Author Topic: No Internet Access after virus removal :( (Read 36482 times)

nasroo7 · « **Reply #30 on:** January 11, 2012, 04:14:22 PM »

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Annette :: HOME-D8A73CBAEE [administrator]

1/11/2012 5:05:23 PM
mbam-log-2012-01-11 (17-05-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255656
Time elapsed: 27 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

nasroo7 · « **Reply #31 on:** January 11, 2012, 04:14:50 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/11/2012 at 03:03 PM

Application Version : 4.50.1002

Core Rules Database Version : 8123
Trace Rules Database Version: 5935

Scan type : Complete Scan
Total Scan Time : 00:55:15

Memory items scanned : 434
Memory threats detected : 0
Registry items scanned : 6015
Registry threats detected : 0
File items scanned : 58427
File threats detected : 10

Adware.Tracking Cookie
   C:\Documents and Settings\Annette\Cookies\HMYZLQN9.txt
   C:\Documents and Settings\Annette\Cookies\THUXZBVC.txt
   C:\Documents and Settings\Annette\Cookies\HABUK9X8.txt
   C:\Documents and Settings\Annette\Cookies\DDT2RUL2.txt
   C:\Documents and Settings\Annette\Cookies\1TU6SP7M.txt
   C:\Documents and Settings\Annette\Cookies\NQK21U12.txt
   C:\Documents and Settings\Annette\Cookies\YNQFGFY2.txt
   C:\Documents and Settings\Annette\Cookies\X67DM0OP.txt
   C:\Documents and Settings\Annette\Cookies\NWID5FDY.txt
   C:\Documents and Settings\Annette\Cookies\R3DEEDG1.txt

nasroo7 · « **Reply #32 on:** January 11, 2012, 04:16:55 PM »

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Annette at 18:15:37 on 2012-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1110 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251588442812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F2FAF00E-072F-4EDD-938C-CF761E7CDF4A} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-8-3 13696]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsldab21d7e;MpKsldab21d7e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ab00538-6f5a-4085-b170-2a97f95f30ef}\MpKsldab21d7e.sys [2012-1-11 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-9-12 2214504]
S1 MpKsl607219cb;MpKsl607219cb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\mpksl607219cb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{095f5527-8ed3-4bff-b87d-bffd993e4b45}\MpKsl607219cb.sys [?]
S1 MpKslcf261482;MpKslcf261482;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81a36ea3-d5b6-4b81-9e48-f2179236a830}\mpkslcf261482.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{81a36ea3-d5b6-4b81-9e48-f2179236a830}\MpKslcf261482.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-11 21:39:09   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-11 19:05:47   --------   d-----w-   c:\documents and settings\annette\application data\SUPERAntiSpyware.com
2012-01-11 19:05:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-01-11 15:46:12   29904   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ab00538-6f5a-4085-b170-2a97f95f30ef}\MpKsldab21d7e.sys
2012-01-11 15:45:56   56200   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ab00538-6f5a-4085-b170-2a97f95f30ef}\offreg.dll
2012-01-11 15:45:51   6823496   -c--a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ab00538-6f5a-4085-b170-2a97f95f30ef}\mpengine.dll
2012-01-09 21:19:29   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-01-09 21:19:29   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-01-09 14:24:17   --------   d-----w-   c:\windows\system32\CatRoot2
2012-01-07 00:17:32   52480   -c--a-w-   c:\windows\system32\dllcache\i8042prt.sys
2012-01-07 00:17:32   52480   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
2012-01-07 00:00:11   98816   ----a-w-   c:\windows\sed.exe
2012-01-07 00:00:11   518144   ----a-w-   c:\windows\SWREG.exe
2012-01-07 00:00:11   256000   ----a-w-   c:\windows\PEV.exe
2012-01-07 00:00:11   208896   ----a-w-   c:\windows\MBR.exe
2012-01-06 19:55:31   20992   -c--a-w-   c:\windows\system32\dllcache\rtl8139.sys
2012-01-06 19:55:31   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2012-01-06 19:12:12   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-06 18:55:05   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-06 15:12:33   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-01-06 15:12:33   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-01-06 15:12:31   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2012-01-06 15:12:31   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-01-05 19:47:01   --------   d-----w-   c:\documents and settings\annette\local settings\application data\PCHealth
2012-01-05 15:41:35   --------   dc----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-05 15:41:24   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2012-01-05 01:21:33   --------   dc----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-04 22:06:29   --------   d-----w-   c:\documents and settings\annette\application data\Malwarebytes
2012-01-04 02:04:21   --------   d-----w-   c:\windows\pss
2012-01-03 23:40:54   --------   dc----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-01-03 23:40:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-23 22:36:21   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2011-12-23 22:36:21   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M ====================
.
2011-12-15 01:15:15   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-15 19:29:56   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54:13   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-10 08:27:10   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31:48   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22   186880   ----a-w-   c:\windows\system32\encdec.dll
.
============= FINISH: 18:16:06.43 ===============

nasroo7 · « **Reply #33 on:** January 11, 2012, 04:17:28 PM »

ATTACH

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2009 11:40:05 AM
System Uptime: 1/11/2012 10:35:03 AM (8 hours ago)
.
Motherboard: BIOSTAR Group | | N61PB-M2S
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2712/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 117.844 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 1/5/2012 2:37:43 PM - System Checkpoint
RP2: 1/6/2012 2:10:33 PM - Restore Operation
RP3: 1/6/2012 2:53:25 PM - Restore Operation
RP4: 1/7/2012 3:44:53 PM - System Checkpoint
RP5: 1/9/2012 10:43:39 AM - After WinSock edit
RP6: 1/9/2012 2:05:41 PM - after winsock edit 02
RP7: 1/9/2012 4:18:02 PM - after FSS scan (internet working)
RP8: 1/9/2012 4:18:35 PM - Restore Operation
RP9: 1/11/2012 11:02:47 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Advertising Center
Critical Update for Windows Media Player 11 (KB959772)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImagXpress
Java Auto Updater
Java(TM) 6 Update 30
Juice 2.2
Knoll Light Factory EZ Studio
Malwarebytes Anti-Malware version 1.60.0.1800
Media Converter for Philips
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2000 Premium
Microsoft Security Client
Microsoft Security Essentials
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Napster
Napster Burn Engine
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA Update 1.3.5
NVIDIA Update Components
Pinnacle Creative Pack Volume 2
Pinnacle Studio 14
Pinnacle Studio Ultimate Plugins
Pinnacle Video Driver
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Detect
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)
.
==== Event Viewer Messages From Past Week ========
.
1/4/2012 9:38:09 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
1/4/2012 4:16:06 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
1/11/2012 5:50:09 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 5:28:50 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000048.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 5:28:50 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 4:59:37 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: HOME-D8A73CBAEE\Annette    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 3:51:15 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 3:23:46 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8e5e0442: Automatic Updates.
1/11/2012 2:51:39 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000048.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 2:51:39 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 2:40:00 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 12:23:11 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000048.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: User    User: NT AUTHORITY\SYSTEM    Process Name: Unknown    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 12:23:11 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: User    User: NT AUTHORITY\SYSTEM    Process Name: Unknown    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 11:54:14 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
1/11/2012 10:46:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 1.117.2196.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.2196.0&asdelta=1.117.2196.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:    Previous Engine Version: 1.1.7903.0    Error code: 0x80070652    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/11/2012 10:46:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 1.117.2196.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.2196.0&asdelta=1.117.2196.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:    Previous Engine Version: 1.1.7903.0    Error code: 0x80070652    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/11/2012 10:46:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 1.117.2196.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.2196.0&asdelta=1.117.2196.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:    Previous Engine Version: 1.1.7903.0    Error code: 0x80070652    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/11/2012 10:46:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 1.117.2196.0    Update Source: Microsoft Malware Protection Center    Update Stage: Install    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.7903.0&avdelta=1.117.2196.0&asdelta=1.117.2196.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:    Previous Engine Version: 1.1.7903.0    Error code: 0x80070652    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/11/2012 10:45:55 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version:    Update Source: User    Update Stage: Install    Source Path:    Signature Type:    Update Type:    User: NT AUTHORITY\NETWORK SERVICE    Current Engine Version:    Previous Engine Version:    Error code: 0x80070652    Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
1/11/2012 10:45:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:    Previous Signature Version: 1.117.2196.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:    Previous Engine Version: 1.1.7903.0    Error code: 0x8024400a    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/11/2012 10:31:46 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: An address incompatible with the requested protocol was used.
1/11/2012 10:31:46 AM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The support for the specified socket type does not exist in this address family.
1/11/2012 10:22:37 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/11/2012 10:22:06 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
1/11/2012 10:22:06 AM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort0.
1/11/2012 1:34:21 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.N&threatid=2147652496    Name: Virus:Win32/Sirefef.N    ID: 2147652496    Severity: Severe    Category: Virus    Path: file:_C:\System Volume Information\_restore{EC171A89-4CD3-4358-AEFC-488A505E412C}\RP1\A0000022.sys    Detection Origin: Local machine    Detection Type: Concrete    Detection Source: Real-Time Protection    User: NT AUTHORITY\SYSTEM    Process Name: C:\WINDOWS\system32\svchost.exe    Action: Clean    Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website.    Error Code: 0x800704ec    Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.    Signature Version: AV: 1.117.2670.0, AS: 1.117.2670.0, NIS: 0.0.0.0    Engine Version: AM: 1.1.7903.0, NIS: 0.0.0.0
.
==== End Of File ===========================

nasroo7 · « **Reply #34 on:** January 11, 2012, 04:24:48 PM »

At the same time, I cannot run Microsoft Updates.
It asks me to install the ADD-on of Microsoft Updates,

then...
"Checking if your computer has the latest version of windows updating software for use with the website..."

and then...
Error: 0x8DDD0004

I try to look online what is it...

SuperDave · « **Reply #35 on:** January 11, 2012, 04:27:40 PM »

•Please download Dial-A-Fix from one of the following mirrors:

Primary mirror
Secondary mirror

•Extract the zip file to your desktop.

•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click

to continue.

•Press the green double checkmark box (Looks like this:

UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:

•Click on Go

•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)

•Close Dial-A-Fix
******************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you want to use Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

nasroo7 · « **Reply #36 on:** January 11, 2012, 04:29:23 PM »

ok, I do it right now

nasroo7 · « **Reply #37 on:** January 11, 2012, 04:36:40 PM »

DIAL A FIX

After I clicked on GO, it was doing its job, and I had error messages:

"Error 127: C:\windows\system32\iesetup.dll is not registrable or the file is corrupted. Yo version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Yo version of iesetup.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\imgulti.dll is not registrable or the file is corrupted. Yo version of imgulti.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\inseng.dll is not registrable or the file is corrupted. Yo version of inseng.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Yo version of inseng.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\mshtml.dll is not registrable or the file is corrupted. Yo version of mshtml.dll is: 8.00.6001.19170. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Yo version of mshtml.dll is: 8.00.6001.19170. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\msrating.dll is not registrable or the file is corrupted. Yo version of msrating.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\occache.dll is not registrable or the file is corrupted. Yo version of occache.dll is: 8.00.6001.19165. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\occache.dll is not DLLInstall-able or the file is corrupted. Yo version of ocache.dll is: 8.00.6001.19165. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\pngfilt.dll is not DLLInstall-able or the file is corrupted. Yo version of pngfilt.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\webcheck.dll is not registrable or the file is corrupted. Yo version of webcheck.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

"Error 127: C:\windows\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Yo version of webcheck.dll is: 8.00.6001.18702. Please contact dial-a-fix... so an exception can be made for your version of this file" > Clicked on OK.

nasroo7 · « **Reply #38 on:** January 11, 2012, 04:39:45 PM »

and just had a message from MSEssentials...

MSEssentials detected items on your computer that may have not been yet classified for risks.
Sending the files listed.... etc
C:\32788RR22FWJFW\iexplore.exe

SuperDave · « **Reply #39 on:** January 11, 2012, 04:46:39 PM »

Please run ComboFix and post the log.

nasroo7 · « **Reply #40 on:** January 11, 2012, 05:09:30 PM »

Quote

Please run ComboFix and post the log.

I was running it, I just thought that I should tell you whatever happens to the computer :S

ComboFix 12-01-10.02 - Annette 01/11/2012 18:52:59.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.1089 [GMT -5:00]
Running from: c:\documents and settings\Annette\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-11 23:58 . 2012-01-11 23:58   9310   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-01-11 23:58 . 2012-01-11 23:58   8646   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-01-11 23:58 . 2012-01-11 23:58   6429   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-01-11 23:58 . 2012-01-11 23:58   63115   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-01-11 23:58 . 2012-01-11 23:58   5927   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-01-11 23:58 . 2012-01-11 23:58   4599   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-01-11 23:58 . 2012-01-11 23:58   8613   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-01-11 23:58 . 2012-01-11 23:58   6910   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-01-11 23:58 . 2012-01-11 23:58   1651   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-01-11 23:57 . 2012-01-11 23:57   8288   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-01-11 23:57 . 2012-01-11 23:57   6208   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-01-11 23:57 . 2012-01-11 23:57   18541   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-01-11 23:57 . 2012-01-11 23:57   7271   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-01-11 23:57 . 2012-01-11 23:57   51852   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-01-11 23:57 . 2012-01-11 23:57   23327   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-01-11 23:57 . 2012-01-11 23:57   20719   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-01-11 23:57 . 2012-01-11 23:57   8782   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-01-11 23:57 . 2012-01-11 23:57   56200   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AB00538-6F5A-4085-B170-2A97F95F30EF}\offreg.dll
2012-01-11 23:34 . 2012-01-11 23:52   --------   d-----w-   c:\windows\system32\CatRoot2
2012-01-11 21:39 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-11 19:05 . 2012-01-11 19:05   --------   d-----w-   c:\documents and settings\Annette\Application Data\SUPERAntiSpyware.com
2012-01-11 19:05 . 2012-01-11 19:05   --------   d-----w-   c:\program files\SUPERAntiSpyware
2012-01-11 15:45 . 2011-11-21 10:47   6823496   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AB00538-6F5A-4085-B170-2A97F95F30EF}\mpengine.dll
2012-01-09 21:19 . 2012-01-09 21:19   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-01-09 19:25 . 2012-01-09 21:18   --------   dcs---w-   c:\documents and settings\Administrator
2012-01-07 00:17 . 2008-04-13 20:18   52480   -c--a-w-   c:\windows\system32\dllcache\i8042prt.sys
2012-01-07 00:17 . 2008-04-13 20:18   52480   ----a-w-   c:\windows\system32\drivers\i8042prt.sys
2012-01-06 19:55 . 2004-08-04 03:31   20992   -c--a-w-   c:\windows\system32\dllcache\rtl8139.sys
2012-01-06 19:55 . 2004-08-04 03:31   20992   ----a-w-   c:\windows\system32\drivers\RTL8139.sys
2012-01-06 19:12 . 2008-04-13 19:39   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-06 18:55 . 2008-04-13 19:39   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-06 15:12 . 2001-08-17 18:48   12160   -c--a-w-   c:\windows\system32\dllcache\mouhid.sys
2012-01-06 15:12 . 2001-08-17 18:48   12160   ----a-w-   c:\windows\system32\drivers\mouhid.sys
2012-01-06 15:12 . 2008-04-13 19:45   10368   -c--a-w-   c:\windows\system32\dllcache\hidusb.sys
2012-01-06 15:12 . 2008-04-13 19:45   10368   ----a-w-   c:\windows\system32\drivers\hidusb.sys
2012-01-05 19:47 . 2012-01-05 19:47   --------   d-----w-   c:\documents and settings\Annette\Local Settings\Application Data\PCHealth
2012-01-05 18:00 . 2012-01-05 18:00   --------   d-----w-   c:\program files\Common Files\Java
2012-01-05 15:41 . 2012-01-05 16:18   --------   dc----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-05 15:41 . 2012-01-05 17:42   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2012-01-05 01:21 . 2012-01-05 01:21   --------   dc----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-04 22:06 . 2012-01-04 22:06   --------   d-----w-   c:\documents and settings\Annette\Application Data\Malwarebytes
2012-01-03 23:40 . 2012-01-03 23:40   --------   dc----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 23:40 . 2012-01-11 21:58   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-23 22:36 . 2008-04-13 19:45   32128   -c--a-w-   c:\windows\system32\dllcache\usbccgp.sys
2011-12-23 22:36 . 2008-04-13 19:45   32128   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2011-12-18 22:26 . 2011-12-18 22:26   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 01:15 . 2011-05-18 00:55   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2006-02-28 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-10-20 13:04   6823496   -c--a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-15 19:29 . 2011-09-28 22:48   222080   ------w-   c:\windows\system32\MpSigStub.exe
2011-11-10 10:54 . 2010-06-21 13:06   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-11-10 08:27 . 2009-09-02 23:18   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2006-02-28 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 12:00   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 12:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2006-02-28 12:00   186880   ----a-w-   c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-07_00.23.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-11 23:55 . 2012-01-11 23:55   16384 c:\windows\Temp\Perflib_Perfdata_c48.dat
+ 2012-01-11 23:57 . 2012-01-11 23:57   16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
- 2011-12-15 00:59 . 2010-07-05 13:15   26488 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\update\spcustom.dll
- 2011-12-15 00:59 . 2010-07-05 13:15   17272 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\spmsg.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   12800 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\xpshims.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   66560 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\mshtmled.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   55296 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\msfeedsbs.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   43520 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\licmgr10.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   25600 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\jsproxy.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   12800 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\xpshims.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   66560 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\mshtmled.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   55296 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\msfeedsbs.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   43520 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\licmgr10.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   25600 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\jsproxy.dll
+ 2012-01-09 21:22 . 2012-01-11 23:33   1958 c:\windows\SoftwareDistribution\EventCache\{4B172D2F-91AA-4A15-84B6-413906BAFE6C}.bin
+ 2012-01-06 19:10 . 2012-01-09 21:19   410164 c:\windows\system32\Restore\rstrlog.dat
- 2011-12-15 00:59 . 2010-07-05 13:16   382840 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\update\updspapi.dll
- 2011-12-15 00:59 . 2010-07-05 13:15   755576 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\update\update.exe
- 2011-12-15 00:59 . 2010-07-05 13:15   231288 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\spuninst.exe
- 2011-12-15 00:59 . 2011-11-04 19:19   919552 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\wininet.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   105984 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\url.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   206848 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\occache.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   611840 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\mstime.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   602112 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\msfeeds.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   247808 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\ieproxy.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   184320 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\iepeers.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   743424 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\iedvtool.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   387584 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\iedkcs32.dll
- 2011-12-15 00:59 . 2011-10-25 12:01   174080 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\ie4uinit.exe
- 2011-12-15 00:59 . 2011-11-04 19:20   916992 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\wininet.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   105984 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\url.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   206848 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\occache.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   611840 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\mstime.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   602112 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\msfeeds.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   247808 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\ieproxy.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   184320 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\iepeers.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   743424 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\iedvtool.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   387584 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\iedkcs32.dll
- 2011-12-15 00:59 . 2011-11-04 11:24   174080 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\ie4uinit.exe
- 2011-12-15 00:59 . 2011-11-04 19:19   1214464 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\urlmon.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   5978624 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\mshtml.dll
- 2011-12-15 00:59 . 2011-11-04 19:19   2001408 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\iertutil.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   1212416 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\urlmon.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   5978112 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\mshtml.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   2000384 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\iertutil.dll
- 2011-11-05 19:19 . 2011-11-05 19:19   11083776 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3QFE\ieframe.dll
- 2011-12-15 00:59 . 2011-11-04 19:20   11081728 c:\windows\SoftwareDistribution\Download\6d96dffc598263b266d998c5ef2cef5f\SP3GDR\ieframe.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-24 16859648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-21 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"BBSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1177:UDP"= 1177:UDP:Windows Media Format SDK (napster.exe)
"1176:UDP"= 1176:UDP:Windows Media Format SDK (napster.exe)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/3/2009 10:58 AM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9/12/2011 7:42 AM 2214504]
S1 MpKsl607219cb;MpKsl607219cb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{095F5527-8ED3-4BFF-B87D-BFFD993E4B45}\MpKsl607219cb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{095F5527-8ED3-4BFF-B87D-BFFD993E4B45}\MpKsl607219cb.sys [?]
S1 MpKslcf261482;MpKslcf261482;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81A36EA3-D5B6-4B81-9E48-F2179236A830}\MpKslcf261482.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81A36EA3-D5B6-4B81-9E48-F2179236A830}\MpKslcf261482.sys [?]
S1 MpKsldab21d7e;MpKsldab21d7e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AB00538-6F5A-4085-B170-2A97F95F30EF}\MpKsldab21d7e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AB00538-6F5A-4085-B170-2A97F95F30EF}\MpKsldab21d7e.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ     WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-11 19:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
.
**************************************************************************
.
Completion time: 2012-01-11 19:06:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-12 00:06
ComboFix2.txt 2012-01-07 00:50
ComboFix3.txt 2012-01-07 00:26
.
Pre-Run: 126,430,269,440 bytes free
Post-Run: 126,475,194,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F02A8C1EAC2F79F6B46C57D502D2325

SuperDave · « **Reply #41 on:** January 12, 2012, 12:02:30 PM »

Quote

I was running it, I just thought that I should tell you whatever happens to the computer :S

That's cool.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

nasroo7 · « **Reply #42 on:** January 12, 2012, 01:09:53 PM »

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B2D4A000
Module End: B2D62000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B8638000
Module End: B863A000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: B2E55620
Driver Base: B2E4B000
Driver End: B2E6D000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\ace95d57646196ec5306fbd2b5\de-DE\ZuneSetup.exe.mui
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\en-US\ZuneSetup.exe.mui
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\es-ES\ZuneSetup.exe.mui
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\fr-FR\ZuneSetup.exe.mui
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\it-IT\ZuneSetup.exe.mui
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\packages\muauth.cab
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\packages\Zune-de.msi
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\packages\Zune-es.msi
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\packages\Zune-fr.msi
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\packages\Zune-it.msi
Status: Access denied

Object: C:\ace95d57646196ec5306fbd2b5\packages\Zune-x86.msi
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #43 on:** January 12, 2012, 04:32:02 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

nasroo7 · « **Reply #44 on:** January 13, 2012, 07:24:38 AM »

Ok, So I ran Eset online scanner....
After 45min it was at 98%... with 0 threads...
The computer is set so the HDD doesn't turn off (In power management)

I came back an hour later, and I discovered that windows restarted itself...
I log on with the windows account password... and in the right bottom a little window told me "Windows was recently updated"
So important updates were installed, and the computer restarted by itself (I installed all the updates before the infection)

So there is no ESET scanner anymore of course...

Is there any log saved somewhere?
Or do I have to start over?

Computer Hope Forum

News:

Author Topic: No Internet Access after virus removal :( (Read 36482 times)

nasroo7

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

SuperDave

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

SuperDave

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

SuperDave

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(

SuperDave

Re: No Internet Access after virus removal :(

nasroo7

Re: No Internet Access after virus removal :(