Jump to content

zanth07

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Everything posted by zanth07

  1. Good morning Larry, hopefully you aren't experiencing any issues from all the snow which is possibly out your way I did 2 things this morning, and it seems that the combo has resolved the issues that I've been having. I followed the instructions to remove IE8, installed IE7 (confirmed 8 was completely gone). That didn't solve my issue, the "Internet explorer cannot display the website" screen was still coming up. So then I went to tools on IE7, then Internet Options, then clicked on Advanced. I did a Reset Internet Explorer settings, restarted IE7 and haven't had a problem since. I have also verified that the issues that I was experiencing on facebook (having to press the keys 2-3 times to have the letter appear on facebook) are gone too. I wonder if having reset the internet explorer options, if I can safely go back to IE8? So it looks like even though you helped me to get rid of that awful Ilivid / searchqu thing, it must have changed other settings when it installed itself which have been causing me issues since. This was a tough lesson to learn, and I appreciate all your help in repairing this. That I can recall I never received any indication that these toolbars / BMO's were going to be installed on my computer. I was home sick one day and just wanted to watch a couple of episodes of NCIS which I found on a website that I will never be visiting again. I think it's safe to close this topic now, please do add the information to donate, your help has been invaluable. Sandy
  2. Thank you SO MUCH!!!! I will try this 1st thing tomorrow and let you know how it works. You are awesome! Sandy
  3. Ok, at this point I'm really getting frustrated. It looks like Ilivid and searchqu are completely gone, but I'm still getting the cannot display webpage screens (not nearly as often though). I haven't found a way to remove IE8 and reinstall it, and I cannot go above IE8 due to work. Would installing IE7 remove IE8? Thanks again for all of your help. Sandy
  4. Ok, I did that and restarted. I actually have to leave for the evening, but I'll post tomorrow how IE8 is running for me. Thanks very much for all your help and patience. Sandy
  5. IE8 was slightly better today, but I still was getting the webpage cannot be displayed screen when I had no connectivity issues. The firefox error on shutdown was a one time thing. I noticed this evening when I tried to use IE8 to log on to facebook that I had to do each keystroke 2 times, this seems to only be happening on facebook, and the facebook login screen (I don't have this issue when I log on facebook using Mozilla Firefox). Here is the log file: ComboFix 12-01-10.02 - sandys 01/10/2012 18:41:57.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1268 [GMT -5:00] Running from: c:\documents and settings\sandys\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\sandys\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2011-12-13 15:26 . 2011-12-13 15:26 -------- d-----w- c:\program files\Verizon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 20:24 . 2010-04-05 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 03:03 . 2011-05-18 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2011-11-02 15:42 . 2011-11-02 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-02 15:42 . 2010-04-15 20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 08:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-11-17 15:57 . 2011-11-17 15:57 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-11-25 13:48 . 2011-06-17 20:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-01-10_02.02.43 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-10 23:57 . 2012-01-10 23:57 16384 c:\windows\temp\Perflib_Perfdata_794.dat + 2004-08-07 13:14 . 2012-01-10 02:05 82766 c:\windows\system32\perfc009.dat - 2004-08-07 13:14 . 2011-12-30 18:02 82766 c:\windows\system32\perfc009.dat + 2004-08-07 13:14 . 2012-01-10 02:05 476808 c:\windows\system32\perfh009.dat - 2004-08-07 13:14 . 2011-12-30 18:02 476808 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848] "HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-05-13 435504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-10-31 65536] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024] "DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2010-02-23 710032] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\host\Start Menu\Programs\Startup\ Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1996-7-31 14848] . c:\documents and settings\sandys\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Access97\Office\OSA.EXE [1997-9-25 51984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2009-12-15 18:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"= . R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2/23/2010 7:00 PM 36784] R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2/23/2010 6:59 PM 63408] R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2/23/2010 6:59 PM 35376] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2/22/2010 2:32 PM 224816] R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2/23/2010 6:59 PM 55216] R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2/23/2010 6:59 PM 24496] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 7:08 PM 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 7:08 PM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 7:08 PM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 7:08 PM 12496] R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2/23/2010 6:48 PM 46592] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/21/2011 10:33 AM 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 5:56 AM 101624] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/21/2011 10:20 AM 212568] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 5:11 PM 1176824] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504] R2 DisknetClient;Check Point ESME Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [2/23/2010 6:59 PM 1402248] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 1:13 PM 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 7:07 PM 256512] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2/22/2010 2:33 PM 649776] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2/22/2010 2:33 PM 231984] R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 11:28 AM 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/21/2011 10:33 AM 74104] R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 11:28 AM 181616] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 3:29 PM 475520] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/31/2008 3:58 AM 193840] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html Trusted Zone: cmsinc.com\ajwstb06-tb62 Trusted Zone: origenate.com\ajwstb06-xpress Trusted Zone: origenate.com\svxpress Trusted Zone: rfap05 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-10 19:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????$??????????????|?M?|?????M?|~?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1012) c:\windows\system32\pssogina.dll c:\windows\system32\LogonAgentAPI.dll c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\aclog.dll c:\windows\system32\asphat32.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acerrmes.dll c:\windows\system32\acevtsub.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\windows\system32\xenroll.dll c:\windows\system32\WININET.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\windows\system32\ckpNotify.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll c:\windows\system32\APSHook.dll . - - - - - - - > 'Explorer.exe'(2956) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\DCSi\E-Term32\WS_FTP Pro\nsftpch.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\msdtc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\msiexec.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe c:\windows\system32\igfxsrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe . ************************************************************************** . Completion time: 2012-01-10 19:03:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-11 00:03 ComboFix2.txt 2012-01-10 02:06 . Pre-Run: 285,627,154,432 bytes free Post-Run: 285,734,920,192 bytes free . - - End Of File - - E38B42F97FCEC288668BCA06AF609548
  6. I just tried to shut the laptop down for the night and a pop up box came up saying nsAppShell is not responding. I've never seen that before.
  7. I haven't used IE8 much since combo fix finished, but it did delete some things, here's the log: ComboFix 12-01-09.06 - sandys 01/09/2012 20:50:06.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1141 [GMT -5:00] Running from: c:\documents and settings\sandys\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\FindXplorer c:\documents and settings\host\WINDOWS c:\program files\FindXplorer c:\windows\system32\ctl3d32.dll.tmp c:\windows\system32\MSMAsk32.ocx . . ((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 ))))))))))))))))))))))))))))))) . . 2011-12-13 15:26 . 2011-12-13 15:26 -------- d-----w- c:\program files\Verizon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-10 20:24 . 2010-04-05 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 03:03 . 2011-05-18 11:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec 2011-11-02 15:42 . 2011-11-02 15:42 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-02 15:42 . 2010-04-15 20:44 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37 . 2004-08-04 08:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52 . 2004-08-04 08:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-12 16:29 . 2011-10-12 16:29 42864 ----a-w- c:\windows\system32\sbbd.exe 2011-11-17 15:57 . 2011-11-17 15:57 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-11-25 13:48 . 2011-06-17 20:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-04-11 77672] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848] "HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-05-13 435504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-10-31 65536] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2010-02-11 70024] "DN4TRAY"="c:\program files\CheckPoint\Tray\DNTray.exe" [2010-02-23 710032] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2010-02-22 858672] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2011-10-12 1627504] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\documents and settings\host\Start Menu\Programs\Startup\ Microsoft Office Fast Start.lnk - c:\msoffice\Office\FASTBOOT.EXE [1996-7-31 14848] . c:\documents and settings\sandys\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Office Startup.lnk - c:\program files\Access97\Office\OSA.EXE [1997-9-25 51984] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2009-12-15 18:40 30104 ----a-w- c:\windows\system32\ckpNotify.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DisknetClient] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"= . R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2/23/2010 7:00 PM 36784] R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2/23/2010 6:59 PM 63408] R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2/23/2010 6:59 PM 35376] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2/22/2010 2:32 PM 224816] R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2/23/2010 6:59 PM 55216] R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2/23/2010 6:59 PM 24496] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [6/5/2008 7:08 PM 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [6/5/2008 7:08 PM 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [6/5/2008 7:08 PM 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [12/15/2009 1:40 PM 2245624] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [6/5/2008 7:08 PM 12496] R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2/23/2010 6:48 PM 46592] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/21/2011 10:33 AM 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/30/2011 5:56 AM 101624] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [10/21/2011 10:20 AM 212568] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336] R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2008 5:11 PM 1176824] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [12/15/2009 1:41 PM 47504] R2 DisknetClient;Check Point ESME Client Service;c:\program files\CheckPoint\Pointsec Protector Client\disknet.exe [2/23/2010 6:59 PM 1402248] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/10/2008 1:13 PM 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6/5/2008 7:07 PM 256512] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2/22/2010 2:33 PM 649776] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2/22/2010 2:33 PM 231984] R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/12/2011 11:28 AM 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/21/2011 10:33 AM 74104] R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/12/2011 11:28 AM 181616] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [12/15/2009 1:40 PM 126680] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [12/15/2009 1:40 PM 684280] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/15/2008 3:29 PM 475520] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/31/2008 3:58 AM 193840] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 2:16 PM 41216] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Contents of the 'Scheduled Tasks' folder . 2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html Trusted Zone: cmsinc.com\ajwstb06-tb62 Trusted Zone: origenate.com\ajwstb06-xpress Trusted Zone: origenate.com\svxpress Trusted Zone: rfap05 TCP: DhcpNameServer = 192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\sandys\Application Data\Mozilla\Firefox\Profiles\dq4aybnb.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) SafeBoot-disknet AddRemove-FindXplorer - c:\program files\FindXplorer\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-09 21:02 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????$??????????????|?M?|?????M?|~?@ . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1008) c:\windows\system32\pssogina.dll c:\windows\system32\LogonAgentAPI.dll c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\brand.dll c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll c:\windows\system32\acomx.dll c:\windows\system32\aclog.dll c:\windows\system32\asphat32.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acerrmes.dll c:\windows\system32\acevtsub.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll c:\windows\system32\acbsi21.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDac.DLL c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\windows\system32\xenroll.dll c:\windows\system32\WININET.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll c:\windows\system32\ckpNotify.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAPS.dll c:\windows\system32\APSHook.dll . - - - - - - - > 'Explorer.exe'(4632) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\DCSi\E-Term32\WS_FTP Pro\nsftpch.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\msdtc.exe c:\windows\system32\agrsmsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\mqsvc.exe c:\windows\system32\mqtgsvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\msiexec.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe c:\windows\system32\igfxsrvc.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-01-09 21:06:37 - machine was rebooted ComboFix-quarantined-files.txt 2012-01-10 02:06 . Pre-Run: 284,449,026,048 bytes free Post-Run: 284,567,097,344 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 6EC4C3D6696B4998FA99145B777953E9
  8. I did a full scan, here's the log: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.09.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 sandys :: SANDYS-LT [administrator] 1/9/2012 11:03:10 AM mbam-log-2012-01-09 (11-03-10).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 416420 Time elapsed: 1 hour(s), 52 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The machine is behaving fine, it's IE8 that is behaving poorly, ever since that searchqu toolbar appeared in my add ons I will get a Internet Explorer cannot display the webpage What you can try: Diagnose Connection Problems More information screen when there are no connection problems. This doesn't happen on all webpages, and it doesn't even happen on the same webpage (I've gotten that screen, then immediately reloaded the page with no problems). I really wish that I could uninstall IE8 and all addons and do a completely new install because it's just been a mess to deal with since the searchqu add on somehow got installed. Thanks in advance for your help.
  9. I noticed recently that an add on was associated with my IE8 on the laptop that I use for work. I followed instructions that I found on line to delete the registry keys associated with it (Windows Ilivid / searchqu Toolbar), but now that I look at the add ons it's not identified as Ilivid, but it does seem to be lingering still as "Control Name is not Available", so it doesn't appear to be completely gone yet. Here's the DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by sandys at 13:59:01 on 2012-01-04 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.848 [GMT -5:00] . . ============== Running Processes =============== . C:\WINDOWS\System32\svchost.exe -k Cognizance c:\Program Files\Fingerprint Sensor\AtService.exe C:\WINDOWS\system32\svchost -k DcomLaunch c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Prot_srv.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\CheckPoint\Pointsec Protector Client\disknet.exe c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\pstartSr.exe C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\WINDOWS\system32\AccelerometerSt.Exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe C:\Program Files\CheckPoint\Tray\DNTray.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AIM\aim.exe C:\Program Files\Access97\Office\OSA.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\CMSI\Configuration Manager 8.5.08\ConfigManager.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\dcsi\e-term32\ws_ftp pro\wsbho2k0.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Check Point Endpoint Tray Application] c:\program files\common files\check point\uiframework\cptray.exe mRun: [DN4TRAY] "c:\program files\checkpoint\tray\DNTray.exe" mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [sBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows iLivid Toolbar" mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows ilivid toolbar\datamngr\ToolBar" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\access97\office\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: cmsinc.com\ajwstb06-tb62 Trusted Zone: origenate.com\ajwstb06-xpress Trusted Zone: origenate.com\svxpress Trusted Zone: rfap05 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP27-10832/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 172.16.25.191 172.16.25.192 TCP: Interfaces\{2D54C050-F7F0-43C7-A06D-2645DB23CB9C} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{FAAEB0BB-78CB-40EA-B819-06EE06157D18} : DhcpNameServer = 172.16.25.191 172.16.25.192 Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: ckpNotify - ckpNotify.dll Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: APSHook.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Notification Packages = scecli ASWLNPkg Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\sandys\application data\mozilla\firefox\profiles\dq4aybnb.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q= FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R0 DNPFW;Disknet Pro Device Firewall Driver;c:\windows\system32\drivers\DNPFW.sys [2010-2-23 36784] R0 dvrem;Check Point ESME Client EPM Driver;c:\windows\system32\drivers\dvrem.sys [2010-2-23 63408] R0 KAEON;KAEon CD/DVD Writing Filter Driver;c:\windows\system32\drivers\kaeon.sys [2010-2-23 35376] R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [2010-2-22 224816] R0 PSG;Check Point Media Encryption PSG;c:\windows\system32\drivers\psg.sys [2010-2-23 55216] R0 rmm;Check Point ESME Client RMM Driver;c:\windows\system32\drivers\rmm.sys [2010-2-23 24496] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-6-5 109184] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-5 51376] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-5 12928] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2009-12-15 2245624] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-5 12496] R1 rxAES100;Reflex Magnetics FIPS140-2 Driver;c:\windows\system32\drivers\rxaes100.sys [2010-2-23 46592] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-10-21 21496] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-8-30 101624] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-10-21 212568] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-15 1176824] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2009-12-15 47504] R2 DisknetClient;Check Point ESME Client Service;c:\program files\checkpoint\pointsec protector client\disknet.exe [2010-2-23 1402248] R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944] R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-6-5 256512] R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2010-2-22 649776] R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2010-2-22 231984] R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2011-10-12 2804312] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-10-21 74104] R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2011-10-12 181616] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2009-12-15 126680] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2009-12-15 684280] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216] . =============== Created Last 30 ================ . 2011-12-13 15:26:57 -------- d-----w- c:\program files\Verizon 2011-12-06 22:34:35 -------- d-----w- c:\windows\.jagex_cache_32 . ==================== Find3M ==================== . 2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 03:03:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec 2011-11-02 15:42:03 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-02 15:42:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-12 16:29:46 42864 ----a-w- c:\windows\system32\sbbd.exe 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 13:59:55.83 =============== attach.zip
  10. Thanks for everything Borislav. I've uninstalled all the things you told me to along with McAfee. I opted to go with avast, and of course I'm now on the MBAM Pro version. I need to read over the rest of the information to see what else I should do. Again, thanks for everything that all of you do!
  11. Disk Optimizer only seemed to exist as a shell, there were no associated programs with Uninstall, so I deleted the folder from my program menu and deleted the shortcut. I don't see any remains now of either Disk Optimizer or Security Shield. I think there is some cleanup work left, but as far as the infection that brought me here, thank you so much, I believe it's gone. I think I need to get rid of some of the cleanup tools that we used, and to undo the fogger thing that I did when we started. As well, I want to get rid of McAfee completely and go with one of the 2 free virus scan programs that I've seen recommended in the forums. I think I'm only running with windows firewall, is it possible to disable that and to go with one of the ones recommended here? I haven't done anything yet, but here's my plan: 1) MBAM pro 2.) get rid of McAfee 3.) Look into more of a firewall then windows firewall I run teatimer with Spybot Search and Destroy already ... any other suggestions? Again, thank you for all of your help!
  12. When I get home it will be done boss Any log you want after?
  13. If I do need to run it again, because I did have to stop it at 99% (all 6 of those threats were found in the 98 - 99% area), can you find out how I can keep the PC from going into sleep mode after 15 minutes? Thanks!
  14. Oh, and the program "Disk Optimizer" which was the one that brought me here in the 1st place (that one and it's buddy Security Shield ... which thankfully is gone) is still sitting on my desktop, and it is in "Start" / All Programs / Disk Optimizer ... there is an "Uninstall Disk Optimizer" located within that folder, but for one, you've told me not to add or remove any programs, and secondly I don't trust it .. I think it's a trick.
  15. Thanks Borislav ... ESET stalled at 99% ... I think I've said before that I dislike Vista, I haven't figured out how to keep my screen from going into sleep mode after 15 minutes of no keyboard or mouse clicks ... I ended up having to wiggle my mouse a couple of times, but the stall did not coincide with either of those. Never the less, it did find and Quarantine 6 threats, here's the log: (let me know if I should run it again, or run another DDS) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=2b7f68e2a7de2c48bf3b66c22e7e05e6 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-01-19 11:53:32 # local_time=2011-01-19 06:53:32 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5121 16776573 100 96 24341454 47486961 0 0 # compatibility_mode=5892 16776574 100 100 5585 132085765 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=71086 # found=6 # cleaned=6 # scan_time=2974 C:\Users\Sandy\AppData\Local\nfmtscpbq.exe a variant of Win32/Kryptik.JRP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\30502701-4dc4b6e5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\42290e4d-1c01ac29 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23803c97-32cc5a14 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\716041e5-675b99e2 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Sandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\5e580ffb-60f79974 a variant of Java/Exploit.Agent.NAC trojan (deleted - quarantined) 00000000000000000000000000000000 C
  16. Just wanted to say Hi!, and to let you know how happy I am that I found this site. I'm not happy about what brought me here, but that's another topic in the HiJackThis forums ... and with the expert help there I'm sure that my issues will get resolved. I've taken some time to read some of the tips, and jokes, of course ... but the important thing to me is that I feel like I've found a place I can trust. Even though I do QA for software I know just enough about home computer security to be dangerous ... to myself that is. I left all that home pc security stuff to my ex, and in the time that we've been broken up, it really amazes me that my computer is still running. All the mistakes that I see that I have going on with my computer and internet security ... really makes me shudder ... and I'm certain the experts who've been reading my logs are shuddering too. Anyway, just a quick note to say Hi!, and to say Thank you! ~zanth07
  17. It's early again, and I haven't had my 1st cup of coffee, but you're only asking for 1 log this time MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: ELITEGROUP BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: Gateway System Product Name: GT5656 Logical Drives Mask: 0x000001fc Kernel Drivers (total 156): 0x82651000 \SystemRoot\system32\ntkrnlpa.exe 0x8261E000 \SystemRoot\system32\hal.dll 0x80405000 \SystemRoot\system32\kdcom.dll 0x8040C000 \SystemRoot\system32\PSHED.dll 0x8041D000 \SystemRoot\system32\BOOTVID.dll 0x80425000 \SystemRoot\system32\CLFS.SYS 0x80466000 \SystemRoot\system32\CI.dll 0x80546000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805C2000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8060D000 \SystemRoot\system32\drivers\acpi.sys 0x80653000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8065C000 \SystemRoot\system32\drivers\msisadrv.sys 0x80664000 \SystemRoot\system32\drivers\pci.sys 0x8068B000 \SystemRoot\System32\drivers\partmgr.sys 0x8069A000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8069D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x806A7000 \SystemRoot\system32\drivers\volmgr.sys 0x806B6000 \SystemRoot\System32\drivers\volmgrx.sys 0x80700000 \SystemRoot\system32\drivers\pciide.sys 0x80707000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80715000 \SystemRoot\System32\drivers\mountmgr.sys 0x80725000 \SystemRoot\system32\drivers\atapi.sys 0x8072D000 \SystemRoot\system32\drivers\ataport.SYS 0x8074B000 \SystemRoot\system32\drivers\nvstor.sys 0x80758000 \SystemRoot\system32\drivers\storport.sys 0x80799000 \SystemRoot\system32\DRIVERS\nvstor32.sys 0x807B6000 \SystemRoot\system32\drivers\fltmgr.sys 0x807E8000 \SystemRoot\system32\drivers\fileinfo.sys 0x8A406000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8A477000 \SystemRoot\system32\drivers\ndis.sys 0x8A582000 \SystemRoot\system32\drivers\msrpc.sys 0x8A5AD000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A607000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A717000 \SystemRoot\system32\drivers\volsnap.sys 0x8A750000 \SystemRoot\System32\Drivers\spldr.sys 0x8A758000 \SystemRoot\System32\Drivers\mup.sys 0x8A767000 \SystemRoot\System32\drivers\ecache.sys 0x8A78E000 \SystemRoot\system32\drivers\disk.sys 0x8A79F000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A7C0000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A5E8000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8A5F3000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x805CF000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x805DF000 \SystemRoot\system32\DRIVERS\serial.sys 0x80600000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8E00F000 \SystemRoot\system32\DRIVERS\parport.sys 0x8E027000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8E031000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8E06F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8E07E000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys 0x8E0CA000 \SystemRoot\system32\DRIVERS\ks.sys 0x8E0F4000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x8E208000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8E2BD000 \SystemRoot\system32\drivers\modem.sys 0x8E2CA000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8E2DA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8E2E8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E375000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8E38D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8E407000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8EE85000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8EE87000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8EF28000 \SystemRoot\System32\drivers\watchdog.sys 0x8EF34000 \SystemRoot\system32\DRIVERS\yk60x86.sys 0x8EF80000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8EFAF000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8EFBA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8EFD1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8EFDC000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8E393000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8E3A2000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8E3B6000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8E3CB000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8E3DB000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8E3E6000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8E400000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8E3F1000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8E000000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8F40F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8F444000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8F802000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8F9B1000 \SystemRoot\system32\drivers\portcls.sys 0x8F455000 \SystemRoot\system32\drivers\drmk.sys 0x8F9DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8F9E7000 \SystemRoot\System32\Drivers\Null.SYS 0x8F9EE000 \SystemRoot\System32\Drivers\Beep.SYS 0x8F48D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8F494000 \SystemRoot\System32\drivers\vga.sys 0x8F4A0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8F9F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8F4C1000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8F4C9000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8F4D4000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8F4E2000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8F4EB000 \SystemRoot\System32\drivers\tcpip.sys 0x8F5D5000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8FA0A000 \SystemRoot\System32\Drivers\Mpfp.sys 0x8FA33000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8FA49000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0x8FA5B000 \SystemRoot\system32\DRIVERS\smb.sys 0x8FA6F000 \SystemRoot\system32\drivers\afd.sys 0x8FAB7000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8FAE9000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8FAFF000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8FB0D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8FB20000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8FB5C000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8FB66000 \SystemRoot\system32\drivers\mfehidk.sys 0x8FB99000 \SystemRoot\System32\Drivers\dfsc.sys 0x8FBB0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8FBC7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8FBC9000 \SystemRoot\system32\drivers\usbaudio.sys 0x8FBDB000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8FBE4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8FBF4000 \SystemRoot\system32\drivers\dadder.sys 0x8FA00000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8F5F0000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8F400000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x8A7C9000 \SystemRoot\System32\Drivers\dump_nvstor32.sys 0x98680000 \SystemRoot\System32\win32k.sys 0x8F47A000 \SystemRoot\System32\drivers\Dxapi.sys 0x8FBFA000 \SystemRoot\System32\Drivers\Lycosa.sys 0x8F484000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8A7E6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x9B805000 \SystemRoot\system32\DRIVERS\monitor.sys 0x988A0000 \SystemRoot\System32\TSDDD.dll 0x988C0000 \SystemRoot\System32\cdd.dll 0x9B814000 \SystemRoot\system32\drivers\luafv.sys 0x9B837000 \SystemRoot\system32\drivers\spsys.sys 0x9B8E7000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9B8F7000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9B921000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9B92B000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9B93E000 \SystemRoot\system32\drivers\HTTP.sys 0x9B9AB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9B9C8000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9B9E1000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9E202000 \SystemRoot\system32\drivers\mrxdav.sys 0x9E223000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9E242000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9E27B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9E293000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9E2BB000 \SystemRoot\System32\DRIVERS\srv.sys 0x9E309000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9E310000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9E314000 \SystemRoot\system32\drivers\peauth.sys 0x9E3F2000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA080F000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA081B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA0830000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA0842000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xA084A000 \SystemRoot\system32\drivers\mfebopk.sys 0xA0851000 \SystemRoot\system32\drivers\mfeavfk.sys 0xA0863000 \SystemRoot\system32\drivers\mfesmfk.sys 0xA086C000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77120000 \Windows\System32\ntdll.dll Processes (total 80): 0 System Idle Process 4 System 424 C:\Windows\System32\smss.exe 556 csrss.exe 608 C:\Windows\System32\wininit.exe 620 csrss.exe 652 C:\Windows\System32\services.exe 668 C:\Windows\System32\lsass.exe 676 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\winlogon.exe 860 C:\Windows\System32\svchost.exe 904 C:\Windows\System32\nvvsvc.exe 932 C:\Windows\System32\svchost.exe 972 C:\Windows\System32\svchost.exe 1068 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1248 C:\Windows\System32\audiodg.exe 1272 C:\Program Files\Creative\Shared Files\CTAudSvc.exe 1292 C:\Windows\System32\svchost.exe 1308 C:\Windows\System32\SLsvc.exe 1348 C:\Windows\System32\svchost.exe 1420 C:\Windows\System32\nvvsvc.exe 1580 C:\Windows\System32\svchost.exe 1780 C:\Windows\System32\spoolsv.exe 1804 C:\Windows\System32\svchost.exe 520 C:\Windows\System32\taskeng.exe 672 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1092 C:\Program Files\Bonjour\mDNSResponder.exe 1660 C:\Program Files\Common Files\Motive\McciCMService.exe 928 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe 2008 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe 1548 C:\Program Files\McAfee\MPF\MpfSrv.exe 1268 C:\Windows\System32\svchost.exe 2132 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 2156 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2212 C:\Program Files\Verizon\VSP\ServicepointService.exe 2240 C:\Windows\System32\svchost.exe 2300 C:\Windows\System32\svchost.exe 2356 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2400 C:\Windows\System32\SearchIndexer.exe 2480 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2504 WUDFHost.exe 2548 C:\Windows\System32\drivers\XAudio.exe 2572 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 2868 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 3924 C:\Program Files\McAfee\VirusScan\mcsysmon.exe 2640 C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe 548 WmiPrvSE.exe 1008 C:\Program Files\McAfee.com\Agent\mcagent.exe 1664 C:\Windows\System32\dwm.exe 2412 C:\Windows\System32\taskeng.exe 3776 C:\Windows\explorer.exe 3428 C:\Program Files\Windows Defender\MSASCui.exe 1432 C:\Windows\zHotkey.exe 2992 C:\Windows\ModPS2Key.exe 3088 C:\Windows\RtHDVCpl.exe 3000 C:\Program Files\Spare Backup\SpareBackup.exe 4032 C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe 2608 C:\Program Files\Razer\Lycosa\razerhid.exe 3456 C:\Program Files\Verizon\VSP\VerizonServicepoint.exe 2912 C:\Program Files\iTunes\iTunesHelper.exe 960 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3420 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 3756 C:\Program Files\Windows Media Player\wmpnscfg.exe 3068 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe 4064 C:\Program Files\OpenOffice.org 3\program\soffice.exe 1180 C:\Program Files\Razer\Lycosa\razertra.exe 4220 C:\Windows\System32\SearchProtocolHost.exe 4228 C:\Users\Sandy\AppData\Local\Apps\2.0\G7420O16.MH3\PZ2JW01N.PYK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe 4256 C:\Program Files\Mozilla Firefox\firefox.exe 4352 C:\Program Files\Windows Media Player\wmpnetwk.exe 4460 C:\Program Files\OpenOffice.org 3\program\soffice.bin 4584 C:\Windows\System32\SearchFilterHost.exe 4964 C:\Windows\System32\svchost.exe 5084 WmiPrvSE.exe 5152 C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe 5260 C:\Program Files\iPod\bin\iPodService.exe 5608 WmiPrvSE.exe 5984 C:\Users\Sandy\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`b3460400 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDC WD5000AAKS-22YGA, Rev: 12.0 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done!
  18. I tried run and cmd prompt, neither seemed to do anything, just said that "mbr" was not a recognized command. I re-ran mbr and this time it ran MUCH faster, but it looks like the same results (I saved off the previous log in a folder I created on my desktop): Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 -> \Device\0000005e device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 60 !
  19. I dislike Vista ... it doesn't have run. Do I just type "cmd" in the search box ... won't that bring up the same thing?
  20. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.0.6002 Disk: WDC_WD50 rev.12.0 -> Harddisk0\DR0 -> \Device\0000005e device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 60 !
  21. Good morning Borislav ... here's the REAL TDSS.log: 2011/01/18 05:32:01.0113 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51 2011/01/18 05:32:01.0113 ================================================================================ 2011/01/18 05:32:01.0113 SystemInfo: 2011/01/18 05:32:01.0113 2011/01/18 05:32:01.0113 OS Version: 6.0.6002 ServicePack: 2.0 2011/01/18 05:32:01.0113 Product type: Workstation 2011/01/18 05:32:01.0113 ComputerName: SANDY-PC 2011/01/18 05:32:01.0113 UserName: Sandy 2011/01/18 05:32:01.0113 Windows directory: C:\Windows 2011/01/18 05:32:01.0113 System windows directory: C:\Windows 2011/01/18 05:32:01.0113 Processor architecture: Intel x86 2011/01/18 05:32:01.0113 Number of processors: 2 2011/01/18 05:32:01.0113 Page size: 0x1000 2011/01/18 05:32:01.0113 Boot type: Normal boot 2011/01/18 05:32:01.0113 ================================================================================ 2011/01/18 05:32:01.0410 Initialize success 2011/01/18 05:32:06.0605 ================================================================================ 2011/01/18 05:32:06.0605 Scan started 2011/01/18 05:32:06.0605 Mode: Manual; 2011/01/18 05:32:06.0605 ================================================================================ 2011/01/18 05:32:06.0885 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys 2011/01/18 05:32:06.0948 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/01/18 05:32:06.0979 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/01/18 05:32:07.0026 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/01/18 05:32:07.0057 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/01/18 05:32:07.0073 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/01/18 05:32:07.0135 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/01/18 05:32:07.0182 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/01/18 05:32:07.0229 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/01/18 05:32:07.0260 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/01/18 05:32:07.0275 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/01/18 05:32:07.0307 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/01/18 05:32:07.0338 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/01/18 05:32:07.0385 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/01/18 05:32:07.0431 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/01/18 05:32:07.0463 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/01/18 05:32:07.0525 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/01/18 05:32:07.0556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/01/18 05:32:07.0619 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/01/18 05:32:07.0665 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/01/18 05:32:07.0728 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/01/18 05:32:07.0775 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/01/18 05:32:07.0806 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/01/18 05:32:07.0837 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/01/18 05:32:07.0868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/01/18 05:32:07.0899 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/01/18 05:32:07.0915 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/01/18 05:32:07.0946 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/01/18 05:32:07.0993 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/01/18 05:32:08.0024 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/01/18 05:32:08.0055 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/01/18 05:32:08.0102 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/01/18 05:32:08.0165 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/01/18 05:32:08.0180 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/01/18 05:32:08.0211 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/01/18 05:32:08.0243 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/01/18 05:32:08.0305 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/01/18 05:32:08.0367 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\Windows\system32\drivers\dadder.sys 2011/01/18 05:32:08.0399 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/01/18 05:32:08.0477 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/01/18 05:32:08.0539 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/01/18 05:32:08.0586 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys 2011/01/18 05:32:08.0617 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/01/18 05:32:08.0695 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/01/18 05:32:08.0742 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/01/18 05:32:08.0851 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/01/18 05:32:08.0882 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/01/18 05:32:08.0945 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/01/18 05:32:09.0007 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/01/18 05:32:09.0038 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/01/18 05:32:09.0069 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/01/18 05:32:09.0101 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/01/18 05:32:09.0132 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/01/18 05:32:09.0163 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/01/18 05:32:09.0210 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/01/18 05:32:09.0288 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/01/18 05:32:09.0335 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/01/18 05:32:09.0366 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/01/18 05:32:09.0397 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/01/18 05:32:09.0444 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/01/18 05:32:09.0491 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/01/18 05:32:09.0569 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/01/18 05:32:09.0678 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 2011/01/18 05:32:09.0787 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/01/18 05:32:09.0849 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/01/18 05:32:09.0896 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/01/18 05:32:09.0959 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys 2011/01/18 05:32:10.0005 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/01/18 05:32:10.0037 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/01/18 05:32:10.0115 IntcAzAudAddService (389f5d4859f4300d52ead838f1a17131) C:\Windows\system32\drivers\RTKVHDA.sys 2011/01/18 05:32:10.0146 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/01/18 05:32:10.0177 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/01/18 05:32:10.0224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/01/18 05:32:10.0271 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/01/18 05:32:10.0317 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/01/18 05:32:10.0473 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/01/18 05:32:10.0567 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/01/18 05:32:10.0598 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/01/18 05:32:10.0629 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/01/18 05:32:10.0645 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/01/18 05:32:10.0676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/01/18 05:32:10.0707 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/01/18 05:32:10.0754 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/01/18 05:32:10.0817 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/01/18 05:32:10.0863 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/01/18 05:32:10.0879 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/01/18 05:32:10.0910 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/01/18 05:32:10.0957 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/01/18 05:32:11.0004 LycoFltr (f90bde6e9c7b6015edf1dc99a97b00c9) C:\Windows\system32\Drivers\Lycosa.sys 2011/01/18 05:32:11.0113 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/01/18 05:32:11.0144 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/01/18 05:32:11.0191 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys 2011/01/18 05:32:11.0238 mfebopk (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys 2011/01/18 05:32:11.0316 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys 2011/01/18 05:32:11.0378 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys 2011/01/18 05:32:11.0441 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys 2011/01/18 05:32:11.0456 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/01/18 05:32:11.0487 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/01/18 05:32:11.0519 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/01/18 05:32:11.0550 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/01/18 05:32:11.0565 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/01/18 05:32:11.0612 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys 2011/01/18 05:32:11.0721 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/01/18 05:32:11.0737 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/01/18 05:32:11.0784 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/01/18 05:32:11.0815 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/01/18 05:32:11.0846 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/01/18 05:32:11.0940 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/01/18 05:32:12.0033 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/01/18 05:32:12.0127 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/01/18 05:32:12.0158 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/01/18 05:32:12.0205 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/01/18 05:32:12.0252 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/01/18 05:32:12.0283 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/01/18 05:32:12.0314 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/01/18 05:32:12.0345 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/01/18 05:32:12.0377 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/01/18 05:32:12.0408 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/01/18 05:32:12.0423 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/01/18 05:32:12.0455 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/01/18 05:32:12.0501 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/01/18 05:32:12.0564 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/01/18 05:32:12.0611 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/01/18 05:32:12.0642 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/01/18 05:32:12.0673 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/01/18 05:32:12.0720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/01/18 05:32:12.0751 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/01/18 05:32:12.0767 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/01/18 05:32:12.0876 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys 2011/01/18 05:32:12.0985 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/01/18 05:32:13.0032 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/01/18 05:32:13.0063 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/01/18 05:32:13.0125 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/01/18 05:32:13.0172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/01/18 05:32:13.0203 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/01/18 05:32:13.0422 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/01/18 05:32:13.0484 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/01/18 05:32:13.0515 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/01/18 05:32:13.0547 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys 2011/01/18 05:32:13.0578 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/01/18 05:32:13.0656 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/01/18 05:32:13.0718 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2011/01/18 05:32:13.0734 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/01/18 05:32:13.0749 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2011/01/18 05:32:13.0796 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/01/18 05:32:13.0827 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/01/18 05:32:13.0874 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/01/18 05:32:13.0921 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/01/18 05:32:13.0999 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/01/18 05:32:14.0046 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/01/18 05:32:14.0124 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/01/18 05:32:14.0171 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/01/18 05:32:14.0202 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/01/18 05:32:14.0249 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/01/18 05:32:14.0280 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/01/18 05:32:14.0311 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/01/18 05:32:14.0342 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/01/18 05:32:14.0373 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/01/18 05:32:14.0420 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/01/18 05:32:14.0467 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/01/18 05:32:14.0498 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/01/18 05:32:14.0514 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/01/18 05:32:14.0545 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/01/18 05:32:14.0592 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/01/18 05:32:14.0623 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/01/18 05:32:14.0670 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys 2011/01/18 05:32:14.0701 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/01/18 05:32:14.0748 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2011/01/18 05:32:14.0779 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2011/01/18 05:32:14.0810 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/01/18 05:32:14.0857 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/01/18 05:32:14.0888 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/01/18 05:32:14.0935 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/01/18 05:32:14.0951 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/01/18 05:32:14.0982 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/01/18 05:32:15.0013 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/01/18 05:32:15.0029 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/01/18 05:32:15.0075 skfiltv (5e9619da2c4b0a1b6deb3568f3996cc0) C:\Windows\system32\drivers\skfiltv.sys 2011/01/18 05:32:15.0153 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/01/18 05:32:15.0200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/01/18 05:32:15.0247 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/01/18 05:32:15.0372 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/01/18 05:32:15.0465 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/01/18 05:32:15.0559 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/01/18 05:32:15.0606 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/01/18 05:32:15.0668 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/01/18 05:32:15.0715 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/01/18 05:32:15.0793 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/01/18 05:32:15.0887 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/01/18 05:32:15.0933 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/01/18 05:32:16.0027 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/01/18 05:32:16.0058 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/01/18 05:32:16.0089 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/01/18 05:32:16.0121 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/01/18 05:32:16.0183 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/01/18 05:32:16.0230 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/01/18 05:32:16.0277 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/01/18 05:32:16.0370 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/01/18 05:32:16.0417 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/01/18 05:32:16.0464 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/01/18 05:32:16.0511 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/01/18 05:32:16.0526 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/01/18 05:32:16.0557 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/01/18 05:32:16.0604 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/01/18 05:32:16.0651 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/01/18 05:32:16.0776 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/01/18 05:32:16.0807 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/01/18 05:32:16.0838 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/01/18 05:32:16.0885 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/01/18 05:32:16.0916 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/01/18 05:32:16.0947 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/01/18 05:32:16.0994 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/01/18 05:32:17.0025 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/01/18 05:32:17.0057 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/01/18 05:32:17.0088 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/01/18 05:32:17.0135 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/01/18 05:32:17.0181 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/01/18 05:32:17.0197 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/01/18 05:32:17.0228 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/01/18 05:32:17.0244 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/01/18 05:32:17.0291 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/01/18 05:32:17.0322 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/01/18 05:32:17.0353 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/01/18 05:32:17.0384 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/01/18 05:32:17.0431 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/01/18 05:32:17.0462 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/18 05:32:17.0493 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/01/18 05:32:17.0525 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/01/18 05:32:17.0571 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/01/18 05:32:17.0649 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/01/18 05:32:17.0805 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/01/18 05:32:17.0868 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/01/18 05:32:17.0930 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/01/18 05:32:17.0977 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys 2011/01/18 05:32:18.0039 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys 2011/01/18 05:32:18.0071 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/18 05:32:18.0086 ================================================================================ 2011/01/18 05:32:18.0086 Scan finished 2011/01/18 05:32:18.0086 ================================================================================ 2011/01/18 05:32:18.0086 Detected object count: 1 2011/01/18 05:32:37.0292 \HardDisk0 - will be cured after reboot 2011/01/18 05:32:37.0292 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/18 05:32:44.0858 Deinitialize success
  22. lol, yes, I did run DDS after TDSSKiller, and I remember doing a select all in the TDSS log, but I must not have then done a Cntrl C ... it was 5:45 am my time, and I'd not had my first cup of coffee yet I won't be home for another 4 hours, but I will post the TDSS log then. Thanks for your patience!
  23. I'm sorry Borislav, I just realized that I pasted in the DDS log twice, and didn't actually copy in the TDDS log. I'm at work now and won't be home until this evening. The log is still saved off, I'll post it later this evening. My apologies. Thanks for all your help.
  24. Hi Borislav, and thank you. I downloaded and ran TDSSKiller successfully, it found and cured 1 infection. Disk Optimizer is still showing on my desktop and in programs from the start menu. Here's the TDSS.log DDS (Ver_10-12-12.02) - NTFSx86 Run by Sandy at 5:43:08.34 on Tue 01/18/2011 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_15 Microsoft
  25. MBAM Quick Scan Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5542 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 1/17/2011 7:20:54 PM mbam-log-2011-01-17 (19-20-54).txt Scan type: Quick scan Objects scanned: 157435 Time elapsed: 2 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.