Jump to content

rigsby1208

Honorary Members
 View Profile  See their activity

  • Posts

    57

  • Joined

  • Last visited

 Content Type 

Everything posted by rigsby1208

  1. rigsby1208
    Hi ran combofix, log attached. I havent re run adwcleaner or roguekiller yet, but tried the internet speed test which does seem much better. combofixlog.txt
  2. rigsby1208
    Hello and thank you for your help I ran security check, log attached. When I ran adwcleaner, my Kaspersky AV flagged a trojan..windows32.startpage.a is that normal?? checkup.txt
  3. rigsby1208
    My machine generally seems to be working OK, but my internet speeds are terrible, like 1% of what they should be. Spoke to my ISP (Virgin) support guys who said there were no problems with there service. They remote connected to my macine and checked some logs and saw lots of internet connections. They rebooted my machine in safe mode and my internet speed was perfect again. They said I had a virus of some nature. I then downloaded Malwarebytes and ran a scan, it found one infection, cant remember what, which I removed. Internet speeds seemed to improved, but next day were bad again. I ran Malwarebytes again it found 30 infections of something called PUP.funmoods I removed all of these, but my connection is still consitantly bad when not in safe mode. I have attached my dds and attach logs. dds.txt attach.txt
  4. rigsby1208
    My machine generally seems to be working OK, but my internet speeds are terrible, like 1% of what they should be. Spoke to my ISP (Virgin) support guys who said there were no problems with there service. They remote connected to my macine and checked some logs and saw lots of internet connections. They rebooted my machine in safe mode and my internet speed was perfect again. They said I had a virus of some nature. I then downloaded Malwarebytes and ran a scan, it found one infection, cant remember what, which I removed. Internet speeds seemed to improved, but next day were bad again. I ran Malwarebytes again it found 30 infections of something called PUP.funmoods I removed all of these, but my connection is still consitantly bad when not in safe mode. Is this a known virus or definitely a virus at all? Thanks in advance.
  5. rigsby1208
    Hi Well I tried, I reinstalled and renamed combo fix, ran it in safe mode first and it ran through fine. I then cleared it and re ran in normal windows, it started OK, and the blue box came up, it got to the message saying the scan could take long time etc, but then froze about after about a minute, which is about the time after logging on that the malware starts and causes all the issues. I left it over night, just in case it was just running slowly, but the message had not changed and was not responding. What now? I'm ready to throw the PC out the window! Its frustrating as in safe mode its fine!
  6. rigsby1208
    OK, I'll try when I get home tonight
  7. rigsby1208
    Hi MrC I will try one last time tonight, at fixing this, as its taking so much time rebooting all the time to try scans to no avail etc. If I cannot get any further I think my time will be better spent reinstalling windows, all my drivers, software etc, etc. If I do a reinstall, do you have a guide/tips/advice about how to go about this? Eg reformat hard disk first or just put in windows disc and do a reinstal? Is it safter to re download all the drivers after reinstalling Windows, rather the saving the current ones? If there are files I need to keep eg pictures/music, on my windows disc, is it ok to copy them onto an external usb disk drive? If so should I scan them somehow to ensure there are no nasties embedded within them, before copying back onto the PC after the reinstall? As I have mentioned everything seems OK in Safe mode, but it all goes wrong about 60 seconds after logging in to normal windows. Issues such as access to task manager, control panel, various software..firefox, Kaspersky, scans all fail or hang etc. I no longer seem to be getting internet redirects or the antivirus 2010 window. My current plan is to log on, clear any existing combofix versions, re download, and run in normal windows. Thanks again for your patience and time.
  8. rigsby1208
    Hi MrC Its all getting very depressing.. My machine is now running extremely slowly, I managed to create the new account, but couldnt open firefox etc. Windows explorer doesnt open correctly now, only shows some of the folders. I will try and download combo fix again and run it.
  9. rigsby1208
    the OTL extras log ..... OTL Extras logfile created on: 09/11/2010 22:26:02 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Darren Bishop\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files Drive C: | 1397.26 Gb Total Space | 75.57 Gb Free Space | 5.41% Space Free | Partition Type: NTFS Drive E: | 58.83 Gb Total Space | 29.71 Gb Free Space | 50.50% Space Free | Partition Type: NTFS Drive F: | 47.56 Gb Total Space | 27.64 Gb Free Space | 58.12% Space Free | Partition Type: NTFS Drive G: | 416.43 Gb Total Space | 111.81 Gb Free Space | 26.85% Space Free | Partition Type: NTFS Drive J: | 407.76 Gb Total Space | 107.08 Gb Free Space | 26.26% Space Free | Partition Type: NTFS Drive L: | 931.51 Gb Total Space | 26.27 Gb Free Space | 2.82% Space Free | Partition Type: NTFS Drive S: | 1863.01 Gb Total Space | 105.02 Gb Free Space | 5.64% Space Free | Partition Type: NTFS Computer Name: DARREN-DESKTOP | User Name: Darren Bishop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Digital Photo Professional] -- E:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "E:\Program Files\Java\jre6\bin\javaw.exe" = E:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:
  10. rigsby1208
    OTL logfile created on: 09/11/2010 22:26:02 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = E:\Documents and Settings\Darren Bishop\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Hi managed to run OTL in normal windows mode, took a couple of goes. first time I ran it when it reached the point after logging in that things start to go wrong, OTL hung. Second time it seemed to finish before that point. Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free 5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files Drive C: | 1397.26 Gb Total Space | 75.57 Gb Free Space | 5.41% Space Free | Partition Type: NTFS Drive E: | 58.83 Gb Total Space | 29.71 Gb Free Space | 50.50% Space Free | Partition Type: NTFS Drive F: | 47.56 Gb Total Space | 27.64 Gb Free Space | 58.12% Space Free | Partition Type: NTFS Drive G: | 416.43 Gb Total Space | 111.81 Gb Free Space | 26.85% Space Free | Partition Type: NTFS Drive J: | 407.76 Gb Total Space | 107.08 Gb Free Space | 26.26% Space Free | Partition Type: NTFS Drive L: | 931.51 Gb Total Space | 26.27 Gb Free Space | 2.82% Space Free | Partition Type: NTFS Drive S: | 1863.01 Gb Total Space | 105.02 Gb Free Space | 5.64% Space Free | Partition Type: NTFS Computer Name: DARREN-DESKTOP | User Name: Darren Bishop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - E:\Documents and Settings\Darren Bishop\Desktop\iexplore.exe (OldTimer Tools) PRC - E:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - E:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - E:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( ) PRC - E:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - E:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation) PRC - E:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband) PRC - E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - E:\Program Files\ASUS\Six Engine\SixEngine.exe () PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) ========== Modules (SafeList) ========== MOD - E:\Documents and Settings\Darren Bishop\Desktop\iexplore.exe (OldTimer Tools) MOD - E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - E:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found SRV - (HidServ) -- E:\WINDOWS\System32\hidserv.dll File not found SRV - (Apple Mobile Device) -- E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AVP) -- E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (ServiceLayer) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (XobniService) -- E:\Program Files\Xobni\XobniService.exe (Xobni Corporation) SRV - (getPlus® Helper) getPlus® -- E:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (ASKUpgrade) -- E:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe () SRV - (ASKService) -- E:\Program Files\AskBarDis\bar\bin\AskService.exe () SRV - (FLEXnet Licensing Service) -- E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (FsUsbExService) -- E:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (LBTServ) -- E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AdobeActiveFileMonitor7.0) -- E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (PS3 Media Server) -- E:\Program Files\PS3 Media Server\win32\service\wrapper.exe () SRV - (IJPLMSVC) -- E:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (dsNcService) -- E:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (CCALib8) -- E:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV - (upperdev) -- E:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys File not found DRV - (PLCMPR5) -- E:\PROGRA~1\PLE200\PLCMPR5.SYS File not found DRV - (catchme) -- E:\iexplorer\catchme.sys File not found DRV - (KLIF) -- E:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- E:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- E:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (MBAMSwissArmy) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (klmouflt) -- E:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (nusb3xhc) -- E:\WINDOWS\system32\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV - (mv91xx) -- E:\WINDOWS\system32\DRIVERS\mv91xx.sys (Marvell Semiconductor, Inc.) DRV - (klim5) -- E:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab) DRV - (epmntdrv) -- E:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- E:\WINDOWS\system32\EuGdiDrv.sys () DRV - (PLCNDIS5) -- E:\Program Files\PLE200\PLCNDIS5.SYS (Intellon, Inc.) DRV - (snapman) -- E:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (tbhsd) -- E:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (FsUsbExDisk) -- E:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (LMouKE) -- E:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (L8042mou) -- E:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- E:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (pccsmcfd) -- E:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (ati2mtag) -- E:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- E:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (L1e) -- E:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (mv61xx) -- E:\WINDOWS\system32\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.) DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (sscdmdm) -- E:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- E:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- E:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (AsIO) -- E:\WINDOWS\system32\drivers\AsIO.sys () DRV - (dsNcAdpt) -- E:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (MTsensor) -- E:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: E:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/03/23 19:22:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/28 20:04:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/11/03 19:00:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/11/03 19:00:13 | 000,000,000 | ---D | M] [2010/01/01 18:07:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Extensions [2010/01/01 18:07:24 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/10/31 16:21:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions [2010/09/06 21:37:33 | 000,000,000 | ---D | M] (Flagfox) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010/05/03 18:47:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/05/05 08:31:47 | 000,000,000 | ---D | M] (New Tab Homepage) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467} [2010/09/06 21:37:44 | 000,000,000 | ---D | M] (ImTranslator) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010/09/06 21:37:34 | 000,000,000 | ---D | M] (WOT) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010/07/28 21:35:50 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/09/06 21:37:45 | 000,000,000 | ---D | M] (Adblock Plus) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/09/06 21:37:45 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash [2010/01/21 07:45:10 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/09/06 21:37:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\extensions\foxyproxy@eric.h.jung [2010/01/21 19:14:50 | 000,000,687 | ---- | M] () -- E:\Documents and Settings\Darren Bishop\Application Data\Mozilla\Firefox\Profiles\vk5l5lts.default\searchplugins\ask.xml [2010/11/08 23:22:34 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions [2010/11/03 19:00:08 | 000,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/22 19:53:57 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010/07/22 19:53:56 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010/11/03 19:00:07 | 000,025,048 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/11/03 19:00:07 | 000,140,248 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/11/03 19:00:09 | 000,066,520 | ---- | M] (mozilla.org) -- E:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/10/04 08:12:58 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/10/04 08:12:58 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/10/04 08:12:58 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/10/04 08:12:58 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/10/04 08:12:59 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/10/04 08:12:59 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/10/04 08:12:59 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2010/11/03 19:00:11 | 000,001,394 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/11/03 19:00:11 | 000,002,193 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/11/03 19:00:11 | 000,001,534 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/11/03 19:00:11 | 000,002,344 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/11/03 19:00:11 | 000,002,371 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/11/03 19:00:11 | 000,001,178 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/11/03 19:00:11 | 000,001,096 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/11/05 16:24:08 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - E:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - Reg Error: Value error. File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avp] E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [broadbandadvisor.exe] E:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband) O4 - HKLM..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] E:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Name of App] E:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe ( ) O4 - HKLM..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NUSB3MON] E:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [OSSelectorReinstall] E:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe () O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] E:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [six Engine] E:\Program Files\ASUS\Six Engine\SixEngine.exe () O4 - HKLM..\Run: [startCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] E:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Add to Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O8 - Extra context menu item: Download all with Free Download Manager - E:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - E:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - E:\Program Files\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - E:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - E:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/gb/Core/Pla...yerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky.co.uk/downloads/misc/...censefinder.cab (Kaspersky License Finder) O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} http://www.nero.com/doc/NeroVersionCheckerControl.cab (NeroVersionCheckerControl Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect2.buckscc.gov.uk/dana-cached...SetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - E:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - E:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - E:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - E:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - E:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - E:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - E:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - E:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - E:\WINDOWS\system32\klogon.dll - E:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\LBTWlgn: DllName - e:\program files\common files\logitech\bluetooth\LBTWlgn.dll - e:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - E:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - E:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: E:\Documents and Settings\Darren Bishop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Documents and Settings\Darren Bishop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - E:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - E:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - E:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - E:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - E:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{13283922-eff9-11dd-b946-00235439d208}\Shell - "" = AutoRun O33 - MountPoints2\{13283922-eff9-11dd-b946-00235439d208}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{13283922-eff9-11dd-b946-00235439d208}\Shell\AutoRun\command - "" = P:\LaunchU3.exe -- File not found O33 - MountPoints2\{69321c8d-f1ca-11dd-b950-00235439d208}\Shell\AutoRun\command - "" = I:\Launch.exe -- File not found O33 - MountPoints2\{abb80119-457b-11de-b9ab-00235439d208}\Shell\AutoRun\command - "" = O:\setupSNK.exe -- File not found O33 - MountPoints2\{ad75de8d-f5ee-11dd-b957-00235439d208}\Shell\AutoRun\command - "" = M:\Launch.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/09 22:12:18 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Darren Bishop\Recent [2010/11/09 22:11:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Darren Bishop\Desktop\iexplore.exe [2010/11/09 21:31:54 | 000,000,000 | R--D | C] -- E:\32788R22FWJFW [2010/11/08 22:41:15 | 000,000,000 | --SD | C] -- E:\iexplorer [2010/11/06 08:43:34 | 000,032,768 | ---- | C] (Doug Knox) -- E:\xp_emergencyutil.exe [2010/11/06 08:43:09 | 000,000,000 | ---D | C] -- E:\WINDOWS\pss [2010/11/05 20:30:30 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\NtmsData [2010/11/05 20:17:56 | 000,000,000 | -H-D | C] -- E:\WINDOWS\System32\GroupPolicy [2010/11/05 16:29:11 | 000,000,000 | -HSD | C] -- E:\RECYCLER [2010/11/05 16:26:01 | 000,000,000 | ---D | C] -- E:\WINDOWS\temp [2010/11/03 16:10:07 | 000,000,000 | ---D | C] -- E:\My Music [2010/11/03 11:51:12 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- F:\jxpiinstall.exe [2010/11/03 11:29:15 | 000,000,000 | ---D | C] -- E:\TDSSKiller_Quarantine [2010/10/31 17:29:45 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- E:\Documents and Settings\Darren Bishop\Desktop\TDSSKiller.exe [2010/10/26 20:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/10/26 20:53:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys [2010/10/22 11:59:41 | 000,000,000 | RHSD | C] -- E:\cmdcons [2010/10/22 11:56:05 | 000,212,480 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWXCACLS.exe [2010/10/22 11:56:05 | 000,161,792 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWREG.exe [2010/10/22 11:56:05 | 000,136,704 | ---- | C] (SteelWerX) -- E:\WINDOWS\SWSC.exe [2010/10/22 11:56:05 | 000,031,232 | ---- | C] (NirSoft) -- E:\WINDOWS\NIRCMD.exe [2010/10/22 11:56:00 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT [2010/10/22 11:55:27 | 000,000,000 | ---D | C] -- E:\Qoobox [2010/10/21 12:43:43 | 000,000,000 | ---D | C] -- E:\32788R22FWJFW(2) [2010/10/21 12:13:12 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Darren Bishop\Desktop\avz4(2) [2010/10/21 11:51:12 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Darren Bishop\Desktop\avz4 [2010/10/21 10:39:22 | 000,000,000 | -HSD | C] -- E:\WINDOWS\CSC [2010/10/21 09:58:06 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Darren Bishop\Application Data\Malwarebytes [2010/10/21 09:57:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/10/21 09:57:56 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware [2010/10/20 23:29:10 | 000,000,000 | ---D | C] -- E:\Program Files\Spyware Doctor [2010/10/20 23:29:10 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\PC Tools [2010/10/20 23:04:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010/10/20 23:04:22 | 000,000,000 | ---D | C] -- E:\Program Files\Lavasoft [2010/10/20 23:04:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Lavasoft [2010/10/19 20:36:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Darren Bishop\Desktop\Virus Removal Tool [2009/03/03 22:26:45 | 000,047,360 | ---- | C] (VSO Software) -- E:\Documents and Settings\Darren Bishop\Application Data\pcouffin.sys [2009/01/31 22:06:13 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- E:\Documents and Settings\Darren Bishop\Application Data\tsdnwin.dll [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/09 22:28:03 | 000,000,465 | ---- | M] () -- E:\Documents and Settings\Darren Bishop\Application Data\SamsungLiveUpdateConfig.ini [2010/11/09 22:28:01 | 000,002,422 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl [2010/11/09 22:25:39 | 000,000,880 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/11/09 22:25:24 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat [2010/11/09 22:25:23 | 000,044,964 | ---- | M] () -- E:\WINDOWS\System32\ativvaxx.cap [2010/11/09 22:20:26 | 000,659,612 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat [2010/11/09 22:20:26 | 000,156,448 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat [2010/11/09 22:11:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Darren Bishop\Desktop\iexplore.exe [2010/11/09 21:30:02 | 000,000,884 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/11/08 23:30:54 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat [2010/11/08 22:49:12 | 000,124,894 | ---- | M] () -- E:\Documents and Settings\Darren Bishop\Application Data\mainhst.zgh [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- E:\WINDOWS\MBR.exe [2010/11/06 22:05:00 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/11/06 09:30:52 | 000,001,813 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2010/11/05 20:27:57 | 000,253,472 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT [2010/11/05 20:21:39 | 009,445,376 | ---- | M] () -- E:\WINDOWS\sectest.db [2010/11/05 16:24:08 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts [2010/11/04 23:04:14 | 000,001,917 | ---- | M] () -- E:\WINDOWS\imsins.BAK [2010/11/03 12:24:10 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/03 11:51:13 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- F:\jxpiinstall.exe [2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- E:\Documents and Settings\Darren Bishop\Desktop\TDSSKiller.exe [2010/10/22 11:59:44 | 000,000,327 | RHS- | M] () -- E:\boot.ini [2010/10/21 11:39:30 | 006,079,521 | ---- | M] () -- E:\Documents and Settings\Darren Bishop\Desktop\avz4.zip [5 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ] [3 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/05 20:20:44 | 009,445,376 | ---- | C] () -- E:\WINDOWS\sectest.db [2010/10/28 05:55:25 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat [2010/10/26 21:07:54 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/22 11:59:44 | 000,000,210 | ---- | C] () -- E:\Boot.bak [2010/10/22 11:59:43 | 000,260,272 | RHS- | C] () -- E:\cmldr [2010/10/22 11:56:05 | 000,256,512 | ---- | C] () -- E:\WINDOWS\PEV.exe [2010/10/22 11:56:05 | 000,098,816 | ---- | C] () -- E:\WINDOWS\sed.exe [2010/10/22 11:56:05 | 000,089,088 | ---- | C] () -- E:\WINDOWS\MBR.exe [2010/10/22 11:56:05 | 000,080,412 | ---- | C] () -- E:\WINDOWS\grep.exe [2010/10/22 11:56:05 | 000,068,096 | ---- | C] () -- E:\WINDOWS\zip.exe [2010/10/21 11:50:50 | 006,079,521 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Desktop\avz4.zip [2010/10/20 23:31:20 | 001,152,444 | ---- | C] () -- E:\WINDOWS\UDB.zip [2010/10/20 23:31:20 | 000,000,882 | ---- | C] () -- E:\WINDOWS\RegSDImport.xml [2010/10/20 23:31:20 | 000,000,879 | ---- | C] () -- E:\WINDOWS\RegISSImport.xml [2010/10/20 23:31:20 | 000,000,131 | ---- | C] () -- E:\WINDOWS\IDB.zip [2010/09/14 20:54:00 | 000,001,769 | ---- | C] () -- E:\WINDOWS\Language_trs.ini [2010/01/21 07:46:12 | 000,000,064 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Local Settings\Application Data\xobni_installer_updater.log [2009/10/25 17:35:52 | 000,003,584 | ---- | C] () -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/24 16:43:20 | 000,000,031 | -H-- | C] () -- E:\WINDOWS\UKCpInfo.sys [2009/07/22 20:27:32 | 000,002,799 | ---- | C] () -- E:\WINDOWS\SKLANG.INI [2009/07/22 20:11:29 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Application Data\$_hpcst$.hpc [2009/07/22 20:06:22 | 000,014,848 | ---- | C] () -- E:\WINDOWS\System32\EuEpmGdi.dll [2009/07/22 20:06:22 | 000,008,704 | ---- | C] () -- E:\WINDOWS\System32\epmntdrv.sys [2009/07/22 20:06:22 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\EuGdiDrv.sys [2009/04/14 17:15:17 | 000,110,592 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDevice.Dll [2009/04/14 17:15:17 | 000,036,608 | ---- | C] () -- E:\WINDOWS\System32\FsUsbExDisk.Sys [2009/03/11 15:15:14 | 000,002,627 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/03/03 22:26:59 | 000,000,033 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Application Data\pcouffin.log [2009/03/03 22:26:45 | 000,007,887 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Application Data\pcouffin.cat [2009/03/03 22:26:45 | 000,001,144 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Application Data\pcouffin.inf [2009/03/02 22:00:02 | 000,000,151 | ---- | C] () -- E:\WINDOWS\PhotoSnapViewer.INI [2009/02/27 00:10:08 | 000,124,894 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Application Data\mainhst.zgh [2009/02/01 19:45:21 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI [2009/02/01 00:44:36 | 000,090,112 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/01 00:43:10 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini [2009/01/31 21:56:16 | 000,000,465 | ---- | C] () -- E:\Documents and Settings\Darren Bishop\Application Data\SamsungLiveUpdateConfig.ini [2009/01/31 20:42:34 | 000,024,576 | R--- | C] () -- E:\WINDOWS\System32\AsIO.dll [2009/01/31 20:42:34 | 000,012,400 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsIO.sys [2009/01/31 20:42:32 | 000,011,832 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp64.sys [2009/01/31 20:42:32 | 000,010,216 | ---- | C] () -- E:\WINDOWS\System32\drivers\AsInsHelp32.sys [2009/01/31 20:25:00 | 000,007,288 | ---- | C] () -- E:\WINDOWS\Ascd_log.ini [2009/01/31 20:24:45 | 000,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys [2009/01/31 20:24:33 | 000,010,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009/01/31 20:24:33 | 000,004,793 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini [2009/01/31 18:57:31 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI [2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys [2004/08/04 12:00:00 | 000,755,200 | ---- | C] () -- E:\WINDOWS\System32\ir50_32.dll [2004/08/04 12:00:00 | 000,338,432 | ---- | C] () -- E:\WINDOWS\System32\ir41_qcx.dll [2004/08/04 12:00:00 | 000,200,192 | ---- | C] () -- E:\WINDOWS\System32\ir50_qc.dll [2004/08/04 12:00:00 | 000,183,808 | ---- | C] () -- E:\WINDOWS\System32\ir50_qcx.dll [2004/08/04 12:00:00 | 000,120,320 | ---- | C] () -- E:\WINDOWS\System32\ir41_qc.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009/02/02 15:34:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Ashampoo [2010/01/21 07:45:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Azureus [2009/02/02 08:48:16 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Application Data\CanonBJ [2009/10/11 13:13:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\CanonIJPLM [2009/08/14 17:06:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DriverCure [2009/03/09 23:32:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\espionServerData [2010/04/29 14:52:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\explauncher [2009/02/25 21:44:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG [2010/02/22 21:17:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Installations [2010/08/04 18:22:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Juniper Networks [2009/01/31 23:39:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\LightScribe [2010/04/29 14:47:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Paragon [2009/08/09 15:07:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/06/20 11:36:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PassMark [2009/02/05 12:15:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2010/02/22 21:20:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PC Suite [2009/03/23 19:22:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\RapidSolution [2009/10/24 14:04:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\SKL [2010/10/21 10:31:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP [2009/12/10 09:46:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Virgin Broadband [2010/04/02 14:44:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/02/15 19:44:33 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010/10/21 14:43:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} [2010/10/21 14:44:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Azureus [2009/02/07 18:51:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Canon [2010/04/03 11:01:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\dBpoweramp [2009/08/09 15:08:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\DriverCure [2009/02/27 07:58:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Free Download Manager [2009/06/10 13:44:15 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\ImgBurn [2009/06/20 11:29:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Juniper Networks [2010/02/22 21:20:37 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Nokia [2010/02/22 21:41:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\PC Suite [2009/07/22 20:11:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Samsung [2010/01/16 15:26:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Spotify [2010/06/17 06:44:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\TrueCrypt [2009/02/27 07:58:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\uTorrent [2009/12/10 09:47:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Virgin Broadband [2010/08/14 17:17:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\Vso [2009/02/27 00:14:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Darren Bishop\Application Data\ZipGenius ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 118 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E @Alternate Data Stream - 109 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >
  11. rigsby1208
    Hi I am just tried to run combofix in normal windows mode after running the command line script Its still not running first time it just fails to open the window, if I try again it says some files cannot be created and to close down all programs and reboot. I can't delete the combofix.exe after trying to run it either (I do not have permission), I have to reboot before it will let me. There is a clear point about 1 minute after logging into my windows account that the problems start to occur. Not sure if it is related but at the same point a window in the bottom right of my screen pops up 'Samsung Digital, the newest version of ODD firmware live update program is in a server. Please, check it by clicking this window blah blah'. I think this is because I had a samsung DVD drive, which I have since replaced, I have received this window for about a year. TDSSkiller runs ok in normal windows mode log below. I will also try OTL next. 2010/11/09 21:34:39.0046 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49 2010/11/09 21:34:39.0046 ================================================================================ 2010/11/09 21:34:39.0046 SystemInfo: 2010/11/09 21:34:39.0046 2010/11/09 21:34:39.0046 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/09 21:34:39.0046 Product type: Workstation 2010/11/09 21:34:39.0046 ComputerName: DARREN-DESKTOP 2010/11/09 21:34:39.0046 UserName: Darren Bishop 2010/11/09 21:34:39.0046 Windows directory: E:\WINDOWS 2010/11/09 21:34:39.0046 System windows directory: E:\WINDOWS 2010/11/09 21:34:39.0046 Processor architecture: Intel x86 2010/11/09 21:34:39.0046 Number of processors: 4 2010/11/09 21:34:39.0046 Page size: 0x1000 2010/11/09 21:34:39.0046 Boot type: Normal boot 2010/11/09 21:34:39.0046 ================================================================================ 2010/11/09 21:34:40.0531 Initialize success 2010/11/09 21:34:43.0812 ================================================================================ 2010/11/09 21:34:43.0812 Scan started 2010/11/09 21:34:43.0812 Mode: Manual; 2010/11/09 21:34:43.0812 ================================================================================ 2010/11/09 21:34:44.0578 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/09 21:34:44.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/09 21:34:44.0640 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys 2010/11/09 21:34:44.0671 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys 2010/11/09 21:34:44.0734 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/09 21:34:44.0765 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys 2010/11/09 21:34:44.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/09 21:34:44.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/09 21:34:44.0875 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/11/09 21:34:44.0906 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys 2010/11/09 21:34:44.0921 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/09 21:34:44.0953 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/09 21:34:44.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys 2010/11/09 21:34:45.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/09 21:34:45.0031 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/09 21:34:45.0046 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/09 21:34:45.0062 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/09 21:34:45.0109 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/09 21:34:45.0140 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys 2010/11/09 21:34:45.0156 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys 2010/11/09 21:34:45.0187 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys 2010/11/09 21:34:45.0218 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys 2010/11/09 21:34:45.0250 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/09 21:34:45.0265 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 2010/11/09 21:34:45.0296 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys 2010/11/09 21:34:45.0312 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys 2010/11/09 21:34:45.0343 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/09 21:34:45.0359 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/09 21:34:45.0375 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys 2010/11/09 21:34:45.0375 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/09 21:34:45.0390 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/09 21:34:45.0406 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS 2010/11/09 21:34:45.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/09 21:34:45.0437 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/09 21:34:45.0468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/09 21:34:45.0468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/09 21:34:45.0500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/09 21:34:45.0546 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/09 21:34:45.0578 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/09 21:34:45.0593 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/09 21:34:45.0625 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/09 21:34:45.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/09 21:34:45.0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/09 21:34:45.0750 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/09 21:34:45.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/09 21:34:45.0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/09 21:34:45.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/09 21:34:45.0843 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/09 21:34:45.0859 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/09 21:34:45.0875 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/09 21:34:45.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/09 21:34:45.0906 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/09 21:34:45.0921 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/09 21:34:45.0937 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys 2010/11/09 21:34:45.0968 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys 2010/11/09 21:34:45.0984 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys 2010/11/09 21:34:46.0015 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys 2010/11/09 21:34:46.0046 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys 2010/11/09 21:34:46.0062 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys 2010/11/09 21:34:46.0093 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/09 21:34:46.0125 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys 2010/11/09 21:34:46.0140 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2010/11/09 21:34:46.0140 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys 2010/11/09 21:34:46.0187 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2010/11/09 21:34:46.0203 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010/11/09 21:34:46.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/09 21:34:46.0250 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys 2010/11/09 21:34:46.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/09 21:34:46.0265 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/09 21:34:46.0265 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/09 21:34:46.0281 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/09 21:34:46.0312 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys 2010/11/09 21:34:46.0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/09 21:34:46.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/09 21:34:46.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/09 21:34:46.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/09 21:34:46.0390 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys 2010/11/09 21:34:46.0390 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys 2010/11/09 21:34:46.0406 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys 2010/11/09 21:34:46.0421 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys 2010/11/09 21:34:46.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/09 21:34:46.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/09 21:34:46.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/09 21:34:46.0468 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/09 21:34:46.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/09 21:34:46.0484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/09 21:34:46.0515 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/09 21:34:46.0531 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys 2010/11/09 21:34:46.0531 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/09 21:34:46.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys 2010/11/09 21:34:46.0578 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys 2010/11/09 21:34:46.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/09 21:34:46.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/09 21:34:46.0625 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/09 21:34:46.0640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys 2010/11/09 21:34:46.0656 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/09 21:34:46.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/09 21:34:46.0703 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2010/11/09 21:34:46.0703 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/09 21:34:46.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/09 21:34:46.0750 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/09 21:34:46.0765 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys 2010/11/09 21:34:46.0843 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS 2010/11/09 21:34:46.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/09 21:34:46.0875 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/09 21:34:46.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/09 21:34:46.0890 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/09 21:34:46.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/09 21:34:46.0953 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/09 21:34:46.0968 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/09 21:34:46.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/09 21:34:46.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/09 21:34:46.0984 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/09 21:34:47.0000 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/09 21:34:47.0031 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/09 21:34:47.0046 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/09 21:34:47.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/09 21:34:47.0078 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/09 21:34:47.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/09 21:34:47.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/09 21:34:47.0140 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys 2010/11/09 21:34:47.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys 2010/11/09 21:34:47.0171 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/09 21:34:47.0203 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/09 21:34:47.0234 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys 2010/11/09 21:34:47.0250 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2010/11/09 21:34:47.0265 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2010/11/09 21:34:47.0281 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/09 21:34:47.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys 2010/11/09 21:34:47.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/09 21:34:47.0359 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys 2010/11/09 21:34:47.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/09 21:34:47.0390 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/09 21:34:47.0406 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/09 21:34:47.0421 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/09 21:34:47.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys 2010/11/09 21:34:47.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys 2010/11/09 21:34:47.0515 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys 2010/11/09 21:34:47.0531 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/09 21:34:47.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/09 21:34:47.0562 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/09 21:34:47.0562 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/09 21:34:47.0578 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/09 21:34:47.0593 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/09 21:34:47.0609 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/09 21:34:47.0625 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys 2010/11/09 21:34:47.0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/09 21:34:47.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/09 21:34:47.0687 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys 2010/11/09 21:34:47.0718 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/09 21:34:47.0765 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/11/09 21:34:47.0765 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/09 21:34:47.0781 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/09 21:34:47.0937 ================================================================================ 2010/11/09 21:34:47.0937 Scan finished 2010/11/09 21:34:47.0937 ================================================================================
  12. rigsby1208
    Hi I have also tried to run dial a fix, Fix policies, and combo fix all in normal windows. All seem to start but then just hang.
  13. rigsby1208
    Hi Hijack this log in normal windows mode... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:20:25, on 08/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\Ati2evxx.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe E:\Program Files\AskBarDis\bar\bin\AskService.exe E:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\Program Files\Juniper Networks\Common Files\dsNcService.exe E:\WINDOWS\system32\FsUsbExService.Exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\IoctlSvc.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Xobni\XobniService.exe E:\Program Files\Canon\CAL\CALMAIN.exe E:\WINDOWS\system32\userinit.exe E:\WINDOWS\Explorer.EXE E:\Program Files\ASUS\Six Engine\SixEngine.exe E:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe E:\WINDOWS\RTHDCPL.EXE E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe E:\Program Files\Canon\MyPrinter\BJMyPrt.exe E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\Program Files\Java\jre6\bin\jusched.exe E:\Program Files\Common Files\Real\Update_OB\realsched.exe E:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe E:\Program Files\DivX\DivX Update\DivXUpdate.exe E:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe E:\Program Files\Logitech\SetPoint\SetPoint.exe E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe E:\Program Files\Logitech\SetPoint\LU\LULnchr.exe E:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe E:\WINDOWS\system32\taskmgr.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Google\Chrome\Application\chrome.exe E:\Program Files\Google\Chrome\Application\chrome.exe F:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - E:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [six Engine] "E:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Name of App] E:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [OSSelectorReinstall] E:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [broadbandadvisor.exe] "E:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [NUSB3MON] "E:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avp] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] "E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://E:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://E:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/gb/Core/Pla...yerAX_Win32.cab O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} (Kaspersky License Finder) - http://www.kaspersky.co.uk/downloads/misc/...censefinder.cab O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://connect2.buckscc.gov.uk/dana-cached...SetupClient.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - E:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - E:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - E:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - E:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PS3 Media Server - Unknown owner - E:\Program Files\PS3 Media Server\win32\service\wrapper.exe O23 - Service: ServiceLayer - Nokia - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: XobniService - Xobni Corporation - E:\Program Files\Xobni\XobniService.exe -- End of file - 15177 bytes
  14. rigsby1208
    OK, I will try tonight. thanks
  15. rigsby1208
    Apologies MrC. I have not had a chance to run the scan yet. I will do it tonight (I'm in the UK). Do you think the issue is resolvable? I'm getting pretty demoralised by it !
  16. rigsby1208
    hi performed scan.... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:55:38, on 05/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe E:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - E:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [six Engine] "E:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Name of App] E:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] E:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [OSSelectorReinstall] E:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [broadbandadvisor.exe] "E:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [NUSB3MON] "E:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avp] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/gb/Core/Pla...yerAX_Win32.cab O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} (Kaspersky License Finder) - http://www.kaspersky.co.uk/downloads/misc/...censefinder.cab O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://connect2.buckscc.gov.uk/dana-cached...SetupClient.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - E:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - E:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - E:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - E:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - E:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - E:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - E:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PS3 Media Server - Unknown owner - E:\Program Files\PS3 Media Server\win32\service\wrapper.exe O23 - Service: ServiceLayer - Nokia - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: XobniService - Xobni Corporation - E:\Program Files\Xobni\XobniService.exe -- End of file - 11385 bytes
  17. rigsby1208
    Everything ran OK in Safe mode under the administrator. When I went to normal windows, Dial a fix ran, but fix policies hung on the black box. There seems to be a point about 30 seconds after logging into normal windows that everything starts to go wrong. For the first 30 seconds or so I can access task manager, etc. Safe mode seems fine for everything.
  18. rigsby1208
    gpedit.msc opened OK.
  19. rigsby1208
    mbam log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 05/11/2010 17:18:49 mbam-log-2010-11-05 (17-18-49).txt Scan type: Quick scan Objects scanned: 178187 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  20. rigsby1208
    Ran MBR but it just flashed up and went again, it created a log below, but no prompts or anything. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SAMSUNG_HD103UJ rev.1AA01113 -> \Device\Ide\IdeDeviceP0T0L0-3 device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  21. rigsby1208
    TDSSkiller.... 2010/11/05 16:29:36.0843 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/05 16:29:36.0843 ================================================================================ 2010/11/05 16:29:36.0843 SystemInfo: 2010/11/05 16:29:36.0843 2010/11/05 16:29:36.0843 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/05 16:29:36.0843 Product type: Workstation 2010/11/05 16:29:36.0843 ComputerName: DARREN-DESKTOP 2010/11/05 16:29:36.0843 UserName: Administrator 2010/11/05 16:29:36.0843 Windows directory: E:\WINDOWS 2010/11/05 16:29:36.0843 System windows directory: E:\WINDOWS 2010/11/05 16:29:36.0843 Processor architecture: Intel x86 2010/11/05 16:29:36.0843 Number of processors: 4 2010/11/05 16:29:36.0843 Page size: 0x1000 2010/11/05 16:29:36.0843 Boot type: Safe boot with network 2010/11/05 16:29:36.0843 ================================================================================ 2010/11/05 16:29:38.0265 Initialize success 2010/11/05 16:29:40.0015 ================================================================================ 2010/11/05 16:29:40.0015 Scan started 2010/11/05 16:29:40.0015 Mode: Manual; 2010/11/05 16:29:40.0015 ================================================================================ 2010/11/05 16:29:40.0812 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/05 16:29:40.0828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/05 16:29:40.0890 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys 2010/11/05 16:29:40.0921 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys 2010/11/05 16:29:41.0031 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/05 16:29:41.0109 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) E:\WINDOWS\system32\drivers\AsIO.sys 2010/11/05 16:29:41.0156 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/05 16:29:41.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/05 16:29:41.0265 ati2mtag (c06659ff381423d6cb19a91c2a2f80ad) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/11/05 16:29:41.0296 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) E:\WINDOWS\system32\drivers\AtiHdmi.sys 2010/11/05 16:29:41.0328 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/05 16:29:41.0343 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/05 16:29:41.0375 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys 2010/11/05 16:29:41.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/05 16:29:41.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/05 16:29:41.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/05 16:29:41.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/05 16:29:41.0640 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/05 16:29:41.0671 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys 2010/11/05 16:29:41.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys 2010/11/05 16:29:41.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys 2010/11/05 16:29:41.0734 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys 2010/11/05 16:29:41.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/05 16:29:41.0812 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) E:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys 2010/11/05 16:29:41.0843 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) E:\WINDOWS\system32\epmntdrv.sys 2010/11/05 16:29:41.0859 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) E:\WINDOWS\system32\EuGdiDrv.sys 2010/11/05 16:29:41.0890 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/05 16:29:41.0906 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/05 16:29:41.0921 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys 2010/11/05 16:29:41.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/05 16:29:41.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/05 16:29:42.0015 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) E:\WINDOWS\system32\FsUsbExDisk.SYS 2010/11/05 16:29:42.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/05 16:29:42.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/05 16:29:42.0093 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/05 16:29:42.0109 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/05 16:29:42.0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/05 16:29:42.0203 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) E:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/05 16:29:42.0234 HPZipr12 (89f41658929393487b6b7d13c8528ce3) E:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/05 16:29:42.0265 HPZius12 (abcb05ccdbf03000354b9553820e39f8) E:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/05 16:29:42.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/05 16:29:42.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/05 16:29:42.0375 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/05 16:29:42.0500 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) E:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/05 16:29:42.0546 intelppm (8c953733d8f36eb2133f5bb58808b66b) E:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/05 16:29:42.0562 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/05 16:29:42.0593 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/05 16:29:42.0609 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/05 16:29:42.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/05 16:29:42.0656 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/05 16:29:42.0671 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/05 16:29:42.0703 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/05 16:29:42.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/05 16:29:42.0734 kl1 (47f4320cff5bd3de472bb300a32a879e) E:\WINDOWS\system32\drivers\kl1.sys 2010/11/05 16:29:42.0781 kl2 (0e29fe31bd4c72412ad99253e71b25c1) E:\WINDOWS\system32\drivers\kl2.sys 2010/11/05 16:29:42.0796 KLIF (acfa523e62dbd4be52c8b665dd49acf3) E:\WINDOWS\system32\DRIVERS\klif.sys 2010/11/05 16:29:42.0843 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) E:\WINDOWS\system32\DRIVERS\klim5.sys 2010/11/05 16:29:42.0875 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) E:\WINDOWS\system32\DRIVERS\klmouflt.sys 2010/11/05 16:29:42.0890 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys 2010/11/05 16:29:42.0921 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/05 16:29:42.0937 L1e (93e64bab9dee162ca0ca5258d132a047) E:\WINDOWS\system32\DRIVERS\l1e51x86.sys 2010/11/05 16:29:42.0968 L8042Kbd (dc61f15187372d164769c841655e58f3) E:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 2010/11/05 16:29:42.0984 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) E:\WINDOWS\system32\DRIVERS\L8042mou.Sys 2010/11/05 16:29:43.0062 LMouKE (58597a99792461e89bb5c44e17508d70) E:\WINDOWS\system32\DRIVERS\LMouKE.Sys 2010/11/05 16:29:43.0109 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010/11/05 16:29:43.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/05 16:29:43.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys 2010/11/05 16:29:43.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/05 16:29:43.0187 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/05 16:29:43.0218 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/05 16:29:43.0250 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/05 16:29:43.0265 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys 2010/11/05 16:29:43.0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/05 16:29:43.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/05 16:29:43.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/05 16:29:43.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/05 16:29:43.0375 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) E:\WINDOWS\system32\DRIVERS\ASACPI.sys 2010/11/05 16:29:43.0390 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) E:\WINDOWS\system32\DRIVERS\mv61xx.sys 2010/11/05 16:29:43.0421 mv91xx (647ee4dc4ca56f4e3f3deec7ecfcbb7a) E:\WINDOWS\system32\DRIVERS\mv91xx.sys 2010/11/05 16:29:43.0437 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys 2010/11/05 16:29:43.0453 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/05 16:29:43.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/05 16:29:43.0500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/05 16:29:43.0515 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/05 16:29:43.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/05 16:29:43.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/05 16:29:43.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/05 16:29:43.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys 2010/11/05 16:29:43.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/05 16:29:43.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys 2010/11/05 16:29:43.0718 nusb3xhc (456f7262604f85746919823f592b303c) E:\WINDOWS\system32\DRIVERS\nusb3xhc.sys 2010/11/05 16:29:43.0750 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/05 16:29:43.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/05 16:29:43.0765 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/05 16:29:43.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\drivers\Parport.sys 2010/11/05 16:29:43.0828 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/05 16:29:43.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/05 16:29:43.0890 pccsmcfd (fd2041e9ba03db7764b2248f02475079) E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2010/11/05 16:29:43.0906 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/05 16:29:43.0937 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/05 16:29:43.0968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/05 16:29:43.0984 pcouffin (5b6c11de7e839c05248ced8825470fef) E:\WINDOWS\system32\Drivers\pcouffin.sys 2010/11/05 16:29:44.0156 PLCNDIS5 (2aba2f545b35f9c6cc2cfc4e1d539a80) E:\PROGRA~1\PLE200\PLCNDIS5.SYS 2010/11/05 16:29:44.0203 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/05 16:29:44.0234 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/05 16:29:44.0250 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/05 16:29:44.0265 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) E:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/05 16:29:44.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/05 16:29:44.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/05 16:29:44.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/05 16:29:44.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/05 16:29:44.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/05 16:29:44.0453 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/05 16:29:44.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/11/05 16:29:44.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/05 16:29:44.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/05 16:29:44.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/05 16:29:44.0625 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/05 16:29:44.0640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/05 16:29:44.0687 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys 2010/11/05 16:29:44.0734 snapman (e78c98378a071ce4d48a7c514fa98fa1) E:\WINDOWS\system32\DRIVERS\snapman.sys 2010/11/05 16:29:44.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys 2010/11/05 16:29:44.0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/05 16:29:44.0843 Srv (da852e3e0bf1cea75d756f9866241e57) E:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/05 16:29:44.0859 sscdbus (92b69020fc480219683d429dca068d71) E:\WINDOWS\system32\DRIVERS\sscdbus.sys 2010/11/05 16:29:44.0890 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) E:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2010/11/05 16:29:44.0906 sscdmdm (b4255635195a8413fcde7af5b7c4e382) E:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2010/11/05 16:29:44.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/05 16:29:44.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys 2010/11/05 16:29:45.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/05 16:29:45.0093 tbhsd (c26c6dff638d9e51dc5cc60a7785d057) E:\WINDOWS\system32\drivers\tbhsd.sys 2010/11/05 16:29:45.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/05 16:29:45.0140 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/05 16:29:45.0156 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/05 16:29:45.0171 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/05 16:29:45.0234 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys 2010/11/05 16:29:45.0265 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys 2010/11/05 16:29:45.0328 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) E:\WINDOWS\system32\Drivers\usbaapl.sys 2010/11/05 16:29:45.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/05 16:29:45.0359 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/05 16:29:45.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/05 16:29:45.0406 usbprint (a717c8721046828520c9edf31288fc00) E:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/05 16:29:45.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/05 16:29:45.0437 usbstor (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/05 16:29:45.0468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) E:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/05 16:29:45.0484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys 2010/11/05 16:29:45.0515 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/05 16:29:45.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/05 16:29:45.0593 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) E:\WINDOWS\system32\Drivers\wdf01000.sys 2010/11/05 16:29:45.0625 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/05 16:29:45.0718 WpdUsb (cf4def1bf66f06964dc0d91844239104) E:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/11/05 16:29:45.0750 WudfPf (6ff66513d372d479ef1810223c8d20ce) E:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/05 16:29:45.0781 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) E:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/05 16:29:46.0000 ================================================================================ 2010/11/05 16:29:46.0000 Scan finished 2010/11/05 16:29:46.0000 ================================================================================
  22. rigsby1208
    Combo fix, ran in safe mode, it deleted 2 files and then performed a reboot.... ComboFix 10-11-04.08 - Administrator 05/11/2010 16:18:24.4.4 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2948 [GMT 0:00] Running from: e:\documents and settings\Administrator\Desktop\iexplorer.exe AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\system32\config\juoaxlnn e:\windows\system32\config\juoaxlnn.sav . ((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 ))))))))))))))))))))))))))))))) . 2010-11-03 16:10 . 2010-11-03 16:10 -------- d-----w- E:\My Music 2010-11-03 11:29 . 2010-11-03 12:04 -------- d-----w- E:\TDSSKiller_Quarantine 2010-10-26 20:53 . 2010-04-29 15:39 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys 2010-10-26 20:53 . 2010-04-29 15:39 20952 ----a-w- e:\windows\system32\drivers\mbam.sys 2010-10-22 11:50 . 2010-11-03 12:09 -------- d-----w- e:\documents and settings\Administrator 2010-10-21 14:44 . 2010-10-21 14:44 -------- d-----w- e:\windows\system32\wbem\Repository 2010-10-21 12:43 . 2010-10-21 14:43 -------- d-----w- E:\32788R22FWJFW(2) 2010-10-21 10:30 . 2010-10-21 14:43 -------- d-s---w- e:\documents and settings\test 2010-10-21 10:26 . 2010-10-21 10:26 -------- d-----w- e:\documents and settings\Henry Bishop\Local Settings\Application Data\Mozilla 2010-10-21 09:58 . 2010-10-21 09:58 -------- d-----w- e:\documents and settings\Darren Bishop\Application Data\Malwarebytes 2010-10-21 09:57 . 2010-10-21 09:57 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-21 09:57 . 2010-11-03 12:24 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware 2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Spyware Doctor 2010-10-20 23:29 . 2010-10-21 14:43 -------- d-----w- e:\program files\Common Files\PC Tools 2010-10-20 23:04 . 2010-10-21 14:43 -------- dc----w- e:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70} 2010-10-20 23:04 . 2010-10-20 23:08 -------- d-----w- e:\documents and settings\All Users\Application Data\Lavasoft 2010-10-20 23:04 . 2010-10-20 23:04 -------- d-----w- e:\program files\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- e:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- e:\windows\system32\inetcpl.cpl 2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx 2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- e:\windows\system32\QuickTime.qts 2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- e:\windows\system32\win32k.sys 2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- e:\windows\system32\t2embed.dll 2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 12:00 590848 ----a-w- e:\windows\system32\rpcrt4.dll 2010-08-14 17:17 . 2009-03-03 22:26 47360 -c--a-w- e:\documents and settings\Darren Bishop\Application Data\pcouffin.sys 2010-08-13 12:53 . 2009-04-16 17:59 5120 ----a-w- e:\windows\system32\xpsp4res.dll 2010-08-12 04:07 . 2009-02-01 19:53 45648 ----a-w- e:\windows\system32\drivers\PxHelp20.sys 2010-08-12 04:07 . 2009-02-01 19:53 133616 -c----w- e:\windows\system32\pxafs.dll 2010-08-12 04:07 . 2009-02-01 19:53 126448 -c----w- e:\windows\system32\pxinsi64.exe 2010-08-12 04:07 . 2009-02-01 19:53 123888 -c----w- e:\windows\system32\pxcpyi64.exe . ((((((((((((((((((((((((((((( SnapShot@2010-10-31_15.53.05 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-04 12:00 . 2010-11-04 23:25 654684 e:\windows\system32\perfh009.dat + 2004-08-04 12:00 . 2010-11-04 23:25 154592 e:\windows\system32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 12:47 333192 ----a-w- e:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "e:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="e:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800] "StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "Name of App"="e:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2009-07-15 692340] "RTHDCPL"="RTHDCPL.EXE" [2009-01-31 16876032] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "CanonSolutionMenu"="e:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="e:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "OSSelectorReinstall"="e:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-26 2209224] "HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "NPSStartup"="" [bU] "NeroFilterCheck"="e:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2009-06-28 148888] "TkBellExe"="e:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 185896] "Broadbandadvisor.exe"="e:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216] "DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "NUSB3MON"="e:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496] "QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-14 15360] e:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-31 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 16:41 72208 ----a-w- e:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "e:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Free Download Manager\\fdmwi.exe"= "e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsasvr.exe"= "e:\\Program Files\\SAMSUNG\\Samsung New PC Studio\\npsvsvr.exe"= "e:\\Program Files\\Spotify\\spotify.exe"= "e:\\Program Files\\Vuze\\Azureus.exe"= "e:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= R0 mv61xx;mv61xx;e:\windows\system32\drivers\mv61xx.sys [23/06/2008 22:21 150568] R0 mv91xx;mv91xx;e:\windows\system32\drivers\mv91xx.sys [09/10/2009 10:04 253480] R1 kl2;Kl2;e:\windows\system32\drivers\kl2.sys [06/05/2010 23:19 132184] R3 klim5;Kaspersky Anti-Virus NDIS Filter;e:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;e:\windows\system32\drivers\nusb3xhc.sys [26/10/2009 22:19 136704] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;e:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 12:03 169312] S2 ASKService;ASKService;e:\program files\AskBarDis\bar\bin\AskService.exe [21/01/2010 07:45 464264] S2 ASKUpgrade;ASKUpgrade;e:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/01/2010 07:45 234888] S2 FsUsbExService;FsUsbExService;e:\windows\system32\FsUsbExService.Exe [14/04/2009 17:15 233472] S2 gupdate;Google Update Service (gupdate);e:\program files\Google\Update\GoogleUpdate.exe [11/02/2010 10:00 135664] S2 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [12/10/2009 16:33 46824] S3 epmntdrv;epmntdrv;e:\windows\system32\epmntdrv.sys [22/07/2009 20:06 8704] S3 EuGdiDrv;EuGdiDrv;e:\windows\system32\EuGdiDrv.sys [22/07/2009 20:06 3072] S3 FsUsbExDisk;FsUsbExDisk;e:\windows\system32\FsUsbExDisk.Sys [14/04/2009 17:15 36608] S3 klmouflt;Kaspersky Lab KLMOUFLT;e:\windows\system32\drivers\klmouflt.sys [02/11/2009 19:27 19472] S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [26/10/2010 20:53 38224] S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\e:\progra~1\PLE200\PLCMPR5.SYS --> e:\progra~1\PLE200\PLCMPR5.SYS [?] S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;e:\progra~1\PLE200\PLCNDIS5.SYS [16/02/2009 22:09 17280] S3 PS3 Media Server;PS3 Media Server;e:\program files\PS3 Media Server\win32\service\wrapper.exe [17/08/2008 08:40 217088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-01-24 12:30 451872 ----a-w- e:\program files\Common Files\LightScribe\LSRunOnce.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}] 2008-06-18 15:04 8192 ----a-w- e:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2010-10-16 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2010-11-04 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00] 2010-11-04 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job - e:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 10:00] . . ------- Supplementary Scan ------- . LSP: mswsock.dll DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} - hxxp://www.kaspersky.co.uk/downloads/misc/kasperskylicensefinder.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2.buckscc.gov.uk/dana-cached/sc/JuniperSetupClient.cab FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fch2670r.default\ FF - component: e:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll FF - component: e:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: e:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: e:\program files\Virgin Broadband\advisor\nprpspa.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-05 16:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1935655697-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,3e,f1,a9,bd,28,40,47,b1,f1,67,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1104) e:\windows\system32\Ati2evxx.dll e:\program files\common files\logitech\bluetooth\LBTWlgn.dll e:\program files\common files\logitech\bluetooth\LBTServ.dll . Completion time: 2010-11-05 16:25:59 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-05 16:25 ComboFix2.txt 2010-11-03 14:11 Pre-Run: 31,962,767,360 bytes free Post-Run: 32,443,318,272 bytes free - - End Of File - - 8957D01B6F20D284877AFBE5F1433762
  23. rigsby1208
    hi Shall I do this in safe mode under administrator, or go into full windows? The problems all seem to occur in full windows, safe mode seems much better and more stable.
  24. rigsby1208
    Hi I know everyone is very busy on here, and you are getting a lot of requests, but if someone could offer any further advice I would very much appreciate it. I have taken the day off to try and resolve this issue, before I embark on re installing windows. Thanks in advance.
  25. rigsby1208
    Hi Just spent a little time on my pc and I still have the same issues..firefox crashing, cant access task manager, other programs getting blocked etc. What should I try now??
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.