Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MalWare Microsoft Essentials fake error

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 4th, 2011, 9:28 pm

Microsoft Security Essentials is turned off. When I try to start, i get error 0x80070005. Access denied. Pressed help button on error message. Microsoft Security Essentials Home Screen popped up, requested help. Microsoft Security Tech Omar offered assistance, asked permission to take over computer, when he did, he opened a Cleanup file in my C:/ drive and downloaded Norton antivirus. Computer went down and when it came up I had the blue screen of death. Restarted and computer started fine. Microsoft 'red tent' still on bottom of screen. Same error Message. I googled error and it said the error itself is a virus.
I could not run malwarebytes from my computer, error message. Don't have permission to run this file. Tried to run from jump drive in safe mode, cleaned up 33 viruses, but left jump drive in when I restarted and the red tent was still there. Now if I try to run malwarebytes from that jump drive, it says nothing is on that hardware.
The status bar also shows my updates are turned off. When I click on it, the Security Center screen comes up and when I press turn on, it says "We're sorry, we cannot turn updates on. Try to turn them on yourself." When I go to control center, my automatic updates are on. So the off updates are a virus also.
I also ran bitdefender, it found nothing, but said there was a possible problem. An file could not be scanned.
Well, I cannot think of anything else to add. Thank you for your help.

I had to pull up each file, select all and then copy and paste. I could not get it to paste from the desktop.
Here is dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tad Jr at 21:11:18 on 2011-10-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1561 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\194191267:1558211828.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 8338638062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9718F87D-7BE4-47D2-B95E-828D24810E92} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tad jr\application data\mozilla\firefox\profiles\pc76qjlv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b17d7b7 ... g=en-US&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54808
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-19 54760]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-8-22 245760]
S1 MpKslc9b243cb;MpKslc9b243cb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b49cee30-78d3-4e01-9480-761200ad08f4}\mpkslc9b243cb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b49cee30-78d3-4e01-9480-761200ad08f4}\MpKslc9b243cb.sys [?]
S1 MpKsld94e30c3;MpKsld94e30c3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948216d9-0393-4147-b6c0-9387b021f878}\mpksld94e30c3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{948216d9-0393-4147-b6c0-9387b021f878}\MpKsld94e30c3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2007-12-16 248416]
.
=============== Created Last 30 ================
.
2011-10-01 22:31:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-01 20:51:14 -------- d-----w- c:\documents and settings\tad jr\local settings\application data\NPE
2011-10-01 20:51:14 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-10-01 20:14:37 -------- d-----w- c:\documents and settings\tad jr\application data\Malwarebytes
2011-10-01 20:14:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-29 01:56:58 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c85c12ea-f0cc-4fd6-a377-6ee0a7c0ffaa}\offreg.dll
2011-09-25 08:33:06 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c85c12ea-f0cc-4fd6-a377-6ee0a7c0ffaa}\mpengine.dll
.
==================== Find3M ====================
.
2011-09-07 16:51:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:12:52.15 ===============

Here is attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/16/2005 4:31:00 PM
System Uptime: 10/4/2011 8:53:58 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0X9238
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 8.407 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP754: 8/13/2011 6:30:22 AM - System Checkpoint
RP755: 8/14/2011 9:16:06 AM - System Checkpoint
RP756: 8/15/2011 10:30:22 AM - System Checkpoint
RP757: 8/16/2011 10:32:07 AM - System Checkpoint
RP758: 8/17/2011 12:29:17 PM - System Checkpoint
RP759: 8/18/2011 2:30:24 PM - System Checkpoint
RP760: 8/19/2011 4:49:48 PM - System Checkpoint
RP761: 8/20/2011 7:56:34 PM - System Checkpoint
RP762: 8/21/2011 8:29:17 PM - System Checkpoint
RP763: 8/22/2011 8:45:22 PM - System Checkpoint
RP764: 8/22/2011 8:50:02 PM - Installed ScanSoft PaperPort 11
RP765: 8/22/2011 8:51:46 PM - Installed PaperPort Image Printer
RP766: 8/22/2011 8:52:05 PM - Printer Driver Nuance Image Printer Driver Installed
RP767: 8/22/2011 8:53:55 PM - Installed Brother Software Suite
RP768: 8/22/2011 8:57:04 PM - Unsigned printer driver Brother PC-FAX v.2.1 installed.
RP769: 8/23/2011 4:06:22 PM - Removed HiJackThis
RP770: 8/23/2011 4:07:09 PM - Removed MaxBlast 4
RP771: 8/23/2011 4:08:09 PM - Removed Microsoft Plus! Digital Media Edition Installer
RP772: 8/23/2011 4:12:42 PM - Removed QuickSet
RP773: 8/23/2011 4:14:08 PM - Removed World Championship Poker 2
RP774: 8/24/2011 4:47:56 PM - System Checkpoint
RP775: 8/25/2011 5:19:20 PM - System Checkpoint
RP776: 8/26/2011 6:35:41 PM - System Checkpoint
RP777: 8/27/2011 8:47:03 PM - System Checkpoint
RP778: 8/28/2011 10:34:35 PM - System Checkpoint
RP779: 8/29/2011 10:35:37 PM - System Checkpoint
RP780: 8/31/2011 12:34:32 AM - System Checkpoint
RP781: 9/1/2011 2:14:01 AM - System Checkpoint
RP782: 9/2/2011 4:13:58 AM - System Checkpoint
RP783: 9/3/2011 8:02:19 AM - System Checkpoint
RP784: 9/4/2011 8:37:32 AM - System Checkpoint
RP785: 9/5/2011 10:15:35 AM - System Checkpoint
RP786: 9/6/2011 10:42:50 AM - System Checkpoint
RP787: 9/7/2011 12:16:40 PM - System Checkpoint
RP788: 9/8/2011 12:49:34 PM - System Checkpoint
RP789: 9/9/2011 1:57:15 PM - System Checkpoint
RP790: 9/10/2011 2:58:25 PM - System Checkpoint
RP791: 9/11/2011 3:27:33 PM - System Checkpoint
RP792: 9/12/2011 6:24:23 PM - System Checkpoint
RP793: 9/13/2011 6:58:23 PM - System Checkpoint
RP794: 9/14/2011 7:11:50 PM - System Checkpoint
RP795: 9/15/2011 7:35:15 PM - System Checkpoint
RP796: 9/16/2011 8:25:21 PM - System Checkpoint
RP797: 9/17/2011 10:25:21 PM - System Checkpoint
RP798: 9/19/2011 12:25:21 AM - System Checkpoint
RP799: 9/20/2011 2:25:21 AM - System Checkpoint
RP800: 9/21/2011 4:49:08 AM - System Checkpoint
RP801: 9/22/2011 6:48:29 AM - System Checkpoint
RP802: 9/23/2011 7:44:18 AM - System Checkpoint
RP803: 9/24/2011 9:26:19 AM - System Checkpoint
RP804: 9/25/2011 10:43:49 AM - System Checkpoint
RP805: 9/26/2011 1:02:05 PM - System Checkpoint
RP806: 9/27/2011 2:58:27 PM - System Checkpoint
RP807: 9/28/2011 5:06:24 PM - System Checkpoint
RP808: 9/29/2011 6:00:48 PM - System Checkpoint
RP809: 9/30/2011 7:20:31 PM - System Checkpoint
RP810: 10/4/2011 7:00:11 AM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
ALPS Touch Pad Driver
AOLIcon
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Broadcom Management Programs 2
Brother MFL-Pro Suite MFC-J265W
Conexant D110 MDC V.9x Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 3
Macromedia Flash Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 7.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
mToolkit
MuVo Driver
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
OLYMPUS Master 2
Online Bible 10.20.03
PaperPort Image Printer
PowerDVD 5.5
QB Desktop Repair Utility
QuickBooks
QuickBooks Pro 2011
QuickSet
QuickVerse 7.0
RealPlayer Basic
Risk II (remove only)
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SupportSoft Assisted Service
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 3:03:29 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
9/30/2011 2:00:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/29/2011 2:00:58 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/29/2011 10:02:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/28/2011 4:44:05 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/28/2011 1:57:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/27/2011 4:44:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
9/27/2011 1:57:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.113.240.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
10/2/2011 1:41:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/1/2011 6:48:43 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 00123FD225DA has been denied by the DHCP server 65.24.14.18 (The DHCP Server sent a DHCPNACK message).
10/1/2011 6:48:40 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'ipsec.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/1/2011 5:40:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/1/2011 5:37:28 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
10/1/2011 5:37:28 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/1/2011 5:34:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm MpFilter
10/1/2011 5:06:56 PM, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
10/1/2011 5:06:09 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.
10/1/2011 4:59:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
10/1/2011 4:57:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips IntelIde intelppm IPSec MpFilter MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss Tcpip
10/1/2011 4:57:33 PM, error: Service Control Manager [7001] - The LogMeIn Rescue (402f55e7-8f55-4fb2-b392-fce42af6bec4) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 4:57:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/1/2011 4:22:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/1/2011 4:22:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 4:22:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 4:22:06 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 4:22:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 4:22:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/1/2011 4:21:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/1/2011 4:21:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/1/2011 4:12:45 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/1/2011 4:11:44 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
10/1/2011 4:10:11 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
10/1/2011 4:10:04 PM, error: Dhcp [1002] - The IP address lease 71.65.76.95 for the Network Card with network address 00123FD225DA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm
Advertisement
Register to Remove

Re: MalWare Microsoft Essentials fake error

Unread postby Dakeyras » October 6th, 2011, 3:00 am

Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is the extremely severe Zero Access Rootkit plus undoubtedly other compromising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine(anything I try may not be successful) but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 6th, 2011, 4:45 am

I was considering wiping the machine and reinstalling everything from scratch anyway. I have been using my backup computer. I have a question. Backed up some files from the infected computer to a jump drive then scanned them on the new computer with malware bytes and microsoft security essentials. Both showed the usb to be clean and I then loaded files on to my new computer. Was this okay, or should I check this computer also? I did a scan yesterday and found ProgramWin32/PowerRegScheduler threat level medium with Micrsoft SE. Microsoft then removed the threat. Is this related to the other problem? I am getting ready to scan my computern (the back up one I am using now) with MalwareBytes.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby Dakeyras » October 6th, 2011, 5:13 pm

Hi. :)

Backed up some files from the infected computer to a jump drive then scanned them on the new computer with malware bytes and microsoft security essentials. Both showed the usb to be clean and I then loaded files on to my new computer. Was this okay, or should I check this computer also?
Should be fine, though if you so wish I do not mind checking the machine for you, just let myself know which Operating System it has if you do. Probably be prudent to secure your USB Drive though as a precaution, we can do this via the other machine you mentioned, though again I would need to know the exact Operating System in use.

I did a scan yesterday and found ProgramWin32/PowerRegScheduler threat level medium with Micrsoft SE. Microsoft then removed the threat. Is this related to the other problem?
In the great scheme of things it is not that major and no it is not related to the Rootkit on the other machine. This resource explains about the infection found and removed by MSE, here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 6th, 2011, 8:17 pm

By Op System I suppose you mean XP? My backup, new primary is a Dell Inspiron 5100. I believe it is XP.

Should I run a DDS log for it?

I had another question/statement.
I have called my credit cards and am having them changed. I am closing old bank accounts and opening new ones. I have changed almost all of my passwords and will change the rest. I filed a police report and am going to put a fraud alert in w/ the Credit Bureaus. Hope this isn't overkill. But I think I prefer the peace of mind.

The police officer suggested i call my internet provider and have them stop service in case my modem is compromised. Is this necessary? I mean would it do any good? And would it help the internet provider in stopping this kind of thing? Sorry a lot of questions, I have been pretty busy with this along with a million other things.

Thanks for your warning. So far I have gotten everything changed without any problems or any of my accounts being infected. Now I just have to get my credit score covered.

Thanks for all your help. Just let me know what you need from me or if I can tell you more about my experience with this problem.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 6th, 2011, 8:20 pm

I had another question. Would a wireless router help me be more secure? Would it act as a secondary firewall or something?

The police officer suggested the hackers might be able to access my new computer if the modem is compromised. Is there any validity to this?
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 6th, 2011, 10:33 pm

Ok. So, my back up computer is now acting screwy. Slow. When I turn it off and turn it on, the little red Microsoft SE tent is red and then turns green. This computer was fine earlier today. I don't have a clue what could have caused it to act screwy. I will now post the DDS logs for it.
When I first checked the firewall, it said I couldn't access it, then it let me and showed it was on. I am wondering if this isn't something turning off MSE and saying it is on. After I post the DDS logs, I will unhook from Internet for tonight and then run malwarebytes. I will log back in in morning before work.
Thanks again.
Here is DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Monica at 22:29:18 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.120 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 9490254216
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{68FF5E6A-1BF5-405E-888D-0C160D163365} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\monica\application data\mozilla\firefox\profiles\m4wk9ksw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-11 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl0a5dc6be;MpKsl0a5dc6be;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl0a5dc6be.sys [2011-10-6 28752]
R1 MpKsl58649dd0;MpKsl58649dd0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl58649dd0.sys [2011-10-6 28752]
R1 MpKsla6b3ec97;MpKsla6b3ec97;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsla6b3ec97.sys [2011-10-6 28752]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-11 297752]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-3 245760]
S1 MpKsl17914800;MpKsl17914800;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\mpksl17914800.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\MpKsl17914800.sys [?]
S1 MpKsl7f689b91;MpKsl7f689b91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\mpksl7f689b91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\MpKsl7f689b91.sys [?]
.
=============== Created Last 30 ================
.
2011-10-07 02:16:26 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl0a5dc6be.sys
2011-10-07 02:13:20 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl58649dd0.sys
2011-10-06 23:59:45 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsla6b3ec97.sys
2011-10-06 23:57:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\offreg.dll
2011-10-06 23:57:40 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\mpengine.dll
2011-10-06 09:02:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 10:44:15 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-04 10:44:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 02:20:17 -------- d-----w- c:\documents and settings\monica\local settings\application data\Scansoft
2011-10-03 23:07:28 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-03 22:41:18 61440 ----a-w- c:\windows\system32\brprtink.dll
2011-10-03 22:40:53 55808 ----a-w- c:\windows\system32\BrUsi09c.dll
2011-10-03 22:40:53 1535488 ----a-w- c:\windows\system32\BrWia09c.dll
2011-10-03 22:40:53 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2011-10-03 22:40:15 -------- d-----w- c:\program files\Browny02
2011-10-03 22:39:08 126976 ------w- c:\windows\system32\BrfxD05b.dll
2011-10-03 22:38:04 5120 ------w- c:\windows\system32\BrDctF2L.dll
2011-10-03 22:38:04 217088 ------w- c:\windows\system32\NSSearch.dll
2011-10-03 22:38:03 73728 ------w- c:\windows\system32\BrDctF2.dll
2011-10-03 22:38:03 3072 ------w- c:\windows\system32\BrDctF2S.dll
2011-10-03 22:38:03 -------- d-----w- c:\program files\Brother
2011-10-03 22:37:54 180224 ------w- c:\windows\system32\BroSNMP.dll
2011-10-03 22:33:20 -------- d-----w- c:\program files\Nuance
2011-10-03 22:30:21 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-10-03 22:30:07 -------- d-----w- c:\program files\ScanSoft
2011-10-03 22:27:50 -------- d-----w- c:\documents and settings\all users\application data\Brother
2011-10-03 22:13:55 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-10-03 22:13:55 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-10-03 22:13:46 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-03 22:13:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-03 21:38:15 -------- d-----w- c:\documents and settings\monica\local settings\application data\Identities
2011-10-03 20:30:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-03 20:30:38 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-03 20:30:38 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-03 20:30:38 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-10-03 20:30:37 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-03 20:30:37 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-10-03 20:30:37 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-03 20:30:37 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-03 20:30:37 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-03 20:30:36 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-03 20:25:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:25:19 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-03 11:25:18 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-03 11:25:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-02 20:40:03 -------- d-----w- c:\documents and settings\monica\application data\OpenOffice.org
2011-10-02 19:52:18 -------- d-----w- c:\documents and settings\monica\local settings\application data\Intuit
2011-10-02 19:32:19 -------- d-----w- c:\documents and settings\all users\application data\Nuance
2011-10-02 19:32:18 -------- d-----w- c:\program files\Intuit
2011-10-02 19:32:18 -------- d-----w- c:\program files\common files\Intuit
2011-10-02 19:32:18 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2011-10-02 19:31:12 -------- d-----w- c:\documents and settings\all users\application data\SQL Anywhere 11
2011-10-02 19:31:03 -------- d-----w- c:\documents and settings\all users\application data\COMMON FILES
2011-10-02 19:27:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-10-02 19:26:00 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-02 19:25:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-10-02 19:25:00 117760 ------w- c:\windows\system32\prntvpt.dll
2011-10-02 19:24:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-10-02 19:24:59 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-02 19:24:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-10-02 19:24:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-10-02 19:24:57 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-10-02 19:24:57 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-10-02 19:17:59 -------- d-----w- c:\program files\MSXML 4.0
2011-10-02 19:03:52 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-02 19:00:29 -------- d-----w- c:\windows\Intuit
2011-10-02 18:28:59 -------- d-----w- C:\mbam.com
2011-10-02 18:01:55 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-10-02 17:59:57 -------- d-----w- c:\documents and settings\monica\application data\Malwarebytes
2011-10-02 17:58:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-02 17:58:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-02 17:58:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-10-02 13:41:42 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-02 13:40:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-02 13:38:15 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-02 13:37:39 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-02 13:36:05 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-02 13:35:40 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-02 13:35:39 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-02 13:32:27 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-02 13:31:57 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-02 13:31:08 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-02 13:20:16 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-02 13:17:41 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-02 13:17:34 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-02 13:17:31 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-02 13:17:26 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-02 13:17:24 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-02 13:17:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-02 13:17:08 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-02 13:08:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-02 13:03:29 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-10-02 13:03:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-02 12:58:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-02 12:56:22 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-02 12:56:00 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-10-02 12:56:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-10-02 12:50:28 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-10-02 12:49:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-09 09:12:13 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-10-02 13:26:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-10-02 12:50:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2011-10-02 12:50:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:30:35.29 ===============
Here is Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2009 5:23:57 PM
System Uptime: 10/6/2011 10:14:40 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 09U807
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 24.771 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP23: 10/2/2011 8:51:42 AM - Avg8 Update
RP24: 10/2/2011 9:27:55 AM - Avg8 Update
RP25: 10/2/2011 9:45:44 AM - Software Distribution Service 3.0
RP26: 10/2/2011 2:55:54 PM - Software Distribution Service 3.0
RP27: 10/2/2011 3:25:32 PM - Installed Windows KB954550-v5.
RP28: 10/2/2011 3:25:48 PM - Printer Driver Microsoft XPS Document Writer Installed
RP29: 10/2/2011 3:26:07 PM - Printer Driver Microsoft XPS Document Writer Installed
RP30: 10/3/2011 10:29:09 AM - Avg8 Update
RP31: 10/3/2011 4:34:23 PM - Software Distribution Service 3.0
RP32: 10/3/2011 6:30:00 PM - Installed ScanSoft PaperPort 11
RP33: 10/3/2011 6:33:19 PM - Installed PaperPort Image Printer
RP34: 10/3/2011 6:33:58 PM - Unsigned printer driver Generic IBM Graphics 9pin installed.
RP35: 10/3/2011 6:34:16 PM - Printer Driver Nuance Image Printer Driver Installed
RP36: 10/3/2011 6:37:31 PM - Installed Brother Software Suite
RP37: 10/3/2011 6:42:09 PM - Unsigned printer driver Brother PC-FAX v.2.1 installed.
RP38: 10/3/2011 7:02:17 PM - Software Distribution Service 3.0
RP39: 10/4/2011 6:42:49 AM - Installed Java(TM) 6 Update 26
RP40: 10/4/2011 7:28:37 AM - Software Distribution Service 3.0
RP41: 10/4/2011 4:53:17 PM - Software Distribution Service 3.0
RP42: 10/5/2011 5:36:54 PM - System Checkpoint
RP43: 10/5/2011 6:44:32 PM - Software Distribution Service 3.0
RP44: 10/6/2011 7:57:30 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AccessDirect
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Brother MFL-Pro Suite MFC-J265W
C-Major Audio
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 3.0
PaperPort Image Printer
PowerDVD
QuickBooks
QuickBooks Pro 2011
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel AC97 Audio Drivers
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/3/2011 9:35:24 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
10/3/2011 10:22:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBIDPService service to connect.
10/3/2011 10:22:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
.
==== End Of File ===========================
Thanks again for all of your help. This appears to be turning into a bigger headache than I thought.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 6th, 2011, 10:35 pm

Ok. So, my back up computer is now acting screwy. Slow. When I turn it off and turn it on, the little red Microsoft SE tent is red and then turns green. This computer was fine earlier today. I don't have a clue what could have caused it to act screwy. I will now post the DDS logs for it.
When I first checked the firewall, it said I couldn't access it, then it let me and showed it was on. I am wondering if this isn't something turning off MSE and saying it is on. After I post the DDS logs, I will unhook from Internet for tonight and then run malwarebytes. I will log back in in morning before work.
Thanks again.
Here is DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Monica at 22:29:18 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.120 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 9490254216
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{68FF5E6A-1BF5-405E-888D-0C160D163365} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\monica\application data\mozilla\firefox\profiles\m4wk9ksw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-11 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl0a5dc6be;MpKsl0a5dc6be;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl0a5dc6be.sys [2011-10-6 28752]
R1 MpKsl58649dd0;MpKsl58649dd0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl58649dd0.sys [2011-10-6 28752]
R1 MpKsla6b3ec97;MpKsla6b3ec97;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsla6b3ec97.sys [2011-10-6 28752]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-11 297752]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-3 245760]
S1 MpKsl17914800;MpKsl17914800;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\mpksl17914800.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\MpKsl17914800.sys [?]
S1 MpKsl7f689b91;MpKsl7f689b91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\mpksl7f689b91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\MpKsl7f689b91.sys [?]
.
=============== Created Last 30 ================
.
2011-10-07 02:16:26 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl0a5dc6be.sys
2011-10-07 02:13:20 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl58649dd0.sys
2011-10-06 23:59:45 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsla6b3ec97.sys
2011-10-06 23:57:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\offreg.dll
2011-10-06 23:57:40 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\mpengine.dll
2011-10-06 09:02:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 10:44:15 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-04 10:44:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 02:20:17 -------- d-----w- c:\documents and settings\monica\local settings\application data\Scansoft
2011-10-03 23:07:28 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-03 22:41:18 61440 ----a-w- c:\windows\system32\brprtink.dll
2011-10-03 22:40:53 55808 ----a-w- c:\windows\system32\BrUsi09c.dll
2011-10-03 22:40:53 1535488 ----a-w- c:\windows\system32\BrWia09c.dll
2011-10-03 22:40:53 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2011-10-03 22:40:15 -------- d-----w- c:\program files\Browny02
2011-10-03 22:39:08 126976 ------w- c:\windows\system32\BrfxD05b.dll
2011-10-03 22:38:04 5120 ------w- c:\windows\system32\BrDctF2L.dll
2011-10-03 22:38:04 217088 ------w- c:\windows\system32\NSSearch.dll
2011-10-03 22:38:03 73728 ------w- c:\windows\system32\BrDctF2.dll
2011-10-03 22:38:03 3072 ------w- c:\windows\system32\BrDctF2S.dll
2011-10-03 22:38:03 -------- d-----w- c:\program files\Brother
2011-10-03 22:37:54 180224 ------w- c:\windows\system32\BroSNMP.dll
2011-10-03 22:33:20 -------- d-----w- c:\program files\Nuance
2011-10-03 22:30:21 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-10-03 22:30:07 -------- d-----w- c:\program files\ScanSoft
2011-10-03 22:27:50 -------- d-----w- c:\documents and settings\all users\application data\Brother
2011-10-03 22:13:55 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-10-03 22:13:55 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-10-03 22:13:46 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-03 22:13:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-03 21:38:15 -------- d-----w- c:\documents and settings\monica\local settings\application data\Identities
2011-10-03 20:30:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-03 20:30:38 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-03 20:30:38 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-03 20:30:38 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-10-03 20:30:37 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-03 20:30:37 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-10-03 20:30:37 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-03 20:30:37 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-03 20:30:37 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-03 20:30:36 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-03 20:25:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:25:19 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-03 11:25:18 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-03 11:25:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-02 20:40:03 -------- d-----w- c:\documents and settings\monica\application data\OpenOffice.org
2011-10-02 19:52:18 -------- d-----w- c:\documents and settings\monica\local settings\application data\Intuit
2011-10-02 19:32:19 -------- d-----w- c:\documents and settings\all users\application data\Nuance
2011-10-02 19:32:18 -------- d-----w- c:\program files\Intuit
2011-10-02 19:32:18 -------- d-----w- c:\program files\common files\Intuit
2011-10-02 19:32:18 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2011-10-02 19:31:12 -------- d-----w- c:\documents and settings\all users\application data\SQL Anywhere 11
2011-10-02 19:31:03 -------- d-----w- c:\documents and settings\all users\application data\COMMON FILES
2011-10-02 19:27:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-10-02 19:26:00 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-02 19:25:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-10-02 19:25:00 117760 ------w- c:\windows\system32\prntvpt.dll
2011-10-02 19:24:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-10-02 19:24:59 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-02 19:24:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-10-02 19:24:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-10-02 19:24:57 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-10-02 19:24:57 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-10-02 19:17:59 -------- d-----w- c:\program files\MSXML 4.0
2011-10-02 19:03:52 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-02 19:00:29 -------- d-----w- c:\windows\Intuit
2011-10-02 18:28:59 -------- d-----w- C:\mbam.com
2011-10-02 18:01:55 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-10-02 17:59:57 -------- d-----w- c:\documents and settings\monica\application data\Malwarebytes
2011-10-02 17:58:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-02 17:58:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-02 17:58:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-10-02 13:41:42 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-02 13:40:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-02 13:38:15 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-02 13:37:39 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-02 13:36:05 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-02 13:35:40 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-02 13:35:39 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-02 13:32:27 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-02 13:31:57 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-02 13:31:08 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-02 13:20:16 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-02 13:17:41 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-02 13:17:34 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-02 13:17:31 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-02 13:17:26 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-02 13:17:24 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-02 13:17:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-02 13:17:08 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-02 13:08:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-02 13:03:29 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-10-02 13:03:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-02 12:58:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-02 12:56:22 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-02 12:56:00 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-10-02 12:56:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-10-02 12:50:28 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-10-02 12:49:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-09 09:12:13 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-10-02 13:26:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-10-02 12:50:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2011-10-02 12:50:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:30:35.29 ===============
Here is Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2009 5:23:57 PM
System Uptime: 10/6/2011 10:14:40 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 09U807
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 24.771 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP23: 10/2/2011 8:51:42 AM - Avg8 Update
RP24: 10/2/2011 9:27:55 AM - Avg8 Update
RP25: 10/2/2011 9:45:44 AM - Software Distribution Service 3.0
RP26: 10/2/2011 2:55:54 PM - Software Distribution Service 3.0
RP27: 10/2/2011 3:25:32 PM - Installed Windows KB954550-v5.
RP28: 10/2/2011 3:25:48 PM - Printer Driver Microsoft XPS Document Writer Installed
RP29: 10/2/2011 3:26:07 PM - Printer Driver Microsoft XPS Document Writer Installed
RP30: 10/3/2011 10:29:09 AM - Avg8 Update
RP31: 10/3/2011 4:34:23 PM - Software Distribution Service 3.0
RP32: 10/3/2011 6:30:00 PM - Installed ScanSoft PaperPort 11
RP33: 10/3/2011 6:33:19 PM - Installed PaperPort Image Printer
RP34: 10/3/2011 6:33:58 PM - Unsigned printer driver Generic IBM Graphics 9pin installed.
RP35: 10/3/2011 6:34:16 PM - Printer Driver Nuance Image Printer Driver Installed
RP36: 10/3/2011 6:37:31 PM - Installed Brother Software Suite
RP37: 10/3/2011 6:42:09 PM - Unsigned printer driver Brother PC-FAX v.2.1 installed.
RP38: 10/3/2011 7:02:17 PM - Software Distribution Service 3.0
RP39: 10/4/2011 6:42:49 AM - Installed Java(TM) 6 Update 26
RP40: 10/4/2011 7:28:37 AM - Software Distribution Service 3.0
RP41: 10/4/2011 4:53:17 PM - Software Distribution Service 3.0
RP42: 10/5/2011 5:36:54 PM - System Checkpoint
RP43: 10/5/2011 6:44:32 PM - Software Distribution Service 3.0
RP44: 10/6/2011 7:57:30 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AccessDirect
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Brother MFL-Pro Suite MFC-J265W
C-Major Audio
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 3.0
PaperPort Image Printer
PowerDVD
QuickBooks
QuickBooks Pro 2011
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel AC97 Audio Drivers
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/3/2011 9:35:24 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
10/3/2011 10:22:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBIDPService service to connect.
10/3/2011 10:22:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
.
==== End Of File ===========================
Thanks again for all of your help. This appears to be turning into a bigger headache than I thought.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 6th, 2011, 10:38 pm

Ok. So, my back up computer is now acting screwy. Slow. When I turn it off and turn it on, the little red Microsoft SE tent is red and then turns green. This computer was fine earlier today. I don't have a clue what could have caused it to act screwy. I will now post the DDS logs for it.
When I first checked the firewall, it said I couldn't access it, then it let me and showed it was on. I am wondering if this isn't something turning off MSE and saying it is on. After I post the DDS logs, I will unhook from Internet for tonight and then run malwarebytes. I will log back in in morning before work.
Thanks again.
Here is DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Monica at 22:29:18 on 2011-10-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.120 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 9490254216
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{68FF5E6A-1BF5-405E-888D-0C160D163365} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\monica\application data\mozilla\firefox\profiles\m4wk9ksw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-11 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl0a5dc6be;MpKsl0a5dc6be;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl0a5dc6be.sys [2011-10-6 28752]
R1 MpKsl58649dd0;MpKsl58649dd0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl58649dd0.sys [2011-10-6 28752]
R1 MpKsla6b3ec97;MpKsla6b3ec97;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsla6b3ec97.sys [2011-10-6 28752]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-11 297752]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-3 245760]
S1 MpKsl17914800;MpKsl17914800;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\mpksl17914800.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\MpKsl17914800.sys [?]
S1 MpKsl7f689b91;MpKsl7f689b91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\mpksl7f689b91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53b1df41-f082-4f33-98f5-bdb99e530817}\MpKsl7f689b91.sys [?]
.
=============== Created Last 30 ================
.
2011-10-07 02:16:26 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl0a5dc6be.sys
2011-10-07 02:13:20 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsl58649dd0.sys
2011-10-06 23:59:45 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\MpKsla6b3ec97.sys
2011-10-06 23:57:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\offreg.dll
2011-10-06 23:57:40 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b2f6adc-5159-4311-8986-5c9244715044}\mpengine.dll
2011-10-06 09:02:51 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 10:44:15 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-04 10:44:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-04 02:20:17 -------- d-----w- c:\documents and settings\monica\local settings\application data\Scansoft
2011-10-03 23:07:28 -------- d-----w- c:\windows\SxsCaPendDel
2011-10-03 22:41:18 61440 ----a-w- c:\windows\system32\brprtink.dll
2011-10-03 22:40:53 55808 ----a-w- c:\windows\system32\BrUsi09c.dll
2011-10-03 22:40:53 1535488 ----a-w- c:\windows\system32\BrWia09c.dll
2011-10-03 22:40:53 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2011-10-03 22:40:15 -------- d-----w- c:\program files\Browny02
2011-10-03 22:39:08 126976 ------w- c:\windows\system32\BrfxD05b.dll
2011-10-03 22:38:04 5120 ------w- c:\windows\system32\BrDctF2L.dll
2011-10-03 22:38:04 217088 ------w- c:\windows\system32\NSSearch.dll
2011-10-03 22:38:03 73728 ------w- c:\windows\system32\BrDctF2.dll
2011-10-03 22:38:03 3072 ------w- c:\windows\system32\BrDctF2S.dll
2011-10-03 22:38:03 -------- d-----w- c:\program files\Brother
2011-10-03 22:37:54 180224 ------w- c:\windows\system32\BroSNMP.dll
2011-10-03 22:33:20 -------- d-----w- c:\program files\Nuance
2011-10-03 22:30:21 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-10-03 22:30:07 -------- d-----w- c:\program files\ScanSoft
2011-10-03 22:27:50 -------- d-----w- c:\documents and settings\all users\application data\Brother
2011-10-03 22:13:55 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-10-03 22:13:55 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-10-03 22:13:46 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-10-03 22:13:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-10-03 21:38:15 -------- d-----w- c:\documents and settings\monica\local settings\application data\Identities
2011-10-03 20:30:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-03 20:30:38 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-03 20:30:38 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-03 20:30:38 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-10-03 20:30:37 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-03 20:30:37 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-10-03 20:30:37 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-03 20:30:37 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-03 20:30:37 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-03 20:30:36 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-03 20:25:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:25:19 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-03 11:25:18 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-03 11:25:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-02 20:40:03 -------- d-----w- c:\documents and settings\monica\application data\OpenOffice.org
2011-10-02 19:52:18 -------- d-----w- c:\documents and settings\monica\local settings\application data\Intuit
2011-10-02 19:32:19 -------- d-----w- c:\documents and settings\all users\application data\Nuance
2011-10-02 19:32:18 -------- d-----w- c:\program files\Intuit
2011-10-02 19:32:18 -------- d-----w- c:\program files\common files\Intuit
2011-10-02 19:32:18 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2011-10-02 19:31:12 -------- d-----w- c:\documents and settings\all users\application data\SQL Anywhere 11
2011-10-02 19:31:03 -------- d-----w- c:\documents and settings\all users\application data\COMMON FILES
2011-10-02 19:27:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-10-02 19:26:00 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-10-02 19:25:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-10-02 19:25:00 117760 ------w- c:\windows\system32\prntvpt.dll
2011-10-02 19:24:59 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-10-02 19:24:59 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-10-02 19:24:59 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-10-02 19:24:59 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-10-02 19:24:57 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-10-02 19:24:57 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-10-02 19:17:59 -------- d-----w- c:\program files\MSXML 4.0
2011-10-02 19:03:52 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-02 19:00:29 -------- d-----w- c:\windows\Intuit
2011-10-02 18:28:59 -------- d-----w- C:\mbam.com
2011-10-02 18:01:55 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-10-02 17:59:57 -------- d-----w- c:\documents and settings\monica\application data\Malwarebytes
2011-10-02 17:58:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-02 17:58:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-02 17:58:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-10-02 13:41:42 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-10-02 13:40:34 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-10-02 13:38:15 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-10-02 13:37:39 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-10-02 13:36:05 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-10-02 13:35:40 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-10-02 13:35:39 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-10-02 13:32:27 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-10-02 13:31:57 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-10-02 13:31:08 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-10-02 13:20:16 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-10-02 13:17:41 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-10-02 13:17:34 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-10-02 13:17:31 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-10-02 13:17:26 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-10-02 13:17:24 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-10-02 13:17:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-10-02 13:17:08 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-10-02 13:08:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-10-02 13:03:29 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-10-02 13:03:11 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-10-02 12:58:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-02 12:56:22 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-10-02 12:56:00 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-10-02 12:56:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-10-02 12:50:28 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-10-02 12:49:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-09-09 09:12:13 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-10-02 13:26:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-10-02 12:50:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2011-10-02 12:50:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:30:35.29 ===============
Here is Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2009 5:23:57 PM
System Uptime: 10/6/2011 10:14:40 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 09U807
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2657/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 24.771 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP23: 10/2/2011 8:51:42 AM - Avg8 Update
RP24: 10/2/2011 9:27:55 AM - Avg8 Update
RP25: 10/2/2011 9:45:44 AM - Software Distribution Service 3.0
RP26: 10/2/2011 2:55:54 PM - Software Distribution Service 3.0
RP27: 10/2/2011 3:25:32 PM - Installed Windows KB954550-v5.
RP28: 10/2/2011 3:25:48 PM - Printer Driver Microsoft XPS Document Writer Installed
RP29: 10/2/2011 3:26:07 PM - Printer Driver Microsoft XPS Document Writer Installed
RP30: 10/3/2011 10:29:09 AM - Avg8 Update
RP31: 10/3/2011 4:34:23 PM - Software Distribution Service 3.0
RP32: 10/3/2011 6:30:00 PM - Installed ScanSoft PaperPort 11
RP33: 10/3/2011 6:33:19 PM - Installed PaperPort Image Printer
RP34: 10/3/2011 6:33:58 PM - Unsigned printer driver Generic IBM Graphics 9pin installed.
RP35: 10/3/2011 6:34:16 PM - Printer Driver Nuance Image Printer Driver Installed
RP36: 10/3/2011 6:37:31 PM - Installed Brother Software Suite
RP37: 10/3/2011 6:42:09 PM - Unsigned printer driver Brother PC-FAX v.2.1 installed.
RP38: 10/3/2011 7:02:17 PM - Software Distribution Service 3.0
RP39: 10/4/2011 6:42:49 AM - Installed Java(TM) 6 Update 26
RP40: 10/4/2011 7:28:37 AM - Software Distribution Service 3.0
RP41: 10/4/2011 4:53:17 PM - Software Distribution Service 3.0
RP42: 10/5/2011 5:36:54 PM - System Checkpoint
RP43: 10/5/2011 6:44:32 PM - Software Distribution Service 3.0
RP44: 10/6/2011 7:57:30 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AccessDirect
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Brother MFL-Pro Suite MFC-J265W
C-Major Audio
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenOffice.org 3.0
PaperPort Image Printer
PowerDVD
QuickBooks
QuickBooks Pro 2011
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SigmaTel AC97 Audio Drivers
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/3/2011 9:35:24 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
10/3/2011 10:22:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBIDPService service to connect.
10/3/2011 10:22:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
.
==== End Of File ===========================
Thanks again for all of your help. This appears to be turning into a bigger headache than I thought.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby Dakeyras » October 7th, 2011, 5:13 am

Hi. :)

I have called my credit cards and am having them changed. I am closing old bank accounts and opening new ones. I have changed almost all of my passwords and will change the rest. I filed a police report and am going to put a fraud alert in w/ the Credit Bureaus. Hope this isn't overkill. But I think I prefer the peace of mind.
Not overkill in the least...

The police officer suggested i call my internet provider and have them stop service in case my modem is compromised. Is this necessary? I mean would it do any good? And would it help the internet provider in stopping this kind of thing? Sorry a lot of questions, I have been pretty busy with this along with a million other things.
Theoretically if you are referring to a Cable Modem it is possible but myself I have never actually come across such. I do know of instances were a Cable Modem has been modified then sold on but since you most likely got yours from your actual ISP it should be secure and updated automatically Firmware wise by your ISP...one way it could become compromised is if the security of your actual ISP is affected and a attack implemented that way but most ISP's are fairly secure with regard to their servers so I would not be concerned about such occurring to you.

Would a wireless router help me be more secure? Would it act as a secondary firewall or something?
Indeed it would via the Ensure the NAT(Network Address Translation) Firewall, which is basically a Hard-ware Firewall and would provide a extra layer of security.

So, my back up computer is now acting screwy. Slow. When I turn it off and turn it on, the little red Microsoft SE tent is red and then turns green.
Actually this may not be a cause for concern and perfectly normal with MSE at times...what is happening is just after your machine has booted up some services may take longer than others to become fully active depending on what is set to run automatically at start-up. In this case it is MSE being a tad slow though could be contributed to the fact you have another Anti-Virus installed and active in system memory. Which is not good from a security point of view, we will be uninstalling the aforementioned, namely AVG 8.5 which is out of date in due course.

It could also be a sign of malware which I can ascertain during the course of the Malware Removal(check) process...Please take note of the below:-

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Flash Disinfector:

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

AVG 8.5
Java(TM) 6 Update 26 <-- We will update Java in due course.
Java(TM) 6 Update 7

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 7th, 2011, 3:09 pm

At library now. Will go home and try to do the above. Last night, it seemed like I was trying to be blocked in loading the DDS logs to the post. I had to trick it into letting me post it and then I closed it real quick. So I will be trying in a few minutes. Thanks.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 7th, 2011, 3:59 pm

Cannot download flash disenfector. It says "cancelled--bleeping computer".
I await further instruction. And thanks.
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby Dakeyras » October 7th, 2011, 8:25 pm

Hi. :)

Cannot download flash disenfector. It says "cancelled--bleeping computer".
I await further instruction. And thanks.
Do you mean unable to actually download the application via your machine? If so the the link I provided is active, so try again...If you tried downloading from the library you mentioned it may have been blocked by the security in-place.

As it stands there is no reason so far I can ascertain you should not download anything with your machine connected online for the time being...

If in the event the issue is with your machine/your end merely use this alternative(below,Panda USB Vaccine) to disinfect/secure your USB drive then continue with my prior advice downloading/scanning with OTL etc.

Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the Desktop of your machine.

  • Double-click on USBVaccineSetup.exe >> follow the prompts in the installtion wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected.
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> click on Finish.
  • Insert your USB Drive in your machine...it will be automatically vaccinated.
  • Close Panda USB Vaccine via right-clicking on the Panda USB Vaccine system tray icon and selecting Exit.

Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advice would be to keep it installed.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 8th, 2011, 5:12 am

Good Morning,
I figured out why Flash Disinfector wouldn't work. I had security settings to very high and it was cancelling the download. I did both Flash Disinfector and Panda USB Vacc. One question, the Panda had an NTFS (?) option and I had my external hard drive plugged in via USB cable. Now, since I didn't select the NTFS option, it wouldn't scan my external hard drive. What is the best way to scan this device?

My computer is running much fast since removing Java and AVG. I was having trouble accessing malwareremoval forum. I had to clear history and go to a different website before it would let me type it in the address bar. But that may have been due to the high security settings. I will try again before I post the Extras reply.

Here is the OTL.Txt note:
OTL logfile created on: 10/8/2011 4:57:14 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Monica\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.33 Mb Total Physical Memory | 158.05 Mb Available Physical Memory | 30.91% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 25.21 Gb Free Space | 67.67% Space Free | Partition Type: NTFS
Drive E: | 246.71 Mb Total Space | 246.71 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: BLUEDELL | User Name: Monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Monica\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)


========== Driver Services (SafeList) ==========

DRV - (MpKsled2b2f97) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{070663EF-524A-4F7A-A21C-00491095D51D}\MpKsled2b2f97.sys (Microsoft Corporation)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1644491937-1935655697-854245398-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 16:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/04 06:44:15 | 000,000,000 | ---D | M]

[2009/04/11 18:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica\Application Data\Mozilla\Extensions
[2011/10/03 16:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Monica\Application Data\Mozilla\Firefox\Profiles\m4wk9ksw.default\extensions
[2011/10/08 04:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MONICA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M4WK9KSW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 20:03:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1644491937-1935655697-854245398-1002..\Run: [Sonic RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\Monica\Start Menu\Programs\Startup\PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Panda Security)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1935655697-854245398-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-1935655697-854245398-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1644491937-1935655697-854245398-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 9490254216 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FF5E6A-1BF5-405E-888D-0C160D163365}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/11 16:43:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/08 04:41:20 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/10/08 04:41:22 | 000,000,000 | RHSD | M] - E:\AUTORUN_.INF -- [ FAT ]
O32 - AutoRun File - [2011/10/08 04:51:52 | 000,000,016 | -H-- | M] () - E:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 04:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/08 04:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/10/08 04:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/10/08 04:41:20 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/10/07 00:41:28 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011/10/06 20:04:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/10/06 05:02:51 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/04 21:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2011/10/04 06:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/10/04 06:44:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/03 22:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Local Settings\Application Data\Scansoft
[2011/10/03 19:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\My Documents\Downloads
[2011/10/03 19:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/10/03 18:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2011/10/03 18:41:18 | 000,061,440 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\brprtink.dll
[2011/10/03 18:40:53 | 001,535,488 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia09c.dll
[2011/10/03 18:40:53 | 000,055,808 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi09c.dll
[2011/10/03 18:40:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/10/03 18:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2011/10/03 18:39:08 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05b.dll
[2011/10/03 18:38:04 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2011/10/03 18:38:04 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2011/10/03 18:38:03 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2011/10/03 18:38:03 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2011/10/03 18:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2011/10/03 18:37:54 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2011/10/03 18:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Application Data\InstallShield
[2011/10/03 18:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2011/10/03 18:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/10/03 18:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PaperPort 11
[2011/10/03 18:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2011/10/03 18:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2011/10/03 18:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/10/03 18:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2011/10/03 18:13:55 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011/10/03 18:13:46 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011/10/03 17:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Local Settings\Application Data\Identities
[2011/10/03 16:25:19 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/03 07:25:18 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/10/03 07:25:18 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/10/03 07:17:55 | 014,045,800 | ---- | C] (Mozilla) -- C:\Documents and Settings\Monica\Desktop\Firefox Setup 7.0.1.exe
[2011/10/02 17:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\My Documents\Tad's Resume
[2011/10/02 17:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\My Documents\Roofing Estimates and Material Lists
[2011/10/02 17:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\My Documents\Monica's Resume
[2011/10/02 17:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\My Documents\GArageGymEquipment
[2011/10/02 16:41:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monica\Desktop\My Documents
[2011/10/02 16:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Application Data\OpenOffice.org
[2011/10/02 16:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Desktop\Roofing Estimates and Material Lists
[2011/10/02 16:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Application Data\Macromedia
[2011/10/02 16:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Application Data\Adobe
[2011/10/02 15:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Local Settings\Application Data\Intuit
[2011/10/02 15:52:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Monica\Start Menu\Programs\Administrative Tools
[2011/10/02 15:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/10/02 15:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/10/02 15:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2011/10/02 15:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/02 15:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2011/10/02 15:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2011/10/02 15:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/02 15:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/10/02 15:27:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/10/02 15:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/10/02 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/10/02 15:25:00 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/10/02 15:25:00 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/10/02 15:24:59 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/10/02 15:24:59 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/10/02 15:24:57 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/10/02 15:24:57 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/10/02 15:22:20 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/10/02 15:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/10/02 15:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/02 15:00:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2011/10/02 14:28:59 | 000,000,000 | ---D | C] -- C:\mbam.com
[2011/10/02 14:01:55 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/10/02 13:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Monica\Application Data\Malwarebytes
[2011/10/02 13:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/02 13:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/02 13:58:47 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/02 13:58:46 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/10/02 13:54:33 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Monica\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/02 09:40:34 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/10/02 09:38:15 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/10/02 09:37:39 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/10/02 09:36:05 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/10/02 09:35:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/10/02 09:35:39 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/10/02 09:32:27 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/10/02 09:31:08 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/10/02 09:20:16 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/10/02 09:08:32 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/10/02 09:03:11 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/10/02 08:58:36 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/10/02 08:56:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/10/02 08:56:00 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/10/02 08:50:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/10/02 08:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/02 08:42:36 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Monica\Desktop\mseinstall.exe
[2011/09/09 05:12:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 04:49:38 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\Monica\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/08 04:37:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/08 04:32:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/06 22:43:27 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/04 13:45:19 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/04 07:37:46 | 000,472,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/04 07:37:46 | 000,079,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/04 07:29:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/03 22:18:58 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/03 18:42:51 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2011/10/03 18:42:22 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/03 18:42:22 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2011/10/03 18:41:45 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/03 18:41:38 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/03 16:30:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Monica\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/03 16:30:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/03 16:25:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/03 07:18:37 | 014,045,800 | ---- | M] (Mozilla) -- C:\Documents and Settings\Monica\Desktop\Firefox Setup 7.0.1.exe
[2011/10/02 16:38:23 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Monica\Desktop\Calculator.lnk
[2011/10/02 15:48:53 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2011.lnk
[2011/10/02 15:48:53 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,378 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Get More Customers with Intuit.lnk
[2011/10/02 14:30:58 | 000,000,407 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/02 13:54:52 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Monica\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/02 08:55:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/02 08:48:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/02 08:42:49 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Monica\Desktop\mseinstall.exe
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/08 04:49:38 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\Monica\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
[2011/10/03 22:17:32 | 000,258,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/03 18:42:51 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2011/10/03 18:42:22 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/10/03 18:42:21 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/10/03 18:41:45 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2011/10/03 18:41:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/10/03 18:39:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/10/03 18:32:23 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011/10/03 16:30:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/03 16:30:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/02 17:26:09 | 001,676,676 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 018.jpg
[2011/10/02 17:26:08 | 001,584,681 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 016.jpg
[2011/10/02 17:26:08 | 001,538,807 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 017.jpg
[2011/10/02 17:26:07 | 001,715,774 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 014.jpg
[2011/10/02 17:26:07 | 001,534,090 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 015.jpg
[2011/10/02 17:26:06 | 001,580,819 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 013.jpg
[2011/10/02 17:26:05 | 001,704,142 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 012.jpg
[2011/10/02 17:26:04 | 001,801,755 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 009.jpg
[2011/10/02 17:26:04 | 001,732,180 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 010.jpg
[2011/10/02 17:26:04 | 001,522,894 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 011.jpg
[2011/10/02 17:26:03 | 003,021,279 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 008.jpg
[2011/10/02 17:26:03 | 002,957,425 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 005.jpg
[2011/10/02 17:26:03 | 002,946,281 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 006.jpg
[2011/10/02 17:26:03 | 002,944,098 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 007.jpg
[2011/10/02 17:26:02 | 002,989,532 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 004.jpg
[2011/10/02 17:26:02 | 002,943,639 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 003.jpg
[2011/10/02 17:26:00 | 003,055,302 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 001.jpg
[2011/10/02 17:26:00 | 003,008,340 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 002.jpg
[2011/10/02 17:25:59 | 000,108,934 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\2852808_display.jpg
[2011/10/02 17:25:59 | 000,096,250 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\2852829_display.jpg
[2011/10/02 17:25:59 | 000,057,942 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\2852757_display.jpg
[2011/10/02 17:25:20 | 000,696,342 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\doggie.JPG
[2011/10/02 17:25:19 | 001,524,114 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 024.jpg
[2011/10/02 17:25:18 | 001,617,795 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 022.jpg
[2011/10/02 17:25:18 | 001,610,138 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 023.jpg
[2011/10/02 17:25:18 | 001,609,217 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 021.jpg
[2011/10/02 17:25:18 | 001,528,848 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 020.jpg
[2011/10/02 17:25:17 | 001,738,742 | ---- | C] () -- C:\Documents and Settings\Monica\My Documents\august2011 019.jpg
[2011/10/02 16:38:12 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Monica\Desktop\Calculator.lnk
[2011/10/02 15:48:53 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2011.lnk
[2011/10/02 15:48:53 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Process Credit Cards & eChecks in QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Checks & More for QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Support for QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Payroll for QuickBooks.lnk
[2011/10/02 15:48:53 | 000,001,378 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Get More Customers with Intuit.lnk
[2011/10/02 15:31:13 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/02 13:59:01 | 000,000,407 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/02 08:56:33 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/02 08:55:17 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/02 08:50:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2009/04/11 21:54:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2009/04/11 20:56:03 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009/04/11 18:53:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/11 18:35:37 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/11 17:24:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/11 16:39:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/11 12:22:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/11 12:21:16 | 000,127,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,472,400 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,079,080 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm

Re: MalWare Microsoft Essentials fake error

Unread postby t-risk7 » October 8th, 2011, 5:15 am

Ok. I can access MWR site easier now.
Here is the Extras.Txt note:
OTL Extras logfile created on: 10/8/2011 4:57:14 AM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Monica\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.33 Mb Total Physical Memory | 158.05 Mb Available Physical Memory | 30.91% Memory free
1.22 Gb Paging File | 0.81 Gb Available in Paging File | 66.08% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 25.21 Gb Free Space | 67.67% Space Free | Partition Type: NTFS
Drive E: | 246.71 Mb Total Space | 246.71 Mb Free Space | 100.00% Space Free | Partition Type: FAT

Computer Name: BLUEDELL | User Name: Monica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1644491937-1935655697-854245398-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe:*:Disabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J265W
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2011 1:02:55 PM | Computer Name = BLUEDELL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2011 1:05:39 PM | Computer Name = BLUEDELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2011 1:05:40 PM | Computer Name = BLUEDELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2011 1:05:48 PM | Computer Name = BLUEDELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2011 3:59:23 PM | Computer Name = BLUEDELL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/10/06 15:59:23.135]: [00002244]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 10/6/2011 7:44:55 PM | Computer Name = BLUEDELL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/10/06 19:44:55.591]: [00000816]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 10/6/2011 10:01:36 PM | Computer Name = BLUEDELL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/10/06 22:01:35.644]: [00000816]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5

Error - 10/7/2011 3:42:12 PM | Computer Name = BLUEDELL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/10/07 15:42:12.127]: [00001800]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 10/8/2011 4:40:51 AM | Computer Name = BLUEDELL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/10/08 04:40:51.982]: [00001808]: CUsbScnDev: DeviceIoControl
Illegal response

Error - 10/8/2011 4:40:53 AM | Computer Name = BLUEDELL | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/10/08 04:40:53.094]: [00001808]: CUsbScnDev: DeviceIoControl
Illegal response

[ System Events ]
Error - 10/3/2011 7:14:30 AM | Computer Name = BLUEDELL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 184.58.62.15 on
the Network Card with network address 000D56AEC8DC.

Error - 10/3/2011 9:35:24 PM | Computer Name = BLUEDELL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >
t-risk7
Regular Member
 
Posts: 118
Joined: July 7th, 2010, 12:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware