InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : malware,.virus? |
|
Answer» UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/12/2011 9:08:41 AM System Uptime: 8/8/2011 11:25:10 PM (0 hours ago) . MOTHERBOARD: Intel Corporation | | D845PT Processor: Intel(R) Pentium(R) 4 CPU 1.70GHz | J1E1 | 1694/100mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 38 GiB total, 21.918 GiB free. D: is CDROM () E: is FIXED (NTFS) - 93 GiB total, 75.583 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&268D196D&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&268D196D&0 Service: i8042prt . ==== System Restore Points =================== . RP99: 5/28/2011 1:47:55 AM - Software Distribution Service 3.0 RP100: 5/29/2011 1:48:23 AM - Software Distribution Service 3.0 RP101: 5/29/2011 2:12:10 AM - Software Distribution Service 3.0 RP102: 5/30/2011 1:48:06 AM - Software Distribution Service 3.0 RP103: 5/31/2011 1:48:15 AM - Software Distribution Service 3.0 RP104: 6/1/2011 1:49:15 AM - Software Distribution Service 3.0 RP105: 6/2/2011 4:24:45 PM - Software Distribution Service 3.0 RP106: 6/3/2011 4:18:44 PM - Software Distribution Service 3.0 RP107: 6/4/2011 4:18:56 PM - Software Distribution Service 3.0 RP108: 6/5/2011 1:39:41 AM - Software Distribution Service 3.0 RP109: 6/8/2011 12:11:50 AM - Software Distribution Service 3.0 RP110: 6/8/2011 11:56:50 PM - Software Distribution Service 3.0 RP111: 6/9/2011 11:57:18 PM - Software Distribution Service 3.0 RP112: 6/10/2011 11:57:05 PM - Software Distribution Service 3.0 RP113: 6/11/2011 11:57:03 PM - Software Distribution Service 3.0 RP114: 6/12/2011 2:01:40 AM - Software Distribution Service 3.0 RP115: 6/12/2011 11:56:53 PM - Software Distribution Service 3.0 RP116: 6/13/2011 11:57:06 PM - Software Distribution Service 3.0 RP117: 6/14/2011 11:56:48 PM - Software Distribution Service 3.0 RP118: 6/15/2011 11:57:02 PM - Software Distribution Service 3.0 RP119: 6/16/2011 11:56:46 PM - Software Distribution Service 3.0 RP120: 6/17/2011 7:00:15 AM - Software Distribution Service 3.0 RP121: 6/18/2011 7:41:53 AM - Software Distribution Service 3.0 RP122: 6/19/2011 2:13:18 AM - Software Distribution Service 3.0 RP123: 6/20/2011 2:39:41 AM - System Checkpoint RP124: 6/20/2011 7:41:56 AM - Software Distribution Service 3.0 RP125: 6/21/2011 7:46:43 AM - Software Distribution Service 3.0 RP126: 6/22/2011 7:41:30 AM - Software Distribution Service 3.0 RP127: 6/23/2011 7:41:44 AM - Software Distribution Service 3.0 RP128: 6/24/2011 7:41:32 AM - Software Distribution Service 3.0 RP129: 6/25/2011 7:55:19 AM - System Checkpoint RP130: 6/25/2011 6:57:31 PM - Software Distribution Service 3.0 RP131: 6/26/2011 2:30:03 AM - Software Distribution Service 3.0 RP132: 6/26/2011 6:57:16 PM - Software Distribution Service 3.0 RP133: 6/27/2011 6:57:21 PM - Software Distribution Service 3.0 RP134: 6/28/2011 6:58:12 PM - System Checkpoint RP135: 6/28/2011 10:56:14 PM - Software Distribution Service 3.0 RP136: 6/28/2011 11:59:56 PM - Software Distribution Service 3.0 RP137: 6/30/2011 12:32:27 AM - System Checkpoint RP138: 6/30/2011 1:34:47 AM - Software Distribution Service 3.0 RP139: 7/1/2011 1:34:18 AM - Software Distribution Service 3.0 RP140: 7/2/2011 1:34:46 AM - Software Distribution Service 3.0 RP141: 7/3/2011 1:34:12 AM - Software Distribution Service 3.0 RP142: 7/3/2011 1:55:10 AM - Software Distribution Service 3.0 RP143: 7/4/2011 1:34:07 AM - Software Distribution Service 3.0 RP144: 7/5/2011 1:34:19 AM - Software Distribution Service 3.0 RP145: 7/6/2011 1:34:32 AM - Software Distribution Service 3.0 RP146: 7/7/2011 1:34:37 AM - Software Distribution Service 3.0 RP147: 7/8/2011 1:34:18 AM - Software Distribution Service 3.0 RP148: 7/9/2011 2:21:46 AM - System Checkpoint RP149: 7/9/2011 5:23:43 PM - Software Distribution Service 3.0 RP150: 7/10/2011 1:47:26 AM - Software Distribution Service 3.0 RP151: 7/10/2011 5:23:32 PM - Software Distribution Service 3.0 RP152: 7/11/2011 5:23:49 PM - Software Distribution Service 3.0 RP153: 7/12/2011 5:23:55 PM - Software Distribution Service 3.0 RP154: 7/13/2011 7:00:16 AM - Software Distribution Service 3.0 RP155: 7/14/2011 7:23:58 AM - System Checkpoint RP156: 7/14/2011 7:25:56 AM - Software Distribution Service 3.0 RP157: 7/15/2011 7:25:50 AM - Software Distribution Service 3.0 RP158: 7/16/2011 7:25:16 AM - Software Distribution Service 3.0 RP159: 7/17/2011 2:29:50 AM - Software Distribution Service 3.0 RP160: 7/18/2011 3:23:39 AM - System Checkpoint RP161: 7/18/2011 7:26:01 AM - Software Distribution Service 3.0 RP162: 7/19/2011 7:25:32 AM - Software Distribution Service 3.0 RP163: 7/20/2011 7:25:33 AM - Software Distribution Service 3.0 RP164: 7/21/2011 7:25:49 AM - Software Distribution Service 3.0 RP165: 7/22/2011 7:25:31 AM - Software Distribution Service 3.0 RP166: 7/23/2011 7:25:22 AM - Software Distribution Service 3.0 RP167: 7/24/2011 2:29:00 AM - Software Distribution Service 3.0 RP168: 7/25/2011 3:23:22 AM - System Checkpoint RP169: 7/25/2011 7:25:26 AM - Software Distribution Service 3.0 RP170: 7/26/2011 7:25:11 AM - Software Distribution Service 3.0 RP171: 7/27/2011 7:27:37 AM - System Checkpoint RP172: 7/28/2011 7:53:52 AM - System Checkpoint RP173: 7/28/2011 11:13:09 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later. RP174: 7/29/2011 7:15:45 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 RP175: 7/29/2011 7:16:31 PM - Removed Microsoft Silverlight RP176: 7/30/2011 2:32:58 PM - Online Armor installation RP177: 7/31/2011 10:00:03 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later. RP178: 8/1/2011 10:02:17 AM - System Checkpoint RP179: 8/2/2011 10:11:38 AM - System Checkpoint RP180: 8/3/2011 6:49:37 PM - System Checkpoint RP181: 8/4/2011 7:38:15 PM - System Checkpoint RP182: 8/7/2011 10:52:47 PM - System Checkpoint . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.5 CCleaner HOTFIX for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB981793) Java Auto Updater Java(TM) 6 Update 24 JDownloader 0.9 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Security Client Microsoft Security Essentials Mozilla Firefox (3.6.18) Online Armor 5.0 Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) SUPERAntiSpyware Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VLC media player 1.1.9 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 8 Windows XP Service Pack 3 WinRAR 4.00 (32-bit) Xvid 1.2.2 final uninstall . ==== Event Viewer Messages From Past Week ======== . 8/8/2011 8:27:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 8:27:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 8:27:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 8:27:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\Administrator Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 8:27:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 7:22:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 7:22:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 7:22:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 7:22:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 7:21:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 7:12:33 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 7:12:28 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 6:33:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:33:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:33:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:33:29 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:33:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 6:31:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:31:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:31:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:31:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 6:30:56 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 6:23:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 6:23:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 6:23:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 6:23:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 6:23:13 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 4:47:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 4:47:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 4:47:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 4:47:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070005 Error description: Access is denied. 8/8/2011 4:46:44 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/8/2011 4:32:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 4:32:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 4:32:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 4:32:29 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: REBUILT-8C81CD7\nelson burke Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/8/2011 4:32:05 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/7/2011 2:09:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/7/2011 2:09:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/7/2011 2:09:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/7/2011 2:09:25 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/7/2011 2:09:24 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/6/2011 11:40:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/6/2011 11:40:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/6/2011 11:40:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/6/2011 11:40:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/6/2011 11:39:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/5/2011 11:40:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/5/2011 11:40:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/5/2011 11:40:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/5/2011 11:40:10 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/5/2011 11:39:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/4/2011 6:40:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/4/2011 6:40:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/4/2011 6:40:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/4/2011 6:40:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7104.0&avdelta=1.109.666.0&asdelta=1.109.666.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80072f76 Error description: The requested header was not found 8/4/2011 6:39:43 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/3/2011 5:01:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/2/2011 9:50:23 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/2/2011 10:55:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips MpFilter OADevice oahlpXX Processor SASDIFSV SASKUTIL 8/1/2011 9:55:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 8/1/2011 6:08:47 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.109.666.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7104.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service. 8/1/2011 11:00:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MpFilter MRxSmb NetBIOS NetBT OADevice oahlpXX OAmon OAnet Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip 8/1/2011 11:00:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2011 11:00:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2011 11:00:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/1/2011 11:00:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================What happens when you try to boot in Normal Mode? Download OTL to your desktop. * Open OTL * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window. Code: [Select]:OTL BHO: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - No File TB: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - No File :COMMANDS [resethosts] [purity] [emptytemp] [start explorer] * Click Run Fix * OTLI2 may ask to reboot the machine. Please do so if asked. * Click OK * A report will open. Copy and Paste that report in your next reply. ***************************************************************** Please download ComboFix from BleepingComputer.com Alternate link: GeeksToGo.com and save it to your Desktop. It would be easiest to download using Internet Explorer. If you insist on using Firefox, make sure that your download settings are as follows: * Tools->Options->Main tab * Set to "Always ask me where to Save the files". Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here Double click ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall PRODUCE a log for you. Please include the contents of C:\ComboFix.txt in your next reply. If you have problems with ComboFix usage, see How to use ComboFixAll processes killed Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1167840 bytes ->Temporary Internet Files folder emptied: 116929 bytes User: Administrator.REBUILT-8C81CD7 ->Temp folder emptied: 903874 bytes ->Temporary Internet Files folder emptied: 25268254 bytes ->Flash cache emptied: 56958 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Guest ->Temp folder emptied: 513062 bytes ->Temporary Internet Files folder emptied: 28352944 bytes ->Flash cache emptied: 434 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 16001632 bytes ->Flash cache emptied: 24843 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33664 bytes User: nelson burke ->Temp folder emptied: 28738620 bytes ->Temporary Internet Files folder emptied: 2098148 bytes ->Java cache emptied: 331395 bytes ->FireFox cache emptied: 46943515 bytes ->Flash cache emptied: 622 bytes User: NetworkService ->Temp folder emptied: 23540886 bytes ->Temporary Internet Files folder emptied: 365879419 bytes ->Flash cache emptied: 53771 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 585062 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: new ->Temp folder emptied: 484 bytes ->Temporary Internet Files folder emptied: 46054554 bytes ->Flash cache emptied: 434 bytes User: Owner ->Temp folder emptied: 49423059 bytes ->Temporary Internet Files folder emptied: 1370736 bytes ->Java cache emptied: 35673306 bytes ->Flash cache emptied: 66514 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4360845 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 91711 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 646.00 mb ComboFix 11-08-09.02 - Administrator 08/09/2011 22:21:57.1.1 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.750 [GMT -4:00] Running from: c:\documents and settings\Administrator.REBUILT-8C81CD7\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\ystem3~1 . . ((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 ))))))))))))))))))))))))))))))) . . 2011-08-10 01:59 . 2011-07-20 13:446881616----a-w-c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-08-10 01:59 . 2011-07-20 13:446881616----a-w-c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8A0CFBE-7BB8-4C64-9E1A-AC53421E6F88}\mpengine.dll 2011-08-09 23:38 . 2011-08-09 23:38--------d-----w-C:\_OTL 2011-08-09 03:57 . 2011-08-09 03:57--------d-----w-c:\documents and settings\All Users.WINDOWS\Application Data\WinZip 2011-08-03 21:31 . 2011-08-03 21:319830----a-w-c:\program files\exefix.reg 2011-08-03 20:45 . 2008-04-14 00:12146432----a-w-c:\windows\regedit.com 2011-07-31 03:07 . 2011-07-31 03:07--------d-----w-c:\documents and settings\nelson burke\Application Data\SUPERAntiSpyware.com 2011-07-31 03:07 . 2011-07-31 03:07--------d-----w-c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com 2011-07-31 03:06 . 2011-08-09 03:34--------d-----w-c:\program files\SUPERAntiSpyware 2011-07-30 22:35 . 2011-07-30 22:35--------d-----w-c:\program files\CCleaner 2011-07-30 18:34 . 2011-07-30 19:00--------d-----w-c:\documents and settings\All Users.WINDOWS\Application Data\OnlineArmor 2011-07-30 18:34 . 2011-07-30 18:35--------d-----w-c:\documents and settings\nelson burke\Application Data\OnlineArmor 2011-07-30 18:32 . 2011-04-06 17:0239048----a-w-c:\windows\system32\drivers\oahlp32.sys 2011-07-30 18:32 . 2011-04-06 17:0129464----a-w-c:\windows\system32\drivers\OAnet.sys 2011-07-30 18:32 . 2011-04-06 17:0125192----a-w-c:\windows\system32\drivers\OAmon.sys 2011-07-30 18:32 . 2011-04-06 17:01205864----a-w-c:\windows\system32\drivers\OADriver.sys 2011-07-30 18:31 . 2011-08-09 04:56--------d-----w-c:\program files\Online Armor 2011-07-30 11:51 . 2011-08-08 23:12--------d-----w-c:\program files\Microsoft Security Client 2011-07-29 23:16 . 2011-07-30 03:13--------d-----w-c:\windows\SxsCaPendDel 2011-07-29 23:03 . 2011-07-29 23:03--------d--h--w-c:\windows\PIF 2011-07-29 03:13 . 2011-07-31 14:00--------d-----w-c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla! 2011-07-29 03:01 . 2011-07-29 03:01--------d-sh--w-c:\documents and settings\LocalService.NT AUTHORITY\IETldCache 2011-07-29 02:54 . 2011-07-31 13:12--------d-----w-c:\program files\PC Tools Security 2011-07-29 02:51 . 2011-07-29 02:51--------d--h--w-c:\windows\system32\GroupPolicy 2011-07-29 02:51 . 2011-07-30 19:22--------d---a-w-c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2011-07-27 20:49 . 2011-07-27 20:49--------d-----w-c:\documents and settings\nelson burke\Application Data\Malwarebytes 2011-07-27 20:47 . 2011-07-27 20:47--------d-----w-c:\documents and settings\nelson burke\Local Settings\Application Data\Thinstall 2011-07-27 20:47 . 2011-07-27 20:47--------d-----w-c:\documents and settings\nelson burke\Application Data\Thinstall 2011-07-27 03:48 . 2011-07-27 03:49--------d-----w-c:\program files\File Scanner Library (Spybot - Search & Destroy) 2011-07-27 03:46 . 2011-07-30 22:43--------d-----w-c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2011-07-27 03:42 . 2011-07-27 03:43--------d-----w-c:\documents and settings\Administrator.REBUILT-8C81CD7 2011-07-18 04:26 . 2011-08-08 23:18--------d-----w-c:\program files\JDownloader . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-30 18:29 . 2011-06-18 10:26404640----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02 . 2007-07-27 12:001858944----a-w-c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-04-06 2477032] . c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ WinZip Quick Pick.lnk - e:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-04-06 354720] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [7/30/2011 2:32 PM 25192] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [7/30/2011 2:32 PM 29464] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [7/30/2011 2:32 PM 205864] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [7/30/2011 2:32 PM 39048] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/12/2011 5:55 PM 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664] S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [7/30/2011 2:31 PM 381512] S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [7/30/2011 2:31 PM 4326472] . Contents of the 'Scheduled Tasks' folder . 2011-08-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26] . . ------- Supplementary Scan ------- . TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe Notify-TPSvc - TPSvc.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-09 22:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-842925246-1425521274-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,c9,e9,40,c9,78,40,93,3e,2c,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,c9,e9,40,c9,78,40,93,3e,2c,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(384) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\l3codeca.acm . - - - - - - - > 'explorer.exe'(1212) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2011-08-09 22:31:20 ComboFix-quarantined-files.txt 2011-08-10 02:31 . Pre-Run: 24,017,367,040 bytes free Post-Run: 23,975,112,704 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect [spybotsd] timeout.old=30 . - - End Of File - - 16DB893E0679898BE3BFC50328BE0710 OTL by OldTimer - Version 3.2.26.1 log created on 08092011_193854 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Administrator.REBUILT-8C81CD7\Local Settings\Temp\~DFB35B.tmp not found! File\Folder C:\Documents and Settings\Administrator.REBUILT-8C81CD7\Local Settings\Temp\~DFB378.tmp not found! File\Folder C:\Documents and Settings\Administrator.REBUILT-8C81CD7\Local Settings\Temp\~DFB63D.tmp not found! File\Folder C:\Documents and Settings\Administrator.REBUILT-8C81CD7\Local Settings\Temp\~DFB6DE.tmp not found! C:\Documents and Settings\Administrator.REBUILT-8C81CD7\Local Settings\Temporary Internet Files\Content.IE5\R1OYDZ9H\topic,121989.15[1].html moved successfully. Registry entries deleted on Reboot... hi SuperDave, it looks like my system is fixedI still cannot run some programs by double clicking I think I may have renamed them so as I load them I will undo rename them Is there any way you can tell if it is cleaned? Thank you for all your help I will let others know about this site N.B.Quote it looks like my system is fixedI still cannot run some programs by double clicking I think I may have renamed them so as I load them I will undo rename them Is there any way you can tell if it is cleaned? Thank you for all your help I will let others know about this site N.B.I'm not finished cleaning the computer. Please stick with me for a few more scans. Please download Rooter and Save it to your desktop.
. SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 3 [32_bits] - x86 Family 15 Model 1 Stepping 2, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [SharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 8.0.6001.18702 Mozilla Firefox 3.6.18 (en-US) . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:38 Go - Free:20 Go ) D:\ [CD_Rom] E:\ [Fixed-NTFS] .. ( Total:93 Go - Free:74 Go ) . Scan : 16:34.27 Path : C:\Documents and Settings\nelson burke\Desktop\Rooter.exe User : nelson burke ( Administrator -> YES ) . ----------------------\\ Processes . Locked [System Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (360) ______ \??\C:\WINDOWS\system32\csrss.exe (408) ______ \??\C:\WINDOWS\system32\winlogon.exe (432) ______ C:\WINDOWS\system32\services.exe (476) ______ C:\WINDOWS\system32\lsass.exe (488) ______ C:\WINDOWS\system32\svchost.exe (640) ______ C:\WINDOWS\system32\svchost.exe (696) ______ C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (736) ______ C:\WINDOWS\System32\svchost.exe (772) ______ C:\WINDOWS\system32\svchost.exe (864) ______ C:\WINDOWS\system32\svchost.exe (1028) ______ C:\Program Files\Online Armor\OAcat.exe (1216) ______ C:\WINDOWS\Explorer.EXE (1224) ______ C:\Program Files\Online Armor\oasrv.exe (1296) ______ C:\WINDOWS\system32\spoolsv.exe (1652) ______ C:\WINDOWS\system32\svchost.exe (1968) ______ C:\Program Files\Java\jre6\bin\jqs.exe (212) ______ C:\WINDOWS\System32\alg.exe (2224) ______ C:\WINDOWS\system32\devldr32.exe (2704) ______ C:\Program Files\Common Files\Java\Java Update\jusched.exe (3160) ______ C:\Program Files\Online Armor\OAui.exe (3192) ______ C:\WINDOWS\system32\ctfmon.exe (3228) ______ E:\Program Files\WinZip\WZQKPICK.EXE (3308) ______ C:\Program Files\Online Armor\OAhlp.exe (3420) ______ C:\Program Files\internet explorer\iexplore.exe (3796) ______ C:\Program Files\internet explorer\iexplore.exe (2908) ______ C:\WINDOWS\system32\wuauclt.exe (400) ______ C:\Program Files\internet explorer\iexplore.exe (2680) ______ C:\Documents and Settings\nelson burke\Desktop\Rooter.exe (388) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [Sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:41101691904) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\MP Scheduled Scan.job C:\WINDOWS\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 16:34.29 . C:\Rooter$\Rooter_1.txt - (13/08/2011 | 16:34.29) Here is the ROOTER Log,I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Here is ESETS LOGC :\Documents and Settings\nelson burke\My Documents\Downloads\Xvid-Setup-dm-6.exeWin32/Toolbar.Zugo applicationdeleted - quarantined C:\System Volume Information\_restore{25A6172B-8545-494B-A5E8-CA595D0FB942}\RP178\A0010372.exeWin32/RegistryBooster applicationdeleted - quarantined C:\System Volume Information\_restore{25A6172B-8545-494B-A5E8-CA595D0FB942}\RP178\A0010377.exeWin32/RegistryBooster applicationdeleted - quarantined That looks good. If there are no other issues, we can do some cleanup. To uninstall ComboFix
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe.
**************************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ****************************************************** Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|