cheliza34
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by cheliza34
-
I recently purchased a new computer - I just put malwarebytes on it because I love the product - soon my anti-virus that was installed on my computer will expire and I will have to make a decision to subscribe or move on - Norton is the product...I am unfamilar with it - I use to use Trend Micro.... Anyway I would like to tap into the knowledge of this group and see what anti-virus software is the best to partner with Malwarebytes - and also ask do I even need anti-virus software with Malware bytes? Thanks for any suggestions I appreciate the help. ps - I hope its okay to post this here - I din't know where to put it! lol
-
Nope still there - I guess it doesn't matter - everything else is working properly - I appreciate your help
-
explorer.exe not loading at startup
cheliza34 replied to cheliza34's topic in Resolved Malware Removal Logs
thank you for your time -
explorer.exe not loading at startup
cheliza34 replied to cheliza34's topic in Resolved Malware Removal Logs
wonderful thank you everything loads no re diredts......seems good -
explorer.exe not loading at startup
cheliza34 replied to cheliza34's topic in Resolved Malware Removal Logs
ComboFix 10-07-18.05 - Administrator 07/19/2010 13:56:27.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1614 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\userinit.exe --> c:\windows\system32\userinit.exe . ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 ))))))))))))))))))))))))))))))) . 2010-07-19 14:46 . 2010-07-19 14:46 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcp71.dll 2010-07-19 14:46 . 2010-07-19 14:46 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\jmc.dll 2010-07-19 14:46 . 2010-07-19 14:46 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcr71.dll 2010-07-15 20:32 . 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:14 . 2010-07-15 20:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:21 . 2010-07-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-07-14 20:09 . 2010-07-14 20:09 936960 ----a-w- c:\windows\system32\qtplugin(2).exe 2010-07-14 15:10 . 2010-07-15 20:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-19 15:48 . 2006-02-28 12:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys 2010-07-19 15:07 . 2007-08-15 15:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-15 20:32 . 2009-10-02 12:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:32 . 2009-10-02 12:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 13:53 . 2007-08-16 14:03 -------- d-----w- c:\program files\Lennox Repair Parts 2010-07-15 12:41 . 2010-03-02 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-14 14:34 . 2008-03-21 13:28 36 ---ha-w- c:\windows\system32\f9t.dat 2010-07-13 16:17 . 2010-03-08 13:13 -------- d-----w- c:\program files\CCleaner 2010-07-07 11:54 . 2010-03-08 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:52 . 2009-08-06 14:39 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 16:38 . 2010-06-05 16:38 -------- d-----w- c:\program files\CoffeeCup Software 2010-06-02 13:33 . 2009-10-02 12:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:39 . 2010-03-08 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-08 13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 13:56 . 2009-04-16 15:21 50 ----a-w- c:\windows\system32\d8045def.dat 2006-12-11 19:47 . 2006-12-11 19:47 346 ----a-w- c:\program files\Shortcut to P - FDC.lnk 2002-07-31 23:55 . 2010-06-05 16:40 106 --sh--w- c:\windows\WSYS049.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 11:58 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 8:37 AM 216400] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 8:37 AM 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 4:32 PM 308136] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/16/2009 11:22 AM 10368] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lennoxdavenet.net/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: AdobeControl - hxxp://www.lennoxdavenet.net/webdynpro/resources/sap.com/tc~wd~dispwda/global/activeComp/AdobeControl.CAB . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 14:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1A9A94C-5E56-04B6-8794-23B544266D99}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "kaodfihodobakabmpakbfk"=hex:67,61,6f,64,65,66,6d,6a,62,65,6c,6d,66,62,00,00 "kaodfihodobakabmpakbkk"=hex:66,61,64,70,69,66,6f,6c,64,6a,64,68,00,62 "maoejmenpgakbkppahfmppkaog"=hex:62,61,6a,66,00,fa . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(664) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(3404) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\brss01a.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\Brmfrmps.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\BRMFRSMG.EXE . ************************************************************************** . Completion time: 2010-07-19 14:12:17 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-19 18:12 ComboFix2.txt 2010-07-19 16:35 Pre-Run: 23,663,513,600 bytes free Post-Run: 23,660,126,208 bytes free - - End Of File - - 11698784EE7CB53B915E2F818ABE37E7 -
explorer.exe not loading at startup
cheliza34 replied to cheliza34's topic in Resolved Malware Removal Logs
ComboFix 10-07-18.05 - Administrator 07/19/2010 12:25:49.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1605 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf . ((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 ))))))))))))))))))))))))))))))) . 2010-07-19 14:46 . 2010-07-19 14:46 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcp71.dll 2010-07-19 14:46 . 2010-07-19 14:46 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\jmc.dll 2010-07-19 14:46 . 2010-07-19 14:46 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-55ac47ed-n\msvcr71.dll 2010-07-15 20:32 . 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:14 . 2010-07-15 20:14 -------- d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:21 . 2010-07-15 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-07-14 20:09 . 2010-07-14 20:09 936960 ----a-w- c:\windows\system32\qtplugin(2).exe 2010-07-14 15:10 . 2010-07-15 20:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-19 15:48 . 2006-02-28 12:00 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys 2010-07-19 15:07 . 2007-08-15 15:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-15 20:32 . 2009-10-02 12:37 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:32 . 2009-10-02 12:37 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 13:53 . 2007-08-16 14:03 -------- d-----w- c:\program files\Lennox Repair Parts 2010-07-15 12:41 . 2010-03-02 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-07-14 14:34 . 2008-03-21 13:28 36 ---ha-w- c:\windows\system32\f9t.dat 2010-07-13 16:17 . 2010-03-08 13:13 -------- d-----w- c:\program files\CCleaner 2010-07-07 11:54 . 2010-03-08 13:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-01 11:52 . 2009-08-06 14:39 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 16:38 . 2010-06-05 16:38 -------- d-----w- c:\program files\CoffeeCup Software 2010-06-02 13:33 . 2009-10-02 12:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2006-02-28 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 19:39 . 2010-03-08 13:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39 . 2010-03-08 13:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 13:56 . 2009-04-16 15:21 50 ----a-w- c:\windows\system32\d8045def.dat 2006-12-11 19:47 . 2006-12-11 19:47 346 ----a-w- c:\program files\Shortcut to P - FDC.lnk 2002-07-31 23:55 . 2010-06-05 16:40 106 --sh--w- c:\windows\WSYS049.SYS . ------- Sigcheck ------- [7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 00:12 . 835E4A9281BEA15FBCD47E2ED335CD97 . 26112 . . [------] . . c:\windows\system32\userinit.exe [7] 2006-02-28 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108] "IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-10-31 45056] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-15 20:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-02 11:58 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 8:37 AM 216400] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 8:37 AM 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 4:32 PM 308136] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [4/16/2009 11:22 AM 10368] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?] S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLMDB *Deregistered* - klmdb . Contents of the 'Scheduled Tasks' folder 2009-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lennoxdavenet.net/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: AdobeControl - hxxp://www.lennoxdavenet.net/webdynpro/resources/sap.com/tc~wd~dispwda/global/activeComp/AdobeControl.CAB . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 12:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,17,04,97,f5,bb,fa,58,41,8c,76,5b,\ [HKEY_USERS\S-1-5-21-484763869-2139871995-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F1A9A94C-5E56-04B6-8794-23B544266D99}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "kaodfihodobakabmpakbfk"=hex:67,61,6f,64,65,66,6d,6a,62,65,6c,6d,66,62,00,00 "kaodfihodobakabmpakbkk"=hex:66,61,64,70,69,66,6f,6c,64,6a,64,68,00,62 "maoejmenpgakbkppahfmppkaog"=hex:62,61,6a,66,00,fa . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2010-07-19 12:35:05 ComboFix-quarantined-files.txt 2010-07-19 16:34 Pre-Run: 23,421,030,400 bytes free Post-Run: 23,650,816,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - E8A6F30E7D4BDED5F71E43666033FC4A -
explorer.exe not loading at startup
cheliza34 replied to cheliza34's topic in Resolved Malware Removal Logs
11:47:09:265 2652 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 11:47:09:265 2652 ================================================================================ 11:47:09:265 2652 SystemInfo: 11:47:09:265 2652 OS Version: 5.1.2600 ServicePack: 3.0 11:47:09:265 2652 Product type: Workstation 11:47:09:265 2652 ComputerName: JEN 11:47:09:265 2652 UserName: Administrator 11:47:09:265 2652 Windows directory: C:\WINDOWS 11:47:09:265 2652 System windows directory: C:\WINDOWS 11:47:09:265 2652 Processor architecture: Intel x86 11:47:09:265 2652 Number of processors: 1 11:47:09:265 2652 Page size: 0x1000 11:47:09:265 2652 Boot type: Normal boot 11:47:09:265 2652 ================================================================================ 11:47:09:687 2652 Initialize success 11:47:09:687 2652 11:47:09:687 2652 Scanning Services ... 11:47:10:234 2652 Raw services enum returned 320 services 11:47:10:234 2652 11:47:10:234 2652 Scanning Drivers ... 11:47:11:390 2652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:47:11:500 2652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 11:47:11:687 2652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:47:11:796 2652 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 11:47:12:406 2652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:47:12:546 2652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:47:12:687 2652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:47:12:781 2652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:47:12:906 2652 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys 11:47:13:000 2652 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys 11:47:13:109 2652 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys 11:47:13:218 2652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:47:13:312 2652 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 11:47:13:406 2652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:47:13:578 2652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:47:13:703 2652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:47:13:812 2652 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:47:14:187 2652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:47:14:312 2652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:47:14:750 2652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:47:15:015 2652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:47:15:109 2652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:47:15:265 2652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:47:15:375 2652 E100B (fe9cb643a034285031502d3369e5a869) C:\WINDOWS\system32\DRIVERS\e100b325.sys 11:47:15:500 2652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:47:15:609 2652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:47:15:703 2652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:47:15:796 2652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:47:15:906 2652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:47:15:984 2652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:47:16:093 2652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:47:16:187 2652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:47:16:343 2652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 11:47:16:593 2652 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:47:16:718 2652 ialm (483e123d057f9cab066402239c0a0b3f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 11:47:16:875 2652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:47:17:046 2652 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 11:47:17:171 2652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:47:17:296 2652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:47:17:390 2652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:47:17:515 2652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:47:17:609 2652 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:47:17:703 2652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:47:17:812 2652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:47:17:921 2652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:47:18:078 2652 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 11:47:18:234 2652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:47:18:343 2652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 11:47:18:562 2652 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys 11:47:18:734 2652 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 11:47:18:828 2652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:47:18:937 2652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:47:19:031 2652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:47:19:125 2652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:47:19:296 2652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:47:19:406 2652 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:47:19:562 2652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:47:19:671 2652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:47:19:781 2652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:47:19:906 2652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:47:19:984 2652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:47:20:093 2652 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 11:47:20:203 2652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:47:20:281 2652 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:47:20:390 2652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:47:20:500 2652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:47:20:593 2652 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 11:47:20:703 2652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:47:20:796 2652 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:47:20:906 2652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:47:21:015 2652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 11:47:21:156 2652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:47:21:250 2652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:47:21:390 2652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:47:21:531 2652 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys 11:47:21:656 2652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 11:47:21:781 2652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:47:21:906 2652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:47:22:000 2652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:47:22:125 2652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 11:47:22:203 2652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:47:22:515 2652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:47:22:609 2652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 11:47:22:703 2652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:47:22:796 2652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:47:22:890 2652 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 11:47:23:281 2652 RasAcd (652d260be3046dd1b08ab6ba2bd0861e) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:47:23:281 2652 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rasacd.sys. Real md5: 652d260be3046dd1b08ab6ba2bd0861e, Fake md5: fe0d99d6f31e4fad8159f690d68ded9c 11:47:23:281 2652 File "C:\WINDOWS\system32\DRIVERS\rasacd.sys" infected by TDSS rootkit ... 11:47:25:546 2652 Backup copy found, using it.. 11:47:25:546 2652 will be cured on next reboot 11:47:25:671 2652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:47:25:781 2652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:47:25:906 2652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:47:26:015 2652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:47:26:125 2652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:47:26:218 2652 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:47:26:312 2652 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 11:47:26:437 2652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:47:26:609 2652 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 11:47:26:734 2652 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 11:47:26:843 2652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:47:26:984 2652 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 11:47:27:078 2652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 11:47:27:171 2652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:47:27:437 2652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:47:27:578 2652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:47:27:687 2652 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 11:47:27:828 2652 STAC97 (37dcf0d0efa88b05d07cc6c46bdca797) C:\WINDOWS\system32\drivers\STAC97.sys 11:47:27:953 2652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:47:28:078 2652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:47:28:406 2652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:47:28:593 2652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:47:28:765 2652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:47:28:890 2652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:47:29:000 2652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:47:29:218 2652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:47:29:453 2652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:47:29:609 2652 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys 11:47:29:734 2652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:47:29:843 2652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:47:30:000 2652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:47:30:125 2652 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:47:30:234 2652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:47:30:359 2652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:47:30:484 2652 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:47:30:734 2652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:47:31:421 2652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:47:31:515 2652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:47:31:687 2652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:47:31:812 2652 {6080A529-897E-4629-A488-ABA0C29B635E} (9b808527870ebae0b1dfb90ef3f861b9) C:\WINDOWS\system32\drivers\ialmsbw.sys 11:47:31:906 2652 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dba29fe70d66f5a82c860894c91b42c7) C:\WINDOWS\system32\drivers\ialmkchw.sys 11:47:31:921 2652 Reboot required for cure complete.. 11:47:32:328 2652 Cure on reboot scheduled successfully 11:47:32:328 2652 11:47:32:328 2652 Completed 11:47:32:328 2652 11:47:32:328 2652 Results: 11:47:32:328 2652 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 11:47:32:328 2652 File objects infected / cured / cured on reboot: 1 / 0 / 1 11:47:32:328 2652 11:47:32:343 2652 KLMD(ARK) unloaded successfully JavaRa.zip -
explorer.exe not loading at startup
cheliza34 replied to cheliza34's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4326 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/19/2010 10:45:57 AM mbam-log-2010-07-19 (10-45-57).txt Scan type: Quick scan Objects scanned: 141522 Time elapsed: 13 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 8:31:07.70 on Mon 07/19/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1402 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe svchost.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Scansoft\PaperPort\pptd40nt.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINTAC\Office\MSACCESS.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.lennoxdavenet.net/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {7EFBC57C-CD57-481F-B794-648FCE9C9116} - No File TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe" mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [setDefPrt] c:\program files\brother\brmfl03a\BrStDvPt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: AdobeControl - hxxp://www.lennoxdavenet.net/webdynpro/resources/sap.com/tc~wd~dispwda/global/activeComp/AdobeControl.CAB DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-2 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-2 29584] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-2 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-11 47640] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2009-4-16 10368] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?] S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-07-19 12:29:31 0 ----a-w- c:\documents and settings\administrator\defogger_reenable 2010-07-15 20:32:45 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:14:34 0 d-----w- c:\windows\system32\wbem\Repository 2010-07-15 13:21:37 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan 2010-07-15 13:11:06 0 d-----w- c:\windows\pss 2010-07-14 20:09:32 936960 ----a-w- c:\windows\system32\qtplugin(2).exe ==================== Find3M ==================== 2010-07-15 20:32:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:32:23 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2006-12-11 19:47:16 346 ----a-w- c:\program files\Shortcut to P - FDC.lnk 2002-07-31 23:55:12 106 --sh--w- c:\windows\WSYS049.SYS ============= FINISH: 8:37:03.00 =============== Attach.zip ark.zip -
zipped SystemLook.zip
-
i ran a scan because computer was running slow - malware bytes found issues - deleted them upon restart no explorer.exe - i have to use task manager to open it... please help i have posted the log from the scan Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4312 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/14/2010 1:24:37 PM mbam-log-2010-07-14 (13-24-37).txt Scan type: Full scan (C:\|) Objects scanned: 196296 Time elapsed: 1 hour(s), 51 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\Userinitxx.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
-
zipped SystemLook.zip
-
when i turn off trend micro and check security center still shows avg running
-
ugh still there.....somewhere
-
zipped again SystemLook.zip
-
yes i used your previous avg remover - i used the avg free version and im not sure of the number updated version it was at then - it was april 18th that i installed trend micro...not sure if that helps
-
the file was too big - i wasnt sure if you wanted me to post half in two posts....or zip it....i zipped it...... RegSearchDoc.zip
-
thank you so much for your time - i appreciate it. one last thing - I still show avg in my security center - i have run multiple removers to no avail.....
-
oh my! well it seems much faster and when i search it actually goes to the correct link.....seems better.....thank you...is that it? did I have a virus? should I be using different software for protection?
-
ComboFix 10-07-10.01 - Susan 07/10/2010 17:17:17.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.236 [GMT -4:00] Running from: c:\documents and settings\Susan\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Susan\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))))) . 2010-07-10 19:54 . 2010-07-10 19:54 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-04 22:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-07-04 22:07 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-07-01 00:00 . 2010-07-10 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-01 00:00 . 2010-07-01 00:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-30 23:38 . 2010-06-30 23:38 -------- d-----w- c:\program files\Speccy 2010-06-25 02:08 . 2010-06-25 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner 2010-06-25 02:08 . 2010-06-30 23:11 -------- d-----w- c:\program files\Frontline Registry Cleaner 2010-06-20 14:12 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 14:12 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:51 . 2010-06-19 21:51 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-11 03:52 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-10 19:26 . 2010-04-17 21:50 23968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-01 23:49 . 2010-03-15 23:01 -------- d-----w- c:\program files\Trend Micro 2010-06-30 23:33 . 2010-03-08 23:26 -------- d-----w- c:\program files\CCleaner 2010-06-30 23:11 . 2010-03-15 22:34 -------- d-----w- c:\program files\Perfect Uninstaller 2010-06-20 21:30 . 2009-08-03 00:07 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-20 21:25 . 2009-04-23 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-20 14:12 . 2010-03-08 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:50 . 2009-06-28 18:03 -------- d-----w- c:\program files\LimeWire 2010-06-19 21:50 . 2010-04-09 17:25 -------- d-----w- c:\program files\Ask.com 2010-06-19 21:48 . 2009-12-27 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks 2010-06-19 16:45 . 2009-03-15 11:17 -------- d-----w- c:\program files\Bonjour 2010-06-11 18:34 . 2010-04-10 23:09 -------- d-----w- c:\program files\iTunes 2010-06-07 06:02 . 2010-06-07 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo 2010-06-07 05:59 . 2009-12-27 19:27 -------- d-----w- c:\program files\Yahoo! Games 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-03 18:37 . 2010-04-18 02:15 23968 ----a-w- c:\documents and settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 21:29 . 2010-04-18 03:06 411368 ----a-w- c:\windows\system32\deployJava1.dll . ((((((((((((((((((((((((((((( SnapShot@2010-06-25_01.57.35 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-10 21:18 . 2010-07-10 21:18 16384 c:\windows\Temp\Perflib_Perfdata_8b4.dat + 2010-07-10 21:34 . 2010-07-10 21:34 16384 c:\windows\Temp\Perflib_Perfdata_3fc.dat + 2010-07-10 21:34 . 2010-07-10 21:34 16384 c:\windows\Temp\Perflib_Perfdata_104.dat + 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\54daa.msp + 2010-07-01 23:49 . 2010-07-01 23:49 1094656 c:\windows\Installer\248f864.msi + 2009-03-12 20:42 . 2010-05-28 16:37 32472008 c:\windows\system32\MRT.exe - 2009-03-12 20:42 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024] "QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-04 208896] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248] "iTunesHelper"="E:\iTunesHelper.exe" [2009-03-13 342312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-11 24576] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2005-03-18 08:07 262144 ----a-w- c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 00:11 24576 ----a-w- c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8742:TCP"= 8742:TCP:Services "8743:TCP"= 8743:TCP:Services R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/15/2010 6:59 PM 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/15/2010 6:59 PM 339984] R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/15/2010 7:04 PM 50704] R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/15/2010 7:19 PM 497008] R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/15/2010 7:19 PM 689416] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [3/11/2009 4:14 PM 12288] . Contents of the 'Scheduled Tasks' folder 2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-06-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4237156128.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56] 2010-07-10 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-03-11 05:01] 2010-07-10 c:\windows\Tasks\User_Feed_Synchronization-{DC64C503-2A99-43B3-82BD-C19EFEEC6C8F}.job - c:\windows\system32\msfeedssync.exe [2009-02-05 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-10 17:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1320) c:\windows\system32\Ati2evxx.dll c:\windows\system32\tphklock.dll - - - - - - - > 'explorer.exe'(3932) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\System32\QCONSVC.EXE c:\windows\system32\rundll32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\windows\system32\TpKmpSVC.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msiexec.exe c:\program files\Trend Micro\BM\TMBMSRV.exe . ************************************************************************** . Completion time: 2010-07-10 17:44:49 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-10 21:44 ComboFix2.txt 2010-07-10 19:54 ComboFix3.txt 2010-06-25 02:05 Pre-Run: 40,247,820,288 bytes free Post-Run: 40,256,167,936 bytes free - - End Of File - - 3C9ACB395C4A3969C6E8CF30A761B5E4
-
ComboFix 10-07-10.01 - Administrator 07/10/2010 15:39:06.2.1 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.367 [GMT -4:00] Running from: c:\documents and settings\Susan\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\CyberDefender c:\program files\CyberDefender\Registry Cleaner\unins000.dat c:\program files\CyberDefender\Registry Cleaner\unins000.exe . ((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 ))))))))))))))))))))))))))))))) . 2010-07-04 22:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-07-04 22:07 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-07-01 00:00 . 2010-07-10 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-07-01 00:00 . 2010-07-01 00:08 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-06-30 23:38 . 2010-06-30 23:38 -------- d-----w- c:\program files\Speccy 2010-06-25 02:08 . 2010-06-25 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner 2010-06-25 02:08 . 2010-06-30 23:11 -------- d-----w- c:\program files\Frontline Registry Cleaner 2010-06-20 14:12 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 14:12 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:51 . 2010-06-19 21:51 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-11 03:52 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-10 19:26 . 2010-04-17 21:50 23968 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-01 23:49 . 2010-03-15 23:01 -------- d-----w- c:\program files\Trend Micro 2010-06-30 23:33 . 2010-03-08 23:26 -------- d-----w- c:\program files\CCleaner 2010-06-30 23:11 . 2010-03-15 22:34 -------- d-----w- c:\program files\Perfect Uninstaller 2010-06-20 21:30 . 2009-08-03 00:07 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-20 21:25 . 2009-04-23 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-20 14:12 . 2010-03-08 17:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-19 21:50 . 2009-06-28 18:03 -------- d-----w- c:\program files\LimeWire 2010-06-19 21:50 . 2010-04-09 17:25 -------- d-----w- c:\program files\Ask.com 2010-06-19 21:48 . 2009-12-27 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks 2010-06-19 16:45 . 2009-03-15 11:17 -------- d-----w- c:\program files\Bonjour 2010-06-11 18:34 . 2010-04-10 23:09 -------- d-----w- c:\program files\iTunes 2010-06-07 06:02 . 2010-06-07 06:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo 2010-06-07 05:59 . 2009-12-27 19:27 -------- d-----w- c:\program files\Yahoo! Games 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-03 18:37 . 2010-04-18 02:15 23968 ----a-w- c:\documents and settings\Susan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 21:29 . 2010-04-18 03:06 411368 ----a-w- c:\windows\system32\deployJava1.dll . ((((((((((((((((((((((((((((( SnapShot@2010-06-25_01.57.35 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-20 08:01 . 2010-06-20 08:01 8040960 c:\windows\Installer\54daa.msp + 2010-07-01 23:49 . 2010-07-01 23:49 1094656 c:\windows\Installer\248f864.msi + 2009-03-12 20:42 . 2010-05-28 16:37 32472008 c:\windows\system32\MRT.exe - 2009-03-12 20:42 . 2010-05-28 19:37 32472008 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024] "QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-03-23 217088] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-14 208896] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2004-08-04 208896] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248] "iTunesHelper"="E:\iTunesHelper.exe" [2009-03-13 342312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-11 24576] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2005-03-18 08:07 262144 ----a-w- c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2004-08-13 00:11 24576 ----a-w- c:\windows\system32\tphklock.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "4650:TCP"= 4650:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "9725:TCP"= 9725:TCP:Services "2088:TCP"= 2088:TCP:Services "6815:TCP"= 6815:TCP:Services "6816:TCP"= 6816:TCP:Services "3716:TCP"= 3716:TCP:Services "5932:TCP"= 5932:TCP:Services R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/15/2010 6:59 PM 339984] S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/15/2010 6:59 PM 36368] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [3/11/2009 4:14 PM 12288] S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/15/2010 7:04 PM 50704] S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/15/2010 7:19 PM 497008] S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/15/2010 7:19 PM 689416] . Contents of the 'Scheduled Tasks' folder 2010-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-06-19 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4237156128.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56] 2010-04-18 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-03-11 05:01] 2010-07-10 c:\windows\Tasks\User_Feed_Synchronization-{DC64C503-2A99-43B3-82BD-C19EFEEC6C8F}.job - c:\windows\system32\msfeedssync.exe [2009-02-05 09:31] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-CTFMON - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-10 15:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x818A378A]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf857bfc3 \Driver\ACPI -> ACPI.sys @ 0xf84eecb8 \Driver\atapi -> ntoskrnl.exe @ 0x805c8a1e IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6 ParseProcedure -> ntoskrnl.exe @ 0x8056f26d \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6 ParseProcedure -> ntoskrnl.exe @ 0x8056f26d NDIS: Intel® PRO/Wireless 2915ABG Network Connection -> SendCompleteHandler -> 0x81909b60 PacketIndicateHandler -> NDIS.sys @ 0xf8370a0b SendHandler -> NDIS.sys @ 0xf8384b31 copy of MBR has been found in sector 0x06FC78B5 malicious code @ sector 0x06FC78B8 ! PE file found in sector at 0x06FC78CE ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1715567821-329068152-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,ac,74,08,04,1e,a7,40,99,f1,78,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,ac,74,08,04,1e,a7,40,99,f1,78,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1204) c:\windows\system32\Ati2evxx.dll c:\windows\system32\tphklock.dll . Completion time: 2010-07-10 15:54:02 ComboFix-quarantined-files.txt 2010-07-10 19:54 ComboFix2.txt 2010-06-25 02:05 Pre-Run: 40,148,189,184 bytes free Post-Run: 40,321,277,952 bytes free - - End Of File - - 240F1A2D2459C0F87AD8903CE3C3829F
-
Quite a long time ago i uninstalled avg from my computer and installed trend mirco instead ---- around the time all the issues started ----- i just turned off trend to run combo fix -----it says that avg is running -help i cant find it - i searched and deleted all files - to no avail - also went to avg website to use their uninstall tool - microsoft security still states that avg is protecting...... originally I uninstalled avg at the add/remove programs
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4299 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 7/10/2010 1:39:11 PM mbam-log-2010-07-10 (13-39-11).txt Scan type: Quick scan Objects scanned: 594211 Time elapsed: 3 hour(s), 55 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Susan at 13:43:22.32 on Sat 07/10/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.159 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe E:\iTunesHelper.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Documents and Settings\Susan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [iTunesHelper] "E:\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271560343328 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: QConGina - QConGina.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-15 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-15 339984] R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-15 50704] R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-3-15 497008] R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-3-15 689416] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2009-3-11 12288] =============== Created Last 30 ================ 2010-07-04 22:07:22 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-07-04 22:07:21 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-07-02 19:50:56 0 ----a-w- c:\documents and settings\susan\defogger_reenable 2010-07-01 00:00:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-07-01 00:00:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-30 23:38:44 0 d-----w- c:\program files\Speccy 2010-06-30 23:02:51 0 d-----w- c:\program files\CyberDefender 2010-06-25 02:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner 2010-06-25 02:08:04 0 d-----w- c:\program files\Frontline Registry Cleaner 2010-06-25 01:28:01 0 d-sha-r- C:\cmdcons 2010-06-25 01:19:57 98816 ----a-w- c:\windows\sed.exe 2010-06-25 01:19:57 77312 ----a-w- c:\windows\MBR.exe 2010-06-25 01:19:57 256512 ----a-w- c:\windows\PEV.exe 2010-06-25 01:19:57 161792 ----a-w- c:\windows\SWREG.exe 2010-06-25 01:03:46 45 ----a-w- c:\windows\system32\initdebug.nfo 2010-06-20 14:12:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 14:12:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:51:47 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-19 18:48:08 0 d-----w- c:\windows\pss 2010-06-11 03:52:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 13:44:14.92 ===============
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4290 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 7/8/2010 11:21:55 PM mbam-log-2010-07-08 (23-21-55).txt Scan type: Quick scan Objects scanned: 10670 Time elapsed: 1 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Susan at 8:02:00.53 on Sat 07/10/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.65 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe E:\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Susan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [iTunesHelper] "E:\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271560343328 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: QConGina - QConGina.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-15 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-15 339984] R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-15 50704] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2009-3-11 12288] =============== Created Last 30 ================ 2010-07-04 22:07:22 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-07-04 22:07:21 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-07-02 19:50:56 0 ----a-w- c:\documents and settings\susan\defogger_reenable 2010-07-01 00:00:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-07-01 00:00:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-30 23:38:44 0 d-----w- c:\program files\Speccy 2010-06-30 23:02:51 0 d-----w- c:\program files\CyberDefender 2010-06-25 02:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner 2010-06-25 02:08:04 0 d-----w- c:\program files\Frontline Registry Cleaner 2010-06-25 01:28:01 0 d-sha-r- C:\cmdcons 2010-06-25 01:19:57 98816 ----a-w- c:\windows\sed.exe 2010-06-25 01:19:57 77312 ----a-w- c:\windows\MBR.exe 2010-06-25 01:19:57 256512 ----a-w- c:\windows\PEV.exe 2010-06-25 01:19:57 161792 ----a-w- c:\windows\SWREG.exe 2010-06-25 01:03:46 45 ----a-w- c:\windows\system32\initdebug.nfo 2010-06-20 14:12:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 14:12:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:51:47 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-19 18:48:08 0 d-----w- c:\windows\pss 2010-06-11 03:52:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll ==================== Find3M ==================== 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 8:03:20.25 ===============
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4217 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 6/20/2010 4:49:05 PM mbam-log-2010-06-20 (16-49-05).txt Scan type: Full scan (C:\|) Objects scanned: 583340 Time elapsed: 4 hour(s), 39 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 4 Files Infected: 9 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\HelpAssistant.SUSAN-9344DE1F4.000\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\HelpAssistant.SUSAN-9344DE1F4.000\Application Data\SystemProc\lsass.exe (Trojan.LVBP) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP435\A0118266.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP437\A0120581.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP438\A0120660.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP494\A0189124.exe (Trojan.LVBP) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP494\A0189125.exe (Trojan.LVBP) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP496\A0194896.exe (Trojan.LVBP) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{79C0A208-B7C7-42C8-B9A8-3D09A8F87803}\RP496\A0194897.exe (Trojan.LVBP) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully. DDS (Ver_10-03-17.01) - NTFSx86 Run by Susan at 22:26:11.76 on Fri 07/02/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.189 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe E:\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE C:\Documents and Settings\Susan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [iTunesHelper] "E:\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271560343328 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: QConGina - QConGina.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-15 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-15 339984] R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-15 50704] R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-3-15 497008] R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-3-15 689416] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2009-3-11 12288] =============== Created Last 30 ================ 2010-07-02 19:50:56 0 ----a-w- c:\documents and settings\susan\defogger_reenable 2010-07-01 00:00:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-07-01 00:00:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-30 23:38:44 0 d-----w- c:\program files\Speccy 2010-06-30 23:02:51 0 d-----w- c:\program files\CyberDefender 2010-06-25 02:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner 2010-06-25 02:08:04 0 d-----w- c:\program files\Frontline Registry Cleaner 2010-06-25 01:28:01 0 d-sha-r- C:\cmdcons 2010-06-25 01:19:57 98816 ----a-w- c:\windows\sed.exe 2010-06-25 01:19:57 77312 ----a-w- c:\windows\MBR.exe 2010-06-25 01:19:57 256512 ----a-w- c:\windows\PEV.exe 2010-06-25 01:19:57 161792 ----a-w- c:\windows\SWREG.exe 2010-06-25 01:03:46 45 ----a-w- c:\windows\system32\initdebug.nfo 2010-06-20 14:12:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 14:12:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:51:47 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-19 18:48:08 0 d-----w- c:\windows\pss 2010-06-11 03:52:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 06:02:49 0 d-----w- c:\docume~1\alluse~1\applic~1\MumboJumbo ==================== Find3M ==================== 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 22:27:10.32 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 3/11/2009 2:15:25 PM System Uptime: 7/2/2010 9:59:25 PM (1 hours ago) Motherboard: IBM | | 2668W6Z Processor: Intel® Pentium® M processor 1.73GHz | None | 1054/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 56 GiB total, 37.359 GiB free. D: is CDROM () E: is FIXED (FAT32) - 298 GiB total, 256.828 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.2 Apple Mobile Device Support Apple Software Update ATI Display Driver Bonjour CCleaner HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB981793) HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series HP Product Detection hp psc 1200 series IBM Access Connections IBM ThinkPad EasyEject Utility IBM ThinkPad Keyboard Customizer Utility IBM ThinkPad Power Manager IBM ThinkPad UltraNav Driver Intel® PROSet/Wireless Software iTunes Java Auto Updater Java 6 Update 20 LG USB Modem Drivers Malwarebytes' Anti-Malware mCore mDriver Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Standard 2007 Microsoft Office Standard 2007 Trial Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 mMHouse mPfMgr mProSafe MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) mWlsSafe mXML QuickTime Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB982135) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Speccy Spybot - Search & Destroy ThinkPad FullScreen Magnifier ThinkPad Integrated 56K Modem ThinkPad Power Management Driver Trend Micro Internet Security Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Outlook 2007 Junk Email Filter (kb983486) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB932823-v3) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 ==== Event Viewer Messages From Past Week ======== 7/2/2010 9:38:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 7/2/2010 10:03:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 7/2/2010 10:03:37 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/30/2010 9:25:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Unauthorized Change Prevention Service service to connect. 6/30/2010 9:25:23 PM, error: Service Control Manager [7000] - The Trend Micro Unauthorized Change Prevention Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/27/2010 9:15:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Personal Firewall service to connect. 6/27/2010 9:15:19 PM, error: Service Control Manager [7000] - The Trend Micro Personal Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/27/2010 7:58:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/27/2010 7:58:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 6/27/2010 4:25:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC Fips IBMTPCHK intelppm tmtdi TPHKDRV TPPWRIF 6/27/2010 4:24:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/26/2010 9:58:42 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting. 6/26/2010 9:03:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service service to connect. 6/26/2010 9:03:00 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/26/2010 7:35:27 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 6/26/2010 7:35:15 PM, error: ati2mtag [43034] - Unknown EDID version ==== End Of File =========================== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-04 13:36:30 Windows 5.1.2600 Service Pack 2 Running: veiovzo6.exe; Driver: C:\DOCUME~1\Susan\LOCALS~1\Temp\agldafoc.sys ---- System - GMER 1.0.15 ---- SSDT 8142ACE0 ZwCreateKey SSDT 8142BE80 ZwCreateMutant SSDT 8142A1E0 ZwCreateProcess SSDT 8142A4A0 ZwCreateProcessEx SSDT 8142BB40 ZwCreateThread SSDT 8142B260 ZwDeleteKey SSDT 8142B520 ZwDeleteValueKey SSDT 8142BCE0 ZwLoadDriver SSDT 8142A760 ZwOpenProcess SSDT 8142C020 ZwSetSystemInformation SSDT 8142AFA0 ZwSetValueKey SSDT 8142AA20 ZwTerminateProcess SSDT 8142B9A0 ZwWriteVirtualMemory ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!send 71AB428A 5 Bytes JMP 0633B485 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0633B7AA .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0633B564 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0633B637 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[236] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0633B8F9 .text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!send 71AB428A 5 Bytes JMP 0115B485 .text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0115B7AA .text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0115B564 .text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0115B637 .text C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe[332] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0115B8F9 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!send 71AB428A 5 Bytes JMP 013BB485 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 013BB7AA .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!recv 71AB615A 5 Bytes JMP 013BB564 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 013BB637 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[372] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 013BB8F9 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A7B485 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00A7B7AA .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00A7B564 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A7B637 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[472] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00A7B8F9 .text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!send 71AB428A 5 Bytes JMP 01A6B485 .text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01A6B7AA .text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01A6B564 .text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01A6B637 .text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[488] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01A6B8F9 .text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!send 71AB428A 5 Bytes JMP 0111B485 .text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0111B7AA .text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0111B564 .text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0111B637 .text C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe[504] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0111B8F9 .text E:\iTunesHelper.exe[604] WS2_32.dll!send 71AB428A 5 Bytes JMP 012DB485 .text E:\iTunesHelper.exe[604] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 012DB7AA .text E:\iTunesHelper.exe[604] WS2_32.dll!recv 71AB615A 5 Bytes JMP 012DB564 .text E:\iTunesHelper.exe[604] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text E:\iTunesHelper.exe[604] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 012DB637 .text E:\iTunesHelper.exe[604] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012DB8F9 .text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!send 71AB428A 5 Bytes JMP 0110B485 .text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0110B7AA .text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0110B564 .text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0110B637 .text C:\WINDOWS\Explorer.EXE[1120] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0110B8F9 .text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!send 71AB428A 5 Bytes JMP 015DB485 .text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 015DB7AA .text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!recv 71AB615A 5 Bytes JMP 015DB564 .text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 015DB637 .text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[1880] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 015DB8F9 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!send 71AB428A 5 Bytes JMP 010CB485 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 010CB7AA .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!recv 71AB615A 5 Bytes JMP 010CB564 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 010CB637 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1948] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 010CB8F9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!send 71AB428A 5 Bytes JMP 0120B485 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0120B7AA .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0120B564 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0120B637 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2040] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0120B8F9 .text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!send 71AB428A 5 Bytes JMP 007CB485 .text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 007CB7AA .text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!recv 71AB615A 5 Bytes JMP 007CB564 .text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 007CB637 .text C:\Program Files\Bonjour\mDNSResponder.exe[2180] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 007CB8F9 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!send 71AB428A 5 Bytes JMP 00A7B485 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00A7B7AA .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00A7B564 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00A7B637 .text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[2468] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00A7B8F9 .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!send 71AB428A 5 Bytes JMP 0110B485 .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0110B7AA .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0110B564 .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0110B637 .text C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe[2628] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0110B8F9 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0125BEF8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0125BFC8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 0125BA90 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0125B9AA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0125BCB5 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2684] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0125BB60 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!send 71AB428A 5 Bytes JMP 0068B485 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0068B7AA .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0068B564 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0068B637 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2800] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0068B8F9 .text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!send 71AB428A 5 Bytes JMP 0134B485 .text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0134B7AA .text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0134B564 .text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0134B637 .text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2896] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0134B8F9 .text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!send 71AB428A 5 Bytes JMP 0088B485 .text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0088B7AA .text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!recv 71AB615A 5 Bytes JMP 0088B564 .text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0088B637 .text C:\WINDOWS\System32\alg.exe[3048] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0088B8F9 .text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BBB485 .text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BBB7AA .text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BBB564 .text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BBB637 .text C:\Program Files\iPod\bin\iPodService.exe[3276] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BBB8F9 .text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BAB485 .text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BAB7AA .text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BAB564 .text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BAB637 .text C:\Program Files\Trend Micro\Internet Security\TmPfw.exe[3592] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BAB8F9 .text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!send 71AB428A 5 Bytes JMP 01C2B485 .text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01C2B7AA .text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01C2B564 .text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!WSASend 71AB6233 1 Byte [E9] .text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01C2B637 .text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[3692] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01C2B8F9 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 02DABEF8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 02DABFC8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 02DABA90 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 02DAB9AA .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 02DABCB5 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5484] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 02DABB60 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\HelpAssistant.JENNIFER052873\Local Settings\Temporary Internet Files\Content.IE5\HZ157HUN\Cd6FwCK23Hoo3bu9IGT28w[1].jpg 0 bytes ---- EOF - GMER 1.0.15 ----
-
DDS (Ver_10-03-17.01) - NTFSx86 Run by Susan at 22:26:11.76 on Fri 07/02/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.189 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe E:\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG07.EXE C:\Documents and Settings\Susan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [iTunesHelper] "E:\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271560343328 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: QConGina - QConGina.dll Notify: tphotkey - tphklock.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-15 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-15 339984] R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-15 50704] R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-3-15 497008] R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-3-15 689416] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2009-3-11 12288] =============== Created Last 30 ================ 2010-07-02 19:50:56 0 ----a-w- c:\documents and settings\susan\defogger_reenable 2010-07-01 00:00:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-07-01 00:00:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-06-30 23:38:44 0 d-----w- c:\program files\Speccy 2010-06-30 23:02:51 0 d-----w- c:\program files\CyberDefender 2010-06-25 02:08:16 0 d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner 2010-06-25 02:08:04 0 d-----w- c:\program files\Frontline Registry Cleaner 2010-06-25 01:28:01 0 d-sha-r- C:\cmdcons 2010-06-25 01:19:57 98816 ----a-w- c:\windows\sed.exe 2010-06-25 01:19:57 77312 ----a-w- c:\windows\MBR.exe 2010-06-25 01:19:57 256512 ----a-w- c:\windows\PEV.exe 2010-06-25 01:19:57 161792 ----a-w- c:\windows\SWREG.exe 2010-06-25 01:03:46 45 ----a-w- c:\windows\system32\initdebug.nfo 2010-06-20 14:12:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-20 14:12:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-19 21:51:47 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-19 18:48:08 0 d-----w- c:\windows\pss 2010-06-11 03:52:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-07 06:02:49 0 d-----w- c:\docume~1\alluse~1\applic~1\MumboJumbo ==================== Find3M ==================== 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll ============= FINISH: 22:27:10.32 =============== ark.zip Attach.zip