[Inactive] search.imesh.net... how to get rid of it?
Page 1 of 2 12 LastLast
Results 1 to 15 of 20

Thread: [Inactive] search.imesh.net... how to get rid of it?

  1. #1
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193

    [Inactive] search.imesh.net... how to get rid of it?

    Somehow this malware has gotten onto my sister's computer and I am trying to help her fix it. It redirects the home page from google to search.imesh.net. The computer is running awfully slow (not that it was very fast to begin with but now it is worse). Also, I don't know if this has anything to do with it but every time I log on the firewall is turned off and I have to turn it back on. If it is not this malware doing this I need to figure out what is causing that to happen. It's just a little Dell notepad but she is disabled and we are trying to teach her how to use a computer before getting her a laptop. She is not savvy enough to know to turn on the firewall every time she boots the computer, though I think we could train her. Any help with these issues would be appreciated. Below are the scans. I also did a scan with Microsoft Security Essentials and it came up clean.

    Malware Bytes

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.20.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    User XP :: DARLAPTOP [administrator]

    2/20/2013 2:09:06 PM
    mbam-log-2013-02-20 (14-09-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211038
    Time elapsed: 8 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ************************************

    ASWMBR

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-20 14:32:36
    -----------------------------
    14:32:36.062 OS Version: Windows 5.1.2600 Service Pack 3
    14:32:36.062 Number of processors: 1 586 0xD08
    14:32:36.062 ComputerName: DARLAPTOP UserName: User XP
    14:32:38.140 Initialize success
    14:33:08.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    14:33:08.562 Disk 0 Vendor: FUJITSU_MHV2080AH 000000A0 Size: 76319MB BusType: 3
    14:33:08.593 Disk 0 MBR read successfully
    14:33:08.609 Disk 0 MBR scan
    14:33:08.625 Disk 0 Windows XP default MBR code
    14:33:08.640 Disk 0 Partition 1 80 (A) 06 FAT16 MSDOS5.0 2047 MB offset 63
    14:33:08.640 Disk 0 Partition - 00 0F Extended LBA 74269 MB offset 4192965
    14:33:08.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 74269 MB offset 4193028
    14:33:08.687 Disk 0 scanning sectors +156296385
    14:33:08.765 Disk 0 scanning D:\WINDOWS\system32\drivers
    14:33:14.171 Service scanning
    14:33:19.875 Service MpKsl244cbbad d:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2082D495-C2CD-4A38-84DF-0E7931F42885}\MpKsl244cbbad.sys **LOCKED** 32
    14:33:27.265 Modules scanning
    14:33:35.031 Disk 0 trace - called modules:
    14:33:36.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
    14:33:36.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dedab8]
    14:33:36.203 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e58770]
    14:33:36.250 Scan finished successfully
    14:34:40.843 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\User XP\Desktop\MBR.dat"
    14:34:40.890 The log file has been saved successfully to "D:\Documents and Settings\User XP\Desktop\aswMBR02-20-13.txt"


    ********************************
    DDS Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/9/2011 3:45:56 PM
    System Uptime: 2/20/2013 1:39:44 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0MG948
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (FAT32) - 2 GiB total, 1.691 GiB free.
    D: is FIXED (NTFS) - 73 GiB total, 62.49 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
    Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_018F1028&REV_03\3&61AAA01&0&10
    Manufacturer: Intel Corporation
    Name: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
    PNP Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_018F1028&REV_03\3&61AAA01&0&10
    Service: ialm
    .
    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
    Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_018F1028&REV_03\3&61AAA01&0&11
    Manufacturer: Intel Corporation
    Name: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
    PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_018F1028&REV_03\3&61AAA01&0&11
    Service: ialm
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme 57xx Gigabit Controller
    Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_018F1028&REV_01\4&2959CBDC&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme 57xx Gigabit Controller
    PNP Device ID: PCI\VEN_14E4&DEV_1677&SUBSYS_018F1028&REV_01\4&2959CBDC&0&00E0
    Service: b57w2k
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: MAC Bridge Miniport
    Device ID: ROOT\MS_BRIDGEMP\0000
    Manufacturer: Microsoft
    Name: MAC Bridge Miniport
    PNP Device ID: ROOT\MS_BRIDGEMP\0000
    Service: BridgeMP
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Infrared Port
    Device ID: ROOT\MS_IRDAMINIPORT\0000
    Manufacturer: Microsoft
    Name: Infrared Port
    PNP Device ID: ROOT\MS_IRDAMINIPORT\0000
    Service: Rasirda
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    Broadcom Gigabit Integrated Controller
    C-Major Audio
    Conexant D110 MDC V.92 Modem
    Encompass360 NetBranch Installation Manager
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    HTC Driver Installer
    HTC Sync
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless WiFi Software
    Java Auto Updater
    Java(TM) 6 Update 25
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/20/2013 1:41:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
    2/17/2013 1:25:55 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
    2/16/2013 6:54:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
    2/16/2013 6:33:01 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
    2/16/2013 6:19:50 PM, error: System Error [1003] - Error code 100000ea, parameter1 89c00ca0, parameter2 89de5c90, parameter3 b8d5fcb4, parameter4 00000001.
    2/16/2013 5:51:19 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified module could not be found.
    2/16/2013 5:51:18 PM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified module could not be found.
    2/16/2013 5:39:38 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80004002 Error description: No such interface supported
    2/16/2013 5:29:33 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    2/16/2013 5:29:32 PM, error: Service Control Manager [7001] - The Remote Access Auto Connection Manager service depends on the Remote Access Connection Manager service which failed to start because of the following error: The specified module could not be found.
    2/16/2013 5:29:29 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The specified module could not be found.
    2/16/2013 5:29:29 PM, error: Service Control Manager [7001] - The Infrared Monitor service depends on the IrDA Protocol service which failed to start because of the following error: The system cannot find the file specified.
    2/16/2013 5:29:29 PM, error: Service Control Manager [7000] - The IrDA Protocol service failed to start due to the following error: The system cannot find the file specified.
    2/13/2013 4:46:33 PM, error: Dhcp [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 00166FA749A2 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    2/13/2013 4:45:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1318.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/13/2013 4:45:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1318.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    2/13/2013 4:45:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1318.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    .
    ==== End Of File ===========================


    DDS

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by User XP at 15:00:50 on 2013-02-20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1455 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    d:\Program Files\Microsoft Security Client\MsMpEng.exe
    D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\System32\SCardSvr.exe
    D:\Program Files\Intel\WiFi\bin\EvtEng.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    D:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    D:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    D:\Program Files\Microsoft Security Client\msseces.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\WINDOWS\system32\wbem\unsecapp.exe
    D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    D:\Program Files\Common Files\Teleca Shared\logger.exe
    D:\Program Files\Common Files\Teleca Shared\Generic.exe
    D:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    D:\WINDOWS\System32\alg.exe
    D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\WINDOWS\System32\svchost.exe -k netsvcs
    D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    D:\WINDOWS\system32\svchost.exe -k NetworkService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k LocalService
    D:\WINDOWS\system32\svchost.exe -k bthsvcs
    D:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=15866
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - d:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
    uRun: [Google Update] "d:\documents and settings\user xp\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [DW6] "d:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [igfxtray] d:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] d:\windows\system32\hkcmd.exe
    mRun: [igfxpers] d:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "d:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "d:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
    mRun: [Mobile Connectivity Suite] "d:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
    mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [Malwarebytes Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{FA792F11-65CA-431C-8DC4-4503E192AFB6} : DHCPNameServer = 192.168.0.1 205.171.3.25
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs=
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\wpdshserviceobj.dll
    Hosts: 127.0.0.1 mpa.one.microsoft.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
    R1 MpKsl244cbbad;MpKsl244cbbad;d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2082d495-c2cd-4a38-84df-0e7931f42885}\MpKsl244cbbad.sys [2013-2-20 29904]
    R3 GTIPCI21;GTIPCI21;d:\windows\system32\drivers\gtipci21.sys [2011-5-9 88192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-02-20 21:32:37 29904 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2082d495-c2cd-4a38-84df-0e7931f42885}\MpKsl244cbbad.sys
    2013-02-20 20:56:05 -------- d-----w- d:\documents and settings\user xp\application data\Malwarebytes
    2013-02-20 20:55:26 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
    2013-02-20 20:55:23 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
    2013-02-20 20:55:23 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
    2013-02-13 23:58:56 6991832 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2082d495-c2cd-4a38-84df-0e7931f42885}\mpengine.dll
    2013-02-01 05:16:56 6991832 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-01-30 19:13:07 -------- d-----w- d:\documents and settings\user xp\local settings\application data\The Weather Channel
    2013-01-29 20:24:01 -------- d-----w- d:\documents and settings\user xp\Incomplete
    2013-01-29 20:23:38 -------- d-----w- d:\documents and settings\user xp\local settings\application data\APN
    2013-01-29 20:23:10 -------- d-----w- d:\documents and settings\all users\application data\Ask
    2013-01-29 20:22:50 -------- d-----w- d:\program files\MP3 Rocket Downloader
    2013-01-29 20:22:42 -------- d-----w- d:\documents and settings\user xp\application data\MP3Rocket
    2013-01-29 20:17:51 -------- d-----w- d:\documents and settings\user xp\local settings\application data\Real
    2013-01-29 20:14:47 -------- d-----w- d:\program files\The Weather Channel FW
    2013-01-29 19:06:11 -------- d-----w- d:\documents and settings\all users\application data\B5D
    2013-01-29 02:55:28 -------- d-----w- d:\documents and settings\user xp\AppData
    2013-01-29 02:55:27 -------- d-----w- d:\documents and settings\user xp\application data\searchresultstb
    2013-01-29 02:54:08 -------- d-----w- d:\documents and settings\all users\application data\boost_interprocess
    2013-01-29 02:49:31 -------- d-----w- d:\program files\iMesh Applications
    2013-01-29 02:43:29 -------- d-----w- d:\documents and settings\user xp\local settings\application data\PackageAware
    .
    ==================== Find3M ====================
    .
    2013-01-30 10:53:21 232336 ------w- d:\windows\system32\MpSigStub.exe
    2012-12-16 12:23:59 290560 ----a-w- d:\windows\system32\atmfd.dll
    .
    ============= FINISH: 15:01:15.98 ===============

  2. #2
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,500
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    =====================================

    Download RogueKiller on the desktop

    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again



    Download Malwarebytes Anti-Rootkit (MBAR) from HERE

    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

  3. #3
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    I did RogueKiller and thought there were 2 reports

    RogueKiller V8.5.1 [Feb 20 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : User XP [Admin rights]
    Mode : Scan -- Date : 02/20/2013 18:46:25
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") [x] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-776561741-2052111302-1417001333-1003[...]\Run : DW6 ("D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") [x] -> FOUND
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> D:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 mpa.one.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHV2080AH +++++
    --- User ---
    [MBR] 3089db04e427a51cf3f88cd765080447
    [BSP] a4f935857ca4866dc1bf36b1f7d6005f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 2047 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4192965 | Size: 74269 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02202013_02d1846.txt >>
    RKreport[1]_S_02202013_02d1846.txt





    RogueKiller V8.5.1 [Feb 20 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : User XP [Admin rights]
    Mode : Remove -- Date : 02/20/2013 18:47:05
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("D:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe") [x] -> DELETED
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> D:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 mpa.one.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHV2080AH +++++
    --- User ---
    [MBR] 3089db04e427a51cf3f88cd765080447
    [BSP] a4f935857ca4866dc1bf36b1f7d6005f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 2047 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 4192965 | Size: 74269 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_02202013_02d1847.txt >>
    RKreport[1]_S_02202013_02d1846.txt ; RKreport[2]_D_02202013_02d1847.txt

    ************************

    Here is the Malwarebytes Anti-Rootkit files

    Malwarebytes Anti-Rootkit BETA 1.01.0.1020
    www.malwarebytes.org

    Database version: v2013.02.21.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    User XP :: DARLAPTOP [administrator]

    2/20/2013 7:26:46 PM
    mbar-log-2013-02-20 (19-26-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 24940
    Time elapsed: 11 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1020

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    Java version: 1.6.0_25

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 2138427392, free: 1585487872

    ------------ Kernel report ------------
    02/20/2013 19:06:23
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    PCIIde.sys
    \WINDOWS\System32\Drivers\PCIIDEX.SYS
    intelide.sys
    pcmcia.sys
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltMgr.sys
    sr.sys
    MpFilter.sys
    KSecDD.sys
    WudfPf.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\gtipci21.sys
    \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    \SystemRoot\system32\DRIVERS\w29n51.sys
    \SystemRoot\system32\drivers\STAC97.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
    \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\smcirda.sys
    \SystemRoot\system32\DRIVERS\irenum.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\DRIVERS\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\s24trans.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \??\D:\WINDOWS\system32\drivers\TrueSight.sys
    \??\d:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{150A9383-91B0-44B6-BF25-4B9B4D6A2E1D}\MpKslbe7cd502.sys
    \??\D:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff89dedab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff89e58770
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.02.21.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff89dedab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff89db9308, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff89dedab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff89e58770, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe29ce8e8, 0xffffffff89dedab8, 0xffffffff88f43ab8
    Lower DeviceData: 0xffffffffe13161d0, 0xffffffff89e58770, 0xffffffff88eda9d8
    <<<3>>>
    Volume: D:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: D:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: D:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9BDF9BDF

    Partition information:

    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 4192902
    Partition file system is FAT32
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 4192965 Numsec = 152103420

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 80026361856 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================

  4. #4
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,500
    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/...-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/windo...ystem-restore/
    - XP: http://support.microsoft.com/kb/948247

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  5. #5
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    ComboFix 13-02-20.01 - User XP 02/21/2013 3:31.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1476 [GMT -7:00]
    Running from: d:\documents and settings\User XP\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    d:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-21 02:06 . 2013-02-21 02:06 35144 ----a-w- d:\windows\system32\drivers\mbamchameleon.sys
    2013-02-21 01:45 . 2013-02-21 01:45 29904 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{150A9383-91B0-44B6-BF25-4B9B4D6A2E1D}\MpKslbe7cd502.sys
    2013-02-21 00:15 . 2013-02-08 00:45 6954968 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{150A9383-91B0-44B6-BF25-4B9B4D6A2E1D}\mpengine.dll
    2013-02-20 23:49 . 2012-06-02 22:19 45080 ----a-w- d:\windows\system32\wups2.dll
    2013-02-20 20:56 . 2013-02-20 20:56 -------- d-----w- d:\documents and settings\User XP\Application Data\Malwarebytes
    2013-02-20 20:55 . 2013-02-20 20:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
    2013-02-20 20:55 . 2013-02-20 20:55 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
    2013-02-20 20:55 . 2012-12-14 23:49 21104 ----a-w- d:\windows\system32\drivers\mbam.sys
    2013-02-17 00:57 . 2013-02-17 00:57 -------- d-----w- d:\program files\Microsoft.NET
    2013-02-14 20:30 . 2012-12-26 20:16 105984 -c----w- d:\windows\system32\dllcache\url.dll
    2013-02-14 20:30 . 2012-12-26 20:16 916480 -c----w- d:\windows\system32\dllcache\wininet.dll
    2013-02-14 20:30 . 2012-12-26 20:16 1212928 -c----w- d:\windows\system32\dllcache\urlmon.dll
    2013-02-13 23:58 . 2013-01-08 04:57 6991832 ----a-w- d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-30 19:13 . 2013-02-17 01:09 -------- d-----w- d:\documents and settings\User XP\Local Settings\Application Data\The Weather Channel
    2013-01-29 20:24 . 2013-01-30 20:52 -------- d-----w- d:\documents and settings\User XP\Incomplete
    2013-01-29 20:23 . 2013-01-29 20:23 -------- d-----w- d:\documents and settings\User XP\Local Settings\Application Data\APN
    2013-01-29 20:23 . 2013-01-29 20:23 -------- d-----w- d:\documents and settings\All Users\Application Data\Ask
    2013-01-29 20:22 . 2013-01-29 20:22 -------- d-----w- d:\program files\MP3 Rocket Downloader
    2013-01-29 20:22 . 2013-02-14 00:42 -------- d-----w- d:\documents and settings\User XP\Application Data\MP3Rocket
    2013-01-29 20:17 . 2013-01-29 20:17 -------- d-----w- d:\documents and settings\User XP\Local Settings\Application Data\Real
    2013-01-29 20:16 . 2013-02-14 00:38 -------- d-----w- d:\program files\Real
    2013-01-29 20:14 . 2013-02-17 01:05 -------- d-----w- d:\program files\The Weather Channel FW
    2013-01-29 19:06 . 2013-01-29 19:06 -------- d-----w- d:\documents and settings\All Users\Application Data\B5D
    2013-01-29 02:55 . 2013-01-29 02:55 -------- d-----w- d:\documents and settings\User XP\AppData
    2013-01-29 02:55 . 2013-01-29 02:55 -------- d-----w- d:\documents and settings\User XP\Application Data\searchresultstb
    2013-01-29 02:54 . 2013-01-29 02:54 -------- d-----w- d:\documents and settings\All Users\Application Data\boost_interprocess
    2013-01-29 02:49 . 2013-02-20 20:40 -------- d-----w- d:\program files\iMesh Applications
    2013-01-29 02:43 . 2013-01-29 02:43 -------- d-----w- d:\documents and settings\User XP\Local Settings\Application Data\PackageAware
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-30 10:53 . 2012-02-14 23:38 232336 ------w- d:\windows\system32\MpSigStub.exe
    2013-01-26 03:55 . 2011-05-09 17:29 552448 ----a-w- d:\windows\system32\oleaut32.dll
    2013-01-07 01:16 . 2011-05-09 17:29 2193024 ----a-w- d:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36 . 2008-04-14 00:01 2069760 ----a-w- d:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2011-05-09 17:30 1867264 ----a-w- d:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2011-05-09 17:29 1292288 ----a-w- d:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2011-05-09 17:29 148992 ----a-w- d:\windows\system32\mpg2splt.ax
    2012-12-26 20:16 . 2011-05-09 17:30 916480 ----a-w- d:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2011-05-09 17:29 43520 ----a-w- d:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2011-05-09 17:29 1469440 ----a-w- d:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2011-05-09 17:28 385024 ----a-w- d:\windows\system32\html.iec
    2012-12-16 12:23 . 2011-05-09 17:28 290560 ----a-w- d:\windows\system32\atmfd.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-01-11 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-15 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "igfxtray"="d:\windows\system32\igfxtray.exe" [2006-09-15 94208]
    "igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-09-15 77824]
    "igfxpers"="d:\windows\system32\igfxpers.exe" [2006-09-15 118784]
    "IntelZeroConfig"="d:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
    "IntelWireless"="d:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
    "SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "Mobile Connectivity Suite"="d:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "MSC"="d:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Z1"="d:\documents and settings\User XP\My Documents\Downloads\mbar-1.01.0.1020\mbar\mbar.exe" [2013-02-21 1363528]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_2"="shell32" [X]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    .
    R1 MpKslbe7cd502;MpKslbe7cd502;d:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{150A9383-91B0-44B6-BF25-4B9B4D6A2E1D}\MpKslbe7cd502.sys [2/20/2013 6:45 PM 29904]
    R3 GTIPCI21;GTIPCI21;d:\windows\system32\drivers\gtipci21.sys [5/9/2011 4:09 PM 88192]
    R3 mbamchameleon;mbamchameleon;d:\windows\system32\drivers\mbamchameleon.sys [2/20/2013 7:06 PM 35144]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMCHAMELEON
    *NewlyCreated* - MPKSLBE7CD502
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-21 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 01:00]
    .
    2013-02-21 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - d:\program files\Google\Update\GoogleUpdate.exe [2012-02-15 01:00]
    .
    2013-02-21 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-1417001333-1003Core.job
    - d:\documents and settings\User XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-12 07:27]
    .
    2013-02-21 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-1417001333-1003UA.job
    - d:\documents and settings\User XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-12 07:27]
    .
    2013-02-21 d:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - d:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=15866
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-21 03:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2013-02-21 03:38:27
    ComboFix-quarantined-files.txt 2013-02-21 10:38
    .
    Pre-Run: 66,228,244,480 bytes free
    Post-Run: 67,190,038,528 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    c:\btsec\XPSTP.bs="1. Begin TXT Mode Setup Windows XP, Never unplug USB-Drive Until Logon"
    multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="2. and 3. Continue with GUI Mode Setup Windows XP + Start XP from HD 1" /FASTDETECT
    multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Continue GUI Setup + Start XP from HD 2, use if installing on HD2" /FASTDETECT
    c:\grldr="4. Start GRUB4DOS Menu - DOS FPY IMAGES + Linux + XP Rec Cons + Vista"
    c:\btsec\XATSP.bs="Attended Setup XP, Never unplug USB-Drive Until After Logon"
    .
    - - End Of File - - 44FB4B67BFFBA4FB5D6B46B7CF5D52E0

  6. #6
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,500
    Looks good.

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

  7. #7
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    I'm runnning the next tools now but something odd has happened. When I signed onto the machine it brought up a DOS eindow and it was "D:......cmd.exe" (Ididn't write down what the whole thing was as my grandson came into the room and when I turned around it was gone.) Now the computer is saying "You may be a victim of software counterfeiting. This copy of Windows did not pass genuine windows validation." And Microsoft Security Essentials keeps popping up (real time protection is currently turned off as I am running the tools). What do you make of this?

  8. #8
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    # AdwCleaner v2.112 - Logfile created 02/22/2013 at 18:27:18
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : User XP - DARLAPTOP
    # Boot Mode : Normal
    # Running from : D:\Documents and Settings\User XP\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : D:\Documents and Settings\All Users\Application Data\Ask
    Folder Deleted : D:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : D:\Documents and Settings\User XP\Local Settings\Application Data\APN

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADE92211-31DC-4775-85C0-75659B099DD3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\Software\PIP

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=15866 --> hxxp://www.google.com

    -\\ Google Chrome v24.0.1312.57

    File : D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1412 octets] - [22/02/2013 18:27:18]

    ########## EOF - D:\AdwCleaner[S1].txt - [1472 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.5 (02.18.2013:1)
    OS: Microsoft Windows XP x86
    Ran by User XP on Fri 02/22/2013 at 18:36:32.29
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "D:\Documents and Settings\User XP\Application Data\searchresultstb"
    Successfully deleted: [Folder] "D:\Documents and Settings\User XP\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "D:\Program Files\imesh applications"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/22/2013 at 18:41:14.00
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    OTL logfile created on: 2/22/2013 6:49:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\User XP\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.11% Memory free
    3.84 Gb Paging File | 3.53 Gb Available in Paging File | 91.96% Paging File free
    Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
    Drive C: | 2.00 Gb Total Space | 1.69 Gb Free Space | 84.51% Space Free | Partition Type: FAT32
    Drive D: | 72.53 Gb Total Space | 62.48 Gb Free Space | 86.14% Space Free | Partition Type: NTFS

    Computer Name: DARLAPTOP | User Name: User XP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/22 18:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\User XP\Desktop\OTL.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- d:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/01/07 11:12:22 | 000,505,576 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2010/03/19 13:05:08 | 000,389,120 | R--- | M] (Teleca) -- D:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    PRC - [2010/03/17 13:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    PRC - [2010/03/17 13:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    PRC - [2010/03/17 13:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    PRC - [2009/12/11 12:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- D:\Program Files\Common Files\Teleca Shared\Generic.exe
    PRC - [2009/11/19 14:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- D:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    PRC - [2009/11/03 13:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2009/11/03 13:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
    PRC - [2009/11/03 13:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    PRC - [2009/11/03 13:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    PRC - [2009/11/03 13:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    PRC - [2009/11/03 13:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2009/06/03 07:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- D:\Program Files\Common Files\Teleca Shared\logger.exe
    PRC - [2009/04/14 10:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    PRC - [2009/03/10 20:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\WgaTray.exe
    PRC - [2008/04/14 00:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/03/17 13:20:30 | 000,139,264 | R--- | M] () -- D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
    MOD - [2010/02/10 16:08:38 | 000,237,361 | R--- | M] () -- D:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
    MOD - [2010/02/10 16:08:38 | 000,237,361 | R--- | M] () -- D:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
    MOD - [2009/11/03 13:35:46 | 000,200,704 | ---- | M] () -- D:\Program Files\Intel\WiFi\bin\iWMSProv.dll
    MOD - [2007/01/11 15:33:20 | 000,106,496 | R--- | M] () -- D:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\irmon.dll -- (Irmon)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/11/03 13:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2009/11/03 13:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
    SRV - [2009/11/03 13:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2009/11/03 13:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\UIUSys.sys -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rasirda.sys -- (Rasirda)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\irda.sys -- (irda)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOCUME~1\USERXP~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2009/11/11 02:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
    DRV - [2008/08/13 14:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/04/06 14:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
    DRV - [2006/01/11 18:25:26 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV - [2006/01/11 16:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
    DRV - [2006/01/07 04:39:30 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
    DRV - [2005/11/22 08:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2005/10/03 11:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
    DRV - [2005/09/15 17:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
    DRV - [2005/08/01 15:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/07/11 17:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
    DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/04/06 08:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
    DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2005/01/06 12:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/08/23 12:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
    IE - HKLM\..\SearchScopes\{965B4D12-46BD-422A-BB93-8AB0AE214820}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 A9 D0 A6 75 10 CC 01 [binary data]
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\..\SearchScopes\{3E6C1DB0-6D05-40F1-94FE-8203D8DA5136}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MP3R7&o=15863&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^RV&apn_dtid=^YYYYYY^YY^US&apn_uid=aa35b1f6-f9de-4cd1-b7c0-aa604f009f90&apn_sauid=6671D03C-93F9-4258-9229-FB75FAA692CF
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\..\SearchScopes\{965B4D12-46BD-422A-BB93-8AB0AE214820}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS471
    IE - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


    [2013/01/29 13:22:50 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\User XP\Application Data\Mozilla\Firefox\Profiles\extensions
    [2012/12/20 11:42:14 | 000,679,123 | ---- | M] () (No name found) -- D:\Documents and Settings\User XP\Application Data\Mozilla\Firefox\Profiles\extensions\mp3rocketdownloader@mp3rocket.me.xpi

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Gmail = D:\Documents and Settings\User XP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    Had to split OTL file as it was too big for one post....

  9. #9
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    O1 HOSTS File: ([2013/02/21 03:36:31 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] D:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [IntelWireless] D:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] D:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [Mobile Connectivity Suite] D:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
    O4 - HKLM..\Run: [MSC] d:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1361403312937 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA792F11-65CA-431C-8DC4-4503E192AFB6}: DhcpNameServer = 192.168.0.1 205.171.3.25
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/05/09 17:43:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/22 18:48:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\User XP\Desktop\OTL.exe
    [2013/02/22 18:36:29 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERUNT
    [2013/02/22 18:36:24 | 000,000,000 | ---D | C] -- D:\JRT
    [2013/02/22 18:35:28 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- D:\Documents and Settings\User XP\Desktop\JRT.exe
    [2013/02/21 03:26:43 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
    [2013/02/21 03:26:43 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
    [2013/02/21 03:26:43 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
    [2013/02/21 03:26:43 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
    [2013/02/21 03:26:13 | 000,000,000 | ---D | C] -- D:\Qoobox
    [2013/02/21 03:25:42 | 000,000,000 | ---D | C] -- D:\WINDOWS\erdnt
    [2013/02/21 03:21:23 | 005,034,373 | R--- | C] (Swearware) -- D:\Documents and Settings\User XP\Desktop\ComboFix.exe
    [2013/02/20 18:45:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Desktop\RK_Quarantine
    [2013/02/20 15:00:50 | 000,000,000 | R--D | C] -- D:\Documents and Settings\User XP\Start Menu\Programs\Administrative Tools
    [2013/02/20 14:37:13 | 000,688,992 | R--- | C] (Swearware) -- D:\Documents and Settings\User XP\Desktop\dds.com
    [2013/02/20 14:23:03 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Documents and Settings\User XP\Desktop\aswMBR.exe
    [2013/02/20 13:56:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Application Data\Malwarebytes
    [2013/02/20 13:55:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/20 13:55:26 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/02/20 13:55:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/20 13:55:23 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/16 18:18:25 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
    [2013/02/16 18:05:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
    [2013/02/16 17:57:05 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft.NET
    [2013/02/16 16:22:34 | 000,000,000 | ---D | C] -- D:\WINDOWS\Prefetch
    [2013/01/30 12:13:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Local Settings\Application Data\The Weather Channel
    [2013/01/29 13:24:01 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Incomplete
    [2013/01/29 13:22:50 | 000,000,000 | ---D | C] -- D:\Program Files\MP3 Rocket Downloader
    [2013/01/29 13:22:50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Application Data\Mozilla
    [2013/01/29 13:22:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Application Data\MP3Rocket
    [2013/01/29 13:17:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Local Settings\Application Data\Real
    [2013/01/29 13:16:06 | 000,000,000 | ---D | C] -- D:\Program Files\Real
    [2013/01/29 13:15:15 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Application Data\Real
    [2013/01/29 13:14:47 | 000,000,000 | ---D | C] -- D:\Program Files\The Weather Channel FW
    [2013/01/29 13:09:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Real
    [2013/01/29 12:06:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\B5D
    [2013/01/28 19:55:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\AppData
    [2013/01/28 19:53:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\My Documents\My Received Files
    [2013/01/28 19:43:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\User XP\Local Settings\Application Data\PackageAware
    [3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
    [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/22 18:49:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\User XP\Desktop\OTL.exe
    [2013/02/22 18:39:45 | 000,000,384 | -H-- | M] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2013/02/22 18:35:39 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- D:\Documents and Settings\User XP\Desktop\JRT.exe
    [2013/02/22 18:31:13 | 000,000,374 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts.ics
    [2013/02/22 18:29:54 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/22 18:29:53 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
    [2013/02/22 18:29:36 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
    [2013/02/22 18:28:02 | 000,510,066 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
    [2013/02/22 18:28:02 | 000,091,470 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
    [2013/02/22 18:26:22 | 000,587,671 | ---- | M] () -- D:\Documents and Settings\User XP\Desktop\adwcleaner0.exe
    [2013/02/22 18:25:01 | 000,000,888 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/21 03:36:31 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
    [2013/02/21 03:23:35 | 005,034,373 | R--- | M] (Swearware) -- D:\Documents and Settings\User XP\Desktop\ComboFix.exe
    [2013/02/21 03:20:45 | 000,000,184 | ---- | M] () -- D:\Documents and Settings\User XP\Desktop\imesh on virtual dr.url
    [2013/02/21 03:19:05 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
    [2013/02/21 03:10:00 | 000,000,986 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-1417001333-1003UA.job
    [2013/02/20 18:10:00 | 000,000,934 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-1417001333-1003Core.job
    [2013/02/20 17:32:47 | 000,799,232 | ---- | M] () -- D:\Documents and Settings\User XP\Desktop\RogueKiller.exe
    [2013/02/20 16:59:32 | 000,098,256 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/20 14:43:09 | 000,688,992 | R--- | M] (Swearware) -- D:\Documents and Settings\User XP\Desktop\dds.com
    [2013/02/20 14:34:40 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\User XP\Desktop\MBR.dat
    [2013/02/20 14:30:35 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Documents and Settings\User XP\Desktop\aswMBR.exe
    [2013/02/20 13:55:34 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/16 17:53:24 | 000,006,042 | ---- | M] () -- D:\Documents and Settings\User XP\My Documents\My Favorite Theme.theme
    [2013/02/13 16:45:49 | 000,694,382 | ---- | M] () -- D:\WINDOWS\setupapi.old
    [2013/01/30 13:12:08 | 000,002,320 | ---- | M] () -- D:\Documents and Settings\User XP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
    [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/22 18:26:05 | 000,587,671 | ---- | C] () -- D:\Documents and Settings\User XP\Desktop\adwcleaner0.exe
    [2013/02/21 03:26:43 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
    [2013/02/21 03:26:43 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
    [2013/02/21 03:26:43 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
    [2013/02/21 03:26:43 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
    [2013/02/21 03:26:43 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
    [2013/02/21 03:20:15 | 000,000,184 | ---- | C] () -- D:\Documents and Settings\User XP\Desktop\imesh on virtual dr.url
    [2013/02/20 17:32:26 | 000,799,232 | ---- | C] () -- D:\Documents and Settings\User XP\Desktop\RogueKiller.exe
    [2013/02/20 14:34:40 | 000,000,512 | ---- | C] () -- D:\Documents and Settings\User XP\Desktop\MBR.dat
    [2013/02/20 13:55:34 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/16 18:12:41 | 000,085,234 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-2052111302-1417001333-1003-0.dat
    [2013/02/16 18:12:40 | 000,085,234 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/02/16 17:53:24 | 000,006,042 | ---- | C] () -- D:\Documents and Settings\User XP\My Documents\My Favorite Theme.theme
    [2013/02/16 16:24:37 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
    [2012/02/14 16:28:42 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
    [2012/02/01 14:26:21 | 000,000,063 | ---- | C] () -- D:\Documents and Settings\User XP\jagex_cl_runescape_LIVE.dat
    [2012/02/01 14:26:21 | 000,000,024 | ---- | C] () -- D:\Documents and Settings\User XP\random.dat
    [2011/05/14 14:28:23 | 000,006,144 | ---- | C] () -- D:\Documents and Settings\User XP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/09 16:50:07 | 000,000,000 | ---- | C] () -- D:\WINDOWS\tosOBEX.INI
    [2011/05/09 15:56:01 | 000,192,512 | ---- | C] () -- D:\WINDOWS\System32\stac97co.dll
    [2011/05/09 15:46:02 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
    [2011/05/09 15:40:45 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
    [2011/05/09 10:36:25 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
    [2011/05/09 10:35:35 | 000,098,256 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/09 10:29:54 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
    [2011/05/09 10:29:44 | 000,510,066 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
    [2011/05/09 10:29:44 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
    [2011/05/09 10:29:44 | 000,091,470 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
    [2011/05/09 10:29:44 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
    [2011/05/09 10:29:42 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
    [2011/05/09 10:29:41 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
    [2011/05/09 10:29:36 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
    [2011/05/09 10:29:16 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
    [2011/05/09 10:29:15 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
    [2011/05/09 10:28:49 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
    [2011/05/09 10:28:40 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin

    ========== ZeroAccess Check ==========

    [2011/05/09 16:31:26 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/05/09 16:13:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\Infineon
    [2011/05/12 19:18:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/01/29 12:06:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\B5D
    [2011/05/12 20:45:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\HTC
    [2011/05/12 20:44:59 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Teleca
    [2011/05/09 17:12:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\User XP\Application Data\Infineon
    [2013/02/13 17:42:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\User XP\Application Data\MP3Rocket
    [2011/05/12 21:43:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\User XP\Application Data\Teleca

    ========== Purity Check ==========


    < End of report >


    QTL Extras is in separate post...

  10. #10
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    I can't posts the OTL Extras as I keep getting the message "You have included a total of 7 images and/or videos in your message. The maximum number that you may include is 6. Please correct the problem and then continue again.

    Images include use of smilies, the BB code [img] tag, and HTML <img> tags. Videos are included with the BB code [video] tag. The use of these is all subject to them being enabled by the administrator."

    I haven't included any images or videos, smilies. img tags or anything else. I'm going to try it for the fourth time...

    But in the meantime...


    There is a logo, for lack of a better description, at the bottom of the desktop that has the "You may be a victim of counterfeiting..." statement and ASK FOR GENUINE MICROSOFT SOFTWARE in big letters. Did the license somehow get corrupted? Something in the registry?

  11. #11
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    I still cannot post the OTL Extras file. It keeps referring to "you have included 7 images or videos in the message. The maximum number is 6." Any thoughts on how to get around this?

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,500
    Click on "Go Advanced" button and on a next page under "Additional Options:" checkmark "Disable smilies in text".

    Are you still getting message about Windows not being genuine?

  13. #13
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    OTL Extras logfile created on: 2/22/2013 6:49:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\User XP\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.11% Memory free
    3.84 Gb Paging File | 3.53 Gb Available in Paging File | 91.96% Paging File free
    Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
    Drive C: | 2.00 Gb Total Space | 1.69 Gb Free Space | 84.51% Space Free | Partition Type: FAT32
    Drive D: | 72.53 Gb Total Space | 62.48 Gb Free Space | 86.14% Space Free | Partition Type: NTFS

    Computer Name: DARLAPTOP | User Name: User XP | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "D:\Program Files\iMesh Applications\iMesh\iMesh.exe" = D:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "D:\Program Files\Java\jre6\bin\javaw.exe" = D:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{33E14464-2AEC-40DF-AD88-474F6B1FCF9B}" = Encompass360 NetBranch Installation Manager
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi Software
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{FCAFEEB3-3520-4539-89AF-4B743D2DFAEC}" = HTC Sync
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "ProInst" = Intel PROSet Wireless

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-776561741-2052111302-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/17/2012 8:29:32 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.1.522.0, P3 timeout, P4 1.1.9002.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 1/15/2013 12:42:33 PM | Computer Name = DARLAPTOP | Source = System.ServiceModel.Install 3.0.0.0 | ID = 0
    Description =

    Error - 1/23/2013 9:39:38 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P2 4.1.522.0, P3 timeout, P4 1.1.9103.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 1/29/2013 2:49:15 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
    P4 4.1.522.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
    P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

    Error - 2/16/2013 9:08:44 PM | Computer Name = DARLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 2/20/2013 4:44:32 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde,
    P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 2/20/2013 4:54:10 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde,
    P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 2/20/2013 5:17:31 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde,
    P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    Error - 2/20/2013 8:01:12 PM | Computer Name = DARLAPTOP | Source = .NET Runtime Optimization Service | ID = 1103
    Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
    - Tried to start a service that wasn't the latest version of CLR Optimization service.
    Will shutdown

    Error - 2/20/2013 8:14:28 PM | Computer Name = DARLAPTOP | Source = MPSampleSubmission | ID = 5000
    Description = EventType mptelemetry, P1 0x8000ffff, P2 patchapplication, P3 am bde,
    P4 11.1.4289.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials,
    P8 NIL, P9 NIL, P10 NIL.

    [ System Events ]
    Error - 2/22/2013 9:21:25 PM | Computer Name = DARLAPTOP | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%126

    Error - 2/22/2013 9:21:26 PM | Computer Name = DARLAPTOP | Source = Rasman | ID = 20063
    Description = Remote Access Connection Manager failed to start because the Point
    to Point Protocol failed to initialize. The specified module could not be found.

    Error - 2/22/2013 9:21:27 PM | Computer Name = DARLAPTOP | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%126

    Error - 2/22/2013 9:21:27 PM | Computer Name = DARLAPTOP | Source = Rasman | ID = 20063
    Description = Remote Access Connection Manager failed to start because the Point
    to Point Protocol failed to initialize. The specified module could not be found.

    Error - 2/22/2013 9:21:28 PM | Computer Name = DARLAPTOP | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%126

    Error - 2/22/2013 9:21:31 PM | Computer Name = DARLAPTOP | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2/22/2013 9:21:31 PM | Computer Name = DARLAPTOP | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2/22/2013 9:21:31 PM | Computer Name = DARLAPTOP | Source = DCOM | ID = 10016
    Description = The machine-default permission settings do not grant Local Activation
    permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
    to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
    can be modified using the Component Services administrative tool.

    Error - 2/22/2013 9:21:32 PM | Computer Name = DARLAPTOP | Source = Rasman | ID = 20063
    Description = Remote Access Connection Manager failed to start because the Point
    to Point Protocol failed to initialize. The specified module could not be found.

    Error - 2/22/2013 9:21:32 PM | Computer Name = DARLAPTOP | Source = Service Control Manager | ID = 7023
    Description = The Remote Access Connection Manager service terminated with the following
    error: %%126


    < End of report >

    I emailed the OTL Extras to my computer to try and get it to post.

    There is the logo at the bottom of the desktop that appears now as a permanent fixture on the desktop - clicking on it does nothing and I can't see any way to make it go away.

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,500
    What does it say?

    You didn't answer my question:
    Are you still getting message about Windows not being genuine?

  15. #15
    Join Date
    May 1999
    Location
    Colorado
    Posts
    193
    The logo at the bottom of the screen says "You may be a victim of counterfeiting. This copy of Windows did not pass genuine Windows validation."

    If I go into Microsoft Security Essentials it says
    "Windows did not pass genuine validation.
    Security Essentials will become disabled if you do not resolve this issue.
    To continue using Security Essentials, click Resolve Now and get genuine Windows.

    If you have already resolved this issue, click Run a validation check."

    IT is saying that Windows is not genuine.....???

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •