitSetup4.0.11.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitSetup4.0.4(Orbit Downloader 4.0.0.4).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitSetup4.0.5.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitSetup4.0.8.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\OrbitSetup4.1.00.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\Pharaoh with Cleopatra Expansion.exe a variant of Win32/GameHack.AD application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\produkey(ProduKey - 1.31).zip a variant of Win32/PSWTool.ProductKey application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\produkey(ProduKey v1.04 - Recover lost product key (CD-Key) of Windows_MS-Office).zip a variant of Win32/PSWTool.ProductKey.B application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\produkey(ProduKey v1.26).zip Win32/PSWTool.ProductKey.126 application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\Setup_FreeConverter(Free Mp3 Wma Converter V1.8).exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\Setup_FreeFlvConverter(Free FLV Converter 1.2.1).exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\siw-setup(v2010.03.10).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\smitRem(v3.2Trojan-Spy.HTML.Smitfraud.c removal tool).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\SPlayerSetupInt(3.5).exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\tiny_usb_office(Tiny USB Office 1.0).zip a variant of Win32/Server-Web.HFS.A application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\UBCD4WinV350(1).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\UnZoone(removes flawed Zune software).exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\va220(speedbit video accelerator).exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\VSO.Software.ConvertXtoDVD.v2.0.16.137.Cracked-F4CG.rar a variant of Win32/HackTool.Patcher.A application (unable to clean) 00000000000000000000000000000000 I
M:\DOWNLOADS\XPSafeGuardSetup(XP SafeGuard 1.0.11).exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
S:\DC++DOWNLOADS\AQS Files and Faqs\Files\Clients\ApexDC++\ApexDC++_1.3.6_setup-x64.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
S:\UNZIPPED\ASTERISK LOGGER 104\astlog.exe Win32/PSWTool.AsteriskLogger.104 application (unable to clean) 00000000000000000000000000000000 I

Defence Inspector (Version 1.0.1)
Log created at 06:55:46 on June 16, 2011

-= System =-
Windows XP (32-bit, Service Pack 3)
Windows Update: Disabled
System Restore: OFF

-= User Accounts =-
Administrator (Admin)
Guest (Disabled)
HelpAssistant (Disabled)
SUPPORT_388945a0 (Disabled)
user (Admin)

-= Security Programs =-
Malwarebytes' Anti-Malware
Microsoft Security Essentials
Spybot S&D
SUPERAntiSpyware
WinPatrol
WinPatrol 2011
Windows Firewall: Enabled

-= Other Programs =-
Adobe Flash Player (ActiveX) 10.3.181.23
Google Chrome 12.0.742.91
Internet Explorer 8.0.6001.18702
Java 1.6.0_26
Mozilla Firefox 4.0 (en-US)
Safari 5.33.19.4
Opera 11.01.1190
Opera 11.11.2109

-= EOF =-
kassie126
Active Member
 
Posts: 5
Joined: June 12th, 2011, 6:33 am

Re: Scotty barking

Unread postby melboy » June 17th, 2011, 4:35 pm

Cracks, Keygens, Warez etc.

As the log(s) you've posted indicate, you've used one or more of the above.

>> Forum Policy <<

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Along with P2P filesharing, this is a surefire way to get your computer is infected. Downloading cracks via P2P or visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

Additionally, cracked programs are illegal. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked copies is illegal in almost every developed country.


Please post back to confirm the removal of the illegal items.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Scotty barking

Unread postby kassie126 » June 18th, 2011, 3:30 am

Hi,

Deleted folders with crack in name and uninstalled G:\UBCD4Win
kassie126
Active Member
 
Posts: 5
Joined: June 12th, 2011, 6:33 am

Re: Scotty barking

Unread postby melboy » June 18th, 2011, 6:56 am

Hi

The ESET log shows lots of tools in your downloads folder that can be used for nefarious purpose as well as having legitmate uses, which is why Antivirus software may detect them.
(Win32/PrcView, Win32/PSWTool.AsteriskLogger.104, Win32/APT, Win32/StartupRun.AA, Win32/PSWTool.ProductKey etc)
EG: produkey(ProduKey - 1.31).zip a variant of Win32/PSWTool.ProductKey application.
I've no doubt you knowingly downloaded them for use by yourself.

There's also a lot of installer/setup files which bundle adware and/or toolbars etc. (Win32/Adware.ADON, Win32/OpenCandy, Win32/AdInstaller, Win32/Adware.Toolbar.Dealio) EG: OrbitDownloaderSetup4002.exe Win32/OpenCandy application
http://www.microsoft.com/security/porta ... FOpenCandy
Always download from reputable sources and read the EULA before installing software and pay close attention to the install process, look for pre-checked options and opt out of any unwanted extras if necessary. Understand what you are agreeing to before installing.

Game cracks, like other warez as previously explained, are always risky business.



OTM


Download OTM by Old Timer and save it to your Desktop.

  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
    E:\SG250SA\UNZIPPED\NETLIMITERpatch\Crack\patch.exe
    E:\SG250SA\UNZIPPED\PHARAOH\Trainer.exe
    M:\DOWNLOADS\Pharaoh with Cleopatra Expansion.exe 
    M:\DOWNLOADS\fsaver(2Flyer Screensaver Builder 2.1).zip
    M:\DOWNLOADS\VSO.Software.ConvertXtoDVD.v2.0.16.137.Cracked-F4CG.rar
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    
  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/paste the contents of that report back here in your next reply.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.




Post the OTM log & GMER log and let me know what problems you now have.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Scotty barking

Unread postby kassie126 » June 18th, 2011, 11:22 am

Hi,

My internet connection is giving problems. It disconnected 5 times today, not counting the time OTM by Old Timer killed all open programs including the desktop.

Can you recommend a forum to help fix Firefox as per my first post.

Win32/Adware.ADON, Win32/OpenCandy, Win32/AdInstaller, Win32/Adware.Toolbar.Dealio) EG: OrbitDownloaderSetup4002.exe Win32/OpenCandy is my download manager. Can you recommend a clean one.

Windows Update shows 18 new patches. When can I installed them.

gmer bluescreens the pc.
STOP:0X0000007E
I ran it a 2nd time and tried to take screen captures. The last one is about 5 sec before the blue screen.
The gif file is 32kb if you'd like me to attach it.

OTM log:

All processes killed
========== FILES ==========
File/Folder E:\SG250SA\UNZIPPED\NETLIMITERpatch\Crack\patch.exe not found.
E:\SG250SA\UNZIPPED\PHARAOH\Trainer.exe moved successfully.
M:\DOWNLOADS\Pharaoh with Cleopatra Expansion.exe moved successfully.
M:\DOWNLOADS\fsaver(2Flyer Screensaver Builder 2.1).zip moved successfully.
M:\DOWNLOADS\VSO.Software.ConvertXtoDVD.v2.0.16.137.Cracked-F4CG.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 5752 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: user
->Temp folder emptied: 1395840 bytes
->Temporary Internet Files folder emptied: 1801131 bytes
->Java cache emptied: 37579 bytes
->FireFox cache emptied: 9265654 bytes
->Google Chrome cache emptied: 10167984 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63713 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 22.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06182011_162203

Files moved on Reboot...
G:\WINDOWS\temp\Perflib_Perfdata_bc8.dat moved successfully.

Registry entries deleted on Reboot...
kassie126
Active Member
 
Posts: 5
Joined: June 12th, 2011, 6:33 am

Re: Scotty barking

Unread postby melboy » June 18th, 2011, 12:03 pm

Hi

Try GMER again. This time, along with:

  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

Also uncheck:

  • Devices

If GMER continues to blue screen:


RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. UNcheck the rest. then Click OK.
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. (eg. desktop) then Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Note: Do not run any programs while RKUnHooker is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Scotty barking

Unread postby melboy » June 20th, 2011, 4:03 pm

Hi kassie126

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Scotty barking

Unread postby NonSuch » June 21st, 2011, 5:32 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware