Monroe2000 Posted November 20, 2011 ID:496506 Share Posted November 20, 2011 After discovering infection was intially able to run MBAM and cleaned out some files, but problems came back and MBAM won't run now. Her are my logs. THnaks.DDS:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Owner at 11:52:13 on 2011-11-20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.315 [GMT -6:00]..============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exe -k HPZ12C:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exeC:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exeC:\Program Files\SMART Technologies\Education Software\UCService.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\explorer.exeC:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exeC:\Program Files\LP\42DC\0CA.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\Documents and Settings\Owner\Application Data\C8A5D\ABA42.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exe.============== Pseudo HJT Report ===============.uSearch Bar = hxxp://www.google.com/ieuStart Page = hxxp://www.google.ca/uSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuInternet Settings,ProxyServer = http=127.0.0.1:50323uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuWinlogon: Shell=c:\documents and settings\owner\local settings\application data\ca8df1df\XBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: SMART Notebook Download Utility: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLLBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"uRun: [<NO NAME>] mRun: [HPPQVideo] "c:\program files\hewlett-packard\scheduledlaunch\hp color laserjet cp1510 series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLatermRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startupmRun: [sMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"mRun: [0CA.exe] c:\program files\lp\42dc\0CA.exedRunOnce: [RunNarrator] Narrator.exeStartupFolder: c:\docume~1\owner\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exeIE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTMLIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllLSP: mswsock.dllDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cabDPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CABDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 172.16.1.254TCP: Interfaces\{1A6711E0-5D03-4294-8A60-E92617E0F933} : DhcpNameServer = 172.16.1.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLLHosts: 172.16.1.66 STC1022304.============= SERVICES / DRIVERS ===============.R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [2009-6-9 18712]R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\education software\UCService.exe [2011-7-13 311664]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]S3 cpuz;cpuz;\??\c:\docume~1\owner\locals~1\temp\cpuz.sys --> c:\docume~1\owner\locals~1\temp\cpuz.sys [?]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-2-16 249856]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-2-23 137600]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-5-14 32896]S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000].=============== Created Last 30 ================.2011-11-17 06:59:27 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe2011-11-17 06:56:24 -------- d-----w- c:\program files\Trend Micro2011-11-17 06:46:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-17 05:30:01 48016 --sha-w- c:\windows\system32\c_41281.nl_2011-11-17 03:29:53 -------- d-----w- c:\program files\5D3B92011-11-17 03:04:37 -------- d-----w- c:\documents and settings\owner\application data\C8A5D2011-11-17 03:04:35 -------- d-----w- c:\program files\LP2011-11-14 23:26:08 -------- d-sh--w- c:\documents and settings\owner\local settings\application data\ca8df1df2011-11-09 01:01:16 -------- d-----w- c:\documents and settings\owner\local settings\application data\SMART Technologies2011-11-09 00:23:59 -------- d-----w- c:\documents and settings\owner\application data\SMART Technologies2011-11-08 23:11:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\SMART Technologies Inc2011-11-08 23:11:55 -------- d-----w- c:\documents and settings\owner\application data\SMART Technologies Inc2011-11-08 23:11:11 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2011-11-08 23:11:09 -------- d-----w- c:\windows\Logs2011-11-08 23:11:00 -------- d-----w- c:\program files\National Instruments2011-11-08 23:08:16 110592 ----a-w- c:\windows\system32\tsccvid.dll2011-11-08 23:07:41 -------- d-----w- c:\documents and settings\all users\SMART Technologies2011-11-08 23:07:06 -------- d-----w- c:\documents and settings\all users\application data\SMART Technologies2011-11-08 23:06:16 -------- d-----w- c:\program files\SMART Technologies2011-11-08 23:06:16 -------- d-----w- c:\program files\common files\SMART Technologies2011-11-08 23:05:44 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations2011-11-03 22:26:19 -------- d-sh--w- c:\documents and settings\owner\PrivacIE2011-11-03 05:10:10 -------- d-sh--w- c:\documents and settings\owner\IETldCache2011-11-03 05:06:12 -------- d-----w- c:\windows\ie8updates2011-11-03 05:02:28 -------- dc-h--w- c:\windows\ie82011-11-03 04:47:42 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-11-03 04:46:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-11-03 04:46:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-11-03 04:46:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll2011-10-31 05:29:31 -------- d-----w- c:\windows\system32\XPSViewer2011-10-31 05:28:53 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll2011-10-31 05:28:37 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll2011-10-31 05:28:37 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe2011-10-31 05:28:37 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe2011-10-31 05:28:37 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll2011-10-31 05:28:37 575488 ------w- c:\windows\system32\xpsshhdr.dll2011-10-31 05:28:37 117760 ------w- c:\windows\system32\prntvpt.dll2011-10-31 05:28:36 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll2011-10-31 05:28:36 1676288 ------w- c:\windows\system32\xpssvcs.dll2011-10-31 05:28:36 -------- d-----w- C:\e62a6fbdd593e9c22d47383f8490f62011-10-31 01:25:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.22011-10-30 21:11:17 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll2011-10-30 20:34:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll2011-10-30 20:32:52 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys2011-10-30 20:31:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll2011-10-30 20:29:40 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll2011-10-30 20:29:39 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe2011-10-30 20:29:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe2011-10-30 20:29:36 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe2011-10-30 20:29:35 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe2011-10-30 20:29:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe2011-10-30 20:29:14 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll2011-10-30 20:29:14 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll2011-10-30 20:24:50 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe2011-10-30 20:24:35 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys2011-10-30 20:24:31 153088 -c----w- c:\windows\system32\dllcache\triedit.dll2011-10-30 20:24:25 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys2011-10-30 20:15:51 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-10-30 20:15:11 284160 -c----w- c:\windows\system32\dllcache\pdh.dll2011-10-30 20:15:09 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll2011-10-30 20:15:08 110592 -c----w- c:\windows\system32\dllcache\services.exe2011-10-30 20:15:07 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll2011-10-30 20:15:05 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe2011-10-30 20:15:02 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll2011-10-30 20:14:57 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll2011-10-30 20:13:21 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll2011-10-30 20:12:07 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll2011-10-30 19:53:04 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe2011-10-30 19:52:42 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys2011-10-30 19:46:07 45568 -c----w- c:\windows\system32\dllcache\wab.exe2011-10-30 19:45:58 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll2011-10-30 19:45:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll2011-10-30 19:41:22 274288 ----a-w- c:\windows\system32\mucltui.dll2011-10-30 19:41:22 215920 ----a-w- c:\windows\system32\muweb.dll2011-10-30 19:41:22 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2011-10-30 16:13:35 -------- d-----w- c:\documents and settings\all users\Microsoft2011-10-30 16:11:45 -------- d-----w- c:\program files\Microsoft Visual Studio 82011-10-30 16:08:34 -------- d-----w- c:\program files\Microsoft Analysis Services2011-10-30 16:08:15 -------- d-----w- c:\windows\SHELLNEW2011-10-30 16:07:21 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Help.==================== Find3M ====================.2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 17:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl2010-01-05 22:56:29 5940 ----a-w- c:\program files\display.drv2003-09-04 22:18:14 512 ----a-w- c:\program files\layout.bin2003-08-18 20:00:10 1282048 ----a-w- c:\program files\Game.exe2003-04-17 01:19:58 375808 ----a-w- c:\program files\binkw32.dll2001-09-05 11:23:24 56320 ----a-w- c:\program files\Setup.exe2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll.============= FINISH: 11:52:26.40 ===============Attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 5/2/2006 5:40:03 PMSystem Uptime: 11/20/2011 8:32:52 AM (3 hours ago).Motherboard: First International Computer, Inc. | | K8M-800MProcessor: AMD Sempron Processor 3100+ | Socket 754 | 1800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 89 GiB total, 4.699 GiB free.D: is FIXED (FAT32) - 4 GiB total, 2.726 GiB free.F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}Description: CD-ROM DriveDevice ID: IDE\CDROMTSSTCORP_CDW/DVD_TS-H492C_______________GA01____\5&242C7B38&0&0.0.0Manufacturer: (Standard CD-ROM drives)Name: TSSTcorp CDW/DVD TS-H492CPNP Device ID: IDE\CDROMTSSTCORP_CDW/DVD_TS-H492C_______________GA01____\5&242C7B38&0&0.0.0Service: cdrom.Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}Description: Rockwell HCF 56K Data Fax RTAD PCI ModemDevice ID: ROOT\MODEM\0001Manufacturer: Name: Rockwell HCF 56K Data Fax RTAD PCI ModemPNP Device ID: ROOT\MODEM\0001Service: .==== System Restore Points ===================.RP1463: 8/23/2011 5:17:47 PM - System CheckpointRP1464: 8/25/2011 1:59:31 PM - System CheckpointRP1465: 8/27/2011 7:14:37 PM - System CheckpointRP1466: 8/28/2011 7:50:52 PM - System CheckpointRP1467: 8/29/2011 9:16:39 PM - System CheckpointRP1468: 9/2/2011 5:23:53 PM - System CheckpointRP1469: 9/5/2011 1:40:45 PM - System CheckpointRP1470: 9/6/2011 2:08:36 PM - System CheckpointRP1471: 9/8/2011 12:17:58 PM - System CheckpointRP1472: 9/9/2011 5:03:48 PM - System CheckpointRP1473: 9/9/2011 5:55:57 PM - Software Distribution Service 3.0RP1474: 9/10/2011 7:20:25 PM - System CheckpointRP1475: 9/12/2011 10:56:17 AM - System CheckpointRP1476: 9/13/2011 5:06:01 PM - System CheckpointRP1477: 9/14/2011 10:31:49 PM - System CheckpointRP1478: 9/17/2011 9:23:28 AM - System CheckpointRP1479: 9/18/2011 4:03:07 PM - System CheckpointRP1480: 9/20/2011 9:58:53 PM - System CheckpointRP1481: 9/22/2011 5:39:52 PM - System CheckpointRP1482: 9/24/2011 11:38:18 PM - System CheckpointRP1483: 9/27/2011 9:34:23 AM - System CheckpointRP1484: 9/29/2011 7:19:34 PM - System CheckpointRP1485: 10/2/2011 1:18:43 PM - System CheckpointRP1486: 10/4/2011 11:40:55 AM - System CheckpointRP1487: 10/5/2011 12:25:21 PM - System CheckpointRP1488: 10/6/2011 6:14:07 PM - System CheckpointRP1489: 10/10/2011 8:58:16 PM - System CheckpointRP1490: 10/11/2011 10:20:08 PM - System CheckpointRP1491: 10/13/2011 4:59:44 PM - System CheckpointRP1492: 10/14/2011 6:48:44 PM - System CheckpointRP1493: 10/16/2011 9:17:47 PM - System CheckpointRP1494: 10/22/2011 10:36:03 AM - System CheckpointRP1495: 10/23/2011 1:31:24 PM - System CheckpointRP1496: 10/25/2011 10:14:54 PM - System CheckpointRP1497: 10/27/2011 3:36:51 PM - System CheckpointRP1498: 10/29/2011 10:58:35 PM - System CheckpointRP1499: 10/30/2011 10:06:32 AM - Installed Microsoft Office Professional Plus 2010RP1500: 10/30/2011 6:54:33 PM - Software Distribution Service 3.0RP1501: 10/30/2011 11:27:27 PM - Software Distribution Service 3.0RP1502: 10/30/2011 11:46:16 PM - Printer Driver Microsoft XPS Document Writer InstalledRP1503: 10/31/2011 4:53:15 PM - Software Distribution Service 3.0RP1504: 11/1/2011 10:39:42 PM - System CheckpointRP1505: 11/2/2011 10:47:53 PM - Software Distribution Service 3.0RP1506: 11/2/2011 11:03:50 PM - Installed Windows Internet Explorer 8.RP1507: 11/2/2011 11:05:02 PM - Software Distribution Service 3.0RP1508: 11/3/2011 9:19:15 PM - Software Distribution Service 3.0RP1509: 11/6/2011 12:26:11 PM - System CheckpointRP1510: 11/7/2011 6:03:12 PM - System CheckpointRP1511: 11/8/2011 5:06:12 PM - Installed SMART Common Platform.RP1512: 11/8/2011 5:07:39 PM - Installed SMART Product Drivers.RP1513: 11/8/2011 5:09:44 PM - Installed SMART Notebook.RP1514: 11/10/2011 7:31:54 AM - Software Distribution Service 3.0RP1515: 11/10/2011 5:22:08 PM - Software Distribution Service 3.0RP1516: 11/11/2011 6:17:32 PM - System CheckpointRP1517: 11/13/2011 4:41:47 PM - System CheckpointRP1518: 11/15/2011 10:48:40 PM - System CheckpointRP1519: 11/17/2011 12:56:22 AM - Installed HiJackThisRP1520: 11/17/2011 12:58:57 AM - Removed HiJackThisRP1521: 11/17/2011 12:59:26 AM - Installed HiJackThisRP1522: 11/17/2011 1:31:09 AM - Software Distribution Service 3.0RP1523: 11/18/2011 5:14:40 PM - System CheckpointRP1524: 11/20/2011 11:04:56 AM - System Checkpoint.==== Installed Programs ======================.µTorrent32 Bit HP BiDi Channel Components Installer3D Groove Playback Engine7-Zip 4.42ABC Spelling and MathAdobe Digital EditionsAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 8.1.4Adobe Shockwave Player 11.5AnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateATI - Software Uninstall UtilityATI Catalyst Control CenterATI Display DriverAudacity 1.2.6AVS Disc Creator version 2.1Backyard Soccer 2004BigFixBlackBerry Desktop Software 5.0.1BlackBerry® Media SyncBonjourBufferChmcalibreCamera Support Core LibraryCamera Window DSCamera Window DVCCamera Window MCCanon Camera Support Core LibraryCanon Camera Window DC_DV 5 for ZoomBrowser EXCanon Camera Window DS for ZoomBrowser EXCanon Camera Window MC 5 for ZoomBrowser EXCanon PhotoRecordCanon RAW Image Task for ZoomBrowser EXCanon Utilities PhotoStitch 3.1Canon ZoomBrowser EXCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews Commonccc-core-preinstallccc-core-staticccc-utilityCCC Help EnglishCCleaner (remove only)Compatibility Pack for the 2007 Office systemCustomerResearchQFolderDefinition update for Microsoft Office 2010 (KB982726) 32-Bit EditionDeviceDiscoveryDeviceManagementQFolderDigital Media ReaderDocuCom PDF GoldeMusic Download Manager 4.1.4Exact Audio Copy 0.99pb4FLAC 1.2.1b (remove only)Free M4a to MP3 Converter 6.1GmoteServerGoogle EarthGoogle GearsGoogle Toolbar for Internet ExplorerGoogle Update HelperHiJackThisHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)HP Color LaserJet CP1510 Series 2.0HP Customer Participation Program 9.0HP Imaging Device Functions 9.0HP Photo and Imaging 2.0 - All-in-OneHP Photo and Imaging 2.0 - All-in-One DriversHP UpdateHPCarePackCoreHPCarePackProductshppCLJCP1510hppFontshppManualsCP1510hppPQVideoCP1510hppTLBXFXCP1510hppusgCP1510HPSSupplyhpzTLBXFXImage for Windows 2.30a TrialInfraRecorderInterActual PlayeriTunesJ2SE Runtime Environment 5.0 Update 2Japanese Fonts Support For Adobe Reader 8Java Auto UpdaterJava 6 Update 23Java SE Runtime Environment 6 Update 1KoboLernout & Hauspie TruVoice American English TTS EngineMalwarebytes' Anti-Malware version 1.51.2.1300MarketResearchMcAfee SecurityCenterMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2572067)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft ActiveSyncMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Office Word Viewer 2003Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 14Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMonopoly (remove only)Mp3 Tag Tools v1.2MSVC80_x86_v2MSVC90_x86MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Nancy Drew: Danger by DesignNancy Drew: Danger on Deception IslandNancy Drew: The Haunted CarouselNancy Drew: Treasure in the Royal TowerNeat Image v5 Demo (with plug-in)Nokia Connectivity Cable DriverNokia Ovi SuiteNokia Ovi Suite Software Updateroggcodecs 0.71.0946OpenOffice.org 2.0Opera 9.50OrbOrb Runtime librariesOvi Desktop Sync EngineOviMPlatformPC Connectivity SolutionPhotoStitchPowerDVDProduct_SF_Full_QFolderProduct_SF_Min_QFolderQuicken 2009QuickTimeRealPlayerRealtek AC'97 AudioREALTEK Gigabit and Fast Ethernet NIC DriverRecovery Software Suite eMachinesS3GSetupSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft Excel 2010 (KB2553070)Security Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2586448)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982665)Simply Accounting by Sage 2007SkinsSMART Common PlatformSMART NotebookSMART Product DriversSoftV92 Data Fax Modem with SmartCPSUPER © Version 2009.bld.35 (Jan 5, 2009)TBIView 4.08The Print Shop® 6.0 DeluxeTOD 012007TrayAppUniChrome Series Driver and UtilitiesUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553455) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553323) 32-Bit EditionUpdate for Microsoft Outlook Social Connector (KB2583935)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2641690)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB953356)Update for Windows XP (KB955759)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VideoLAN VLC media player 0.8.6eViewpoint Media PlayerVoiceOver KitWeb Stream Recorder Pro 1.3WebEx Record and PlaybackWebFldrs XPWebRegWinampWindows Backup UtilityWindows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)Windows Installer 3.1 (KB893803)Windows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3WinFF 0.42WinPcap 3.1 beta3WinRAR archiverWMPTagSupportExtender.==== Event Viewer Messages From Past Week ========.11/18/2011 11:05:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}11/18/2011 11:05:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cdrom Fips Imapi IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss szkg Tcpip11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/18/2011 11:04:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}11/18/2011 11:04:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}11/18/2011 11:04:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/17/2011 9:39:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Fips Imapi szkg11/17/2011 9:39:33 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The crypto system or checksum function is invalid because a required function is unavailable.11/17/2011 9:38:44 PM, error: Fips [1] - 11/17/2011 12:34:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi szkg11/16/2011 9:34:27 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.11/16/2011 9:16:04 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.11/16/2011 9:06:33 PM, error: Service Control Manager [7031] - The SMART Display Controller service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.11/16/2011 9:06:18 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).11/16/2011 9:06:11 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).11/16/2011 9:03:56 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).11/16/2011 11:31:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt Cdrom CmdIde Cpqarray dac2w2k dac960nt dpti2o gagp30kx hpn i2omp Imapi ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 szkg TosIde ultra viaagp11/15/2011 9:23:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o gagp30kx hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 szkg TosIde ultra viaagp11/15/2011 4:53:36 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.11/15/2011 4:53:35 PM, error: ati2mtag [45062] - CRT invalid display type11/15/2011 4:53:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg11/15/2011 1:59:08 AM, error: Service Control Manager [7034] - The SMART Board Service service terminated unexpectedly. It has done this 1 time(s).11/15/2011 1:01:36 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.11/15/2011 1:01:24 AM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).11/14/2011 8:04:24 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service..==== End Of File ===========================please help. I'm dyin here! Link to post Share on other sites More sharing options...
LDTate Posted November 25, 2011 ID:498180 Share Posted November 25, 2011 Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.Consider what other private information could possibly have been taken from your computer and take appropriate stepsRemoving this infection can also disable the ability to connect to the internet.This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.Please post back to let me know how you wish to proceed. Link to post Share on other sites More sharing options...
Monroe2000 Posted November 26, 2011 Author ID:498222 Share Posted November 26, 2011 ack. thanks for the advice. I'm away from the computer, but will start changing passwords. Unfortunately, I don't think I ever made a backup of the system files, so will look into new os. will reformat of partition and reinstall of os take care of everything, or do I also need to clean the system? Thanks. Link to post Share on other sites More sharing options...
Monroe2000 Posted November 26, 2011 Author ID:498223 Share Posted November 26, 2011 sorry,I should also have said that I subsequently ran another online scan which did not take care of the virus either. I will rerun dds and post the new log if that helps. please let me know. Link to post Share on other sites More sharing options...
LDTate Posted November 26, 2011 ID:498245 Share Posted November 26, 2011 I would suggest a Repair Install.http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/ Link to post Share on other sites More sharing options...
Monroe2000 Posted November 27, 2011 Author ID:498775 Share Posted November 27, 2011 Thank you very much LDT. I am off to track down a winXP CD. If I do the repair, do I still need to clean the system or does the XP repair get rid of the virus/trojan? Link to post Share on other sites More sharing options...
LDTate Posted November 27, 2011 ID:498780 Share Posted November 27, 2011 After you do the repair install, run a new MBAM scan and a scan with your anti-virus program.Post back and let me know how it's running. Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2011 ID:500103 Share Posted December 1, 2011 How are you doing? Link to post Share on other sites More sharing options...
Monroe2000 Posted December 1, 2011 Author ID:500239 Share Posted December 1, 2011 How are you doing?Thanks for checking back. I am still trying to track down a cd copy of xp, cause I didn't get one with the computer and never created the backup disks - stupid, I know. Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2011 ID:500256 Share Posted December 1, 2011 Lets try to clean it thenLogs will be closed if you haven't replied within 3 days Please don't attach the scans / logs from these scans, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Download TDSSKiller from here and save it to your Desktop.Note: if the Cure option is not there, please select 'Skip'. Please read carefully and follow these steps. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Link to post Share on other sites More sharing options...
Monroe2000 Posted December 1, 2011 Author ID:500277 Share Posted December 1, 2011 K, thanks.17:47:27.0781 3072 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:4417:47:28.0078 3072 ============================================================17:47:28.0078 3072 Current date / time: 2011/12/01 17:47:28.007817:47:28.0078 3072 SystemInfo:17:47:28.0078 3072 17:47:28.0078 3072 OS Version: 5.1.2600 ServicePack: 3.017:47:28.0078 3072 Product type: Workstation17:47:28.0078 3072 ComputerName: DEN17:47:28.0078 3072 UserName: Owner17:47:28.0078 3072 Windows directory: C:\WINDOWS17:47:28.0078 3072 System windows directory: C:\WINDOWS17:47:28.0078 3072 Processor architecture: Intel x8617:47:28.0078 3072 Number of processors: 117:47:28.0078 3072 Page size: 0x100017:47:28.0078 3072 Boot type: Normal boot17:47:28.0078 3072 ============================================================17:47:28.0250 3072 Initialize success17:48:00.0593 1208 ============================================================17:48:00.0593 1208 Scan started17:48:00.0593 1208 Mode: Manual; SigCheck; TDLFS; 17:48:00.0593 1208 ============================================================17:48:00.0703 1208 .redbook - ok17:48:00.0812 1208 Abiosdsk - ok17:48:00.0921 1208 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS17:48:01.0125 1208 abp480n5 - ok17:48:01.0265 1208 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys17:48:01.0421 1208 ACPI - ok17:48:01.0531 1208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys17:48:01.0671 1208 ACPIEC - ok17:48:01.0796 1208 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys17:48:01.0953 1208 adpu160m - ok17:48:02.0125 1208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys17:48:02.0265 1208 aec - ok17:48:02.0390 1208 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys17:48:02.0453 1208 AFD - ok17:48:02.0593 1208 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys17:48:02.0750 1208 agp440 - ok17:48:02.0875 1208 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys17:48:03.0000 1208 agpCPQ - ok17:48:03.0109 1208 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys17:48:03.0171 1208 Aha154x - ok17:48:03.0281 1208 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys17:48:03.0437 1208 aic78u2 - ok17:48:03.0593 1208 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys17:48:03.0734 1208 aic78xx - ok17:48:03.0875 1208 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS17:48:03.0984 1208 ALCXSENS - ok17:48:04.0140 1208 ALCXWDM (6725434f5eb0a975b7716d68566e5d86) C:\WINDOWS\system32\drivers\ALCXWDM.SYS17:48:04.0265 1208 ALCXWDM - ok17:48:04.0406 1208 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys17:48:04.0562 1208 AliIde - ok17:48:04.0687 1208 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys17:48:04.0828 1208 alim1541 - ok17:48:04.0984 1208 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys17:48:05.0109 1208 amdagp - ok17:48:05.0218 1208 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys17:48:05.0296 1208 amsint - ok17:48:05.0437 1208 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys17:48:05.0593 1208 asc - ok17:48:05.0734 1208 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys17:48:05.0796 1208 asc3350p - ok17:48:05.0937 1208 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys17:48:06.0109 1208 asc3550 - ok17:48:06.0281 1208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys17:48:06.0421 1208 AsyncMac - ok17:48:06.0562 1208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys17:48:06.0703 1208 atapi - ok17:48:06.0812 1208 Atdisk - ok17:48:07.0046 1208 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys17:48:07.0218 1208 ati2mtag - ok17:48:07.0390 1208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys17:48:07.0515 1208 Atmarpc - ok17:48:07.0656 1208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys17:48:07.0828 1208 audstub - ok17:48:07.0968 1208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys17:48:08.0156 1208 Beep - ok17:48:08.0296 1208 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys17:48:08.0437 1208 BthEnum - ok17:48:08.0593 1208 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys17:48:08.0718 1208 BTHMODEM - ok17:48:08.0843 1208 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys17:48:08.0984 1208 BthPan - ok17:48:09.0125 1208 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys17:48:09.0171 1208 BTHPORT - ok17:48:09.0312 1208 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys17:48:09.0437 1208 BTHUSB - ok17:48:09.0578 1208 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys17:48:09.0750 1208 cbidf - ok17:48:09.0890 1208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys17:48:10.0078 1208 cbidf2k - ok17:48:10.0218 1208 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys17:48:10.0281 1208 cd20xrnt - ok17:48:10.0421 1208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys17:48:10.0593 1208 Cdaudio - ok17:48:10.0718 1208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys17:48:10.0875 1208 Cdfs - ok17:48:10.0968 1208 Cdrom - ok17:48:11.0062 1208 Changer - ok17:48:11.0171 1208 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys17:48:11.0343 1208 CmdIde - ok17:48:11.0500 1208 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys17:48:11.0671 1208 Cpqarray - ok17:48:11.0812 1208 cpuz - ok17:48:11.0953 1208 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys17:48:12.0140 1208 dac2w2k - ok17:48:12.0281 1208 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys17:48:12.0453 1208 dac960nt - ok17:48:12.0609 1208 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys17:48:12.0718 1208 Disk - ok17:48:12.0906 1208 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys17:48:13.0062 1208 dmboot - ok17:48:13.0203 1208 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys17:48:13.0328 1208 dmio - ok17:48:13.0468 1208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys17:48:13.0640 1208 dmload - ok17:48:13.0781 1208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys17:48:13.0906 1208 DMusic - ok17:48:14.0078 1208 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys17:48:14.0250 1208 dpti2o - ok17:48:14.0375 1208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys17:48:14.0500 1208 drmkaud - ok17:48:14.0656 1208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys17:48:14.0812 1208 Fastfat - ok17:48:14.0968 1208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys17:48:15.0109 1208 Fdc - ok17:48:15.0250 1208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\tsk42.tmp17:48:15.0250 1208 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk42.tmp. md5: d45926117eb9fa946a6af572fbe1caa317:48:15.0390 1208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys17:48:15.0515 1208 Flpydisk - ok17:48:15.0656 1208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys17:48:15.0796 1208 FltMgr - ok17:48:15.0937 1208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys17:48:16.0109 1208 Fs_Rec - ok17:48:16.0250 1208 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys17:48:16.0421 1208 Ftdisk - ok17:48:16.0562 1208 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys17:48:16.0687 1208 gagp30kx - ok17:48:16.0828 1208 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys17:48:16.0843 1208 GEARAspiWDM - ok17:48:16.0984 1208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys17:48:17.0109 1208 Gpc - ok17:48:17.0296 1208 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys17:48:17.0828 1208 HCF_MSFT - ok17:48:17.0984 1208 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys17:48:18.0109 1208 HidUsb - ok17:48:18.0281 1208 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys17:48:19.0062 1208 HPFXBULK - ok17:48:19.0203 1208 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys17:48:19.0375 1208 hpn - ok17:48:19.0531 1208 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys17:48:19.0562 1208 HPZid412 - ok17:48:19.0718 1208 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys17:48:19.0765 1208 HPZipr12 - ok17:48:19.0906 1208 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys17:48:19.0984 1208 HPZius12 - ok17:48:20.0140 1208 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys17:48:20.0203 1208 HSFHWBS2 - ok17:48:20.0359 1208 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys17:48:20.0468 1208 HSF_DP - ok17:48:20.0625 1208 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys17:48:20.0671 1208 HTTP - ok17:48:20.0812 1208 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys17:48:20.0953 1208 i2omgmt - ok17:48:21.0093 1208 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys17:48:21.0234 1208 i2omp - ok17:48:21.0375 1208 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys17:48:21.0500 1208 i8042prt - ok17:48:21.0640 1208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys17:48:21.0781 1208 Imapi - ok17:48:21.0921 1208 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys17:48:22.0109 1208 ini910u - ok17:48:22.0265 1208 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys17:48:22.0390 1208 IntelIde - ok17:48:22.0531 1208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys17:48:22.0656 1208 Ip6Fw - ok17:48:22.0796 1208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys17:48:22.0968 1208 IpFilterDriver - ok17:48:23.0125 1208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys17:48:23.0250 1208 IpInIp - ok17:48:23.0390 1208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys17:48:23.0531 1208 IpNat - ok17:48:23.0671 1208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys17:48:23.0812 1208 IPSec - ok17:48:23.0937 1208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys17:48:24.0062 1208 IRENUM - ok17:48:24.0234 1208 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys17:48:24.0359 1208 isapnp - ok17:48:24.0500 1208 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys17:48:24.0625 1208 Kbdclass - ok17:48:24.0765 1208 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys17:48:24.0890 1208 kbdhid - ok17:48:25.0031 1208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys17:48:25.0171 1208 kmixer - ok17:48:25.0328 1208 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys17:48:25.0406 1208 KSecDD - ok17:48:25.0531 1208 lbrtfdc - ok17:48:25.0625 1208 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\WINDOWS\system32\drivers\libusb0.sys17:48:25.0640 1208 libusb0 ( UnsignedFile.Multi.Generic ) - warning17:48:25.0640 1208 libusb0 - detected UnsignedFile.Multi.Generic (1)17:48:25.0796 1208 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys17:48:25.0828 1208 MCSTRM ( UnsignedFile.Multi.Generic ) - warning17:48:25.0828 1208 MCSTRM - detected UnsignedFile.Multi.Generic (1)17:48:25.0968 1208 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys17:48:26.0015 1208 mdmxsdk - ok17:48:26.0156 1208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys17:48:26.0328 1208 mnmdd - ok17:48:26.0484 1208 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys17:48:26.0593 1208 Modem - ok17:48:26.0734 1208 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys17:48:26.0859 1208 Mouclass - ok17:48:27.0000 1208 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys17:48:27.0203 1208 mouhid - ok17:48:27.0343 1208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys17:48:27.0484 1208 MountMgr - ok17:48:27.0609 1208 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys17:48:27.0796 1208 mraid35x - ok17:48:27.0937 1208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys17:48:28.0062 1208 MRxDAV - ok17:48:28.0234 1208 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys17:48:28.0296 1208 MRxSmb - ok17:48:28.0437 1208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys17:48:28.0578 1208 Msfs - ok17:48:28.0718 1208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys17:48:28.0843 1208 MSKSSRV - ok17:48:29.0000 1208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys17:48:29.0218 1208 MSPCLOCK - ok17:48:29.0359 1208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys17:48:29.0484 1208 MSPQM - ok17:48:29.0609 1208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys17:48:29.0734 1208 mssmbios - ok17:48:29.0890 1208 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys17:48:29.0921 1208 Mup - ok17:48:30.0078 1208 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys17:48:30.0250 1208 mxnic - ok17:48:30.0390 1208 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys17:48:30.0531 1208 NDIS - ok17:48:30.0656 1208 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys17:48:30.0703 1208 NdisTapi - ok17:48:30.0843 1208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys17:48:30.0968 1208 Ndisuio - ok17:48:31.0125 1208 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys17:48:31.0265 1208 NdisWan - ok17:48:31.0390 1208 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys17:48:31.0453 1208 NDProxy - ok17:48:31.0593 1208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys17:48:31.0703 1208 NetBIOS - ok17:48:31.0843 1208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys17:48:31.0984 1208 NetBT - ok17:48:32.0156 1208 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys17:48:32.0281 1208 nm - ok17:48:32.0421 1208 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys17:48:32.0609 1208 nmwcd - ok17:48:32.0750 1208 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys17:48:32.0812 1208 nmwcdc - ok17:48:32.0968 1208 nmwcdnsu (28d40797bcb050321fa6674b08a620c0) C:\WINDOWS\system32\drivers\nmwcdnsu.sys17:48:33.0046 1208 nmwcdnsu - ok17:48:33.0171 1208 NPF (74a1d72a79a58436159c924cc34f1c1d) C:\WINDOWS\system32\drivers\npf.sys17:48:33.0187 1208 NPF ( UnsignedFile.Multi.Generic ) - warning17:48:33.0187 1208 NPF - detected UnsignedFile.Multi.Generic (1)17:48:33.0343 1208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys17:48:33.0468 1208 Npfs - ok17:48:33.0609 1208 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys17:48:33.0750 1208 Ntfs - ok17:48:33.0890 1208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys17:48:34.0062 1208 Null - ok17:48:34.0265 1208 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys17:48:34.0437 1208 nv - ok17:48:34.0578 1208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys17:48:34.0750 1208 NwlnkFlt - ok17:48:34.0890 1208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys17:48:35.0062 1208 NwlnkFwd - ok17:48:35.0218 1208 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys17:48:35.0343 1208 P3 - ok17:48:35.0484 1208 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys17:48:35.0609 1208 Parport - ok17:48:35.0765 1208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys17:48:35.0890 1208 PartMgr - ok17:48:36.0031 1208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys17:48:36.0203 1208 ParVdm - ok17:48:36.0343 1208 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys17:48:36.0375 1208 pccsmcfd - ok17:48:36.0515 1208 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys17:48:37.0078 1208 PCI - ok17:48:37.0203 1208 PCIDump - ok17:48:37.0359 1208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys17:48:37.0515 1208 PCIIde - ok17:48:37.0656 1208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys17:48:37.0796 1208 Pcmcia - ok17:48:37.0906 1208 PDCOMP - ok17:48:37.0953 1208 PDFRAME - ok17:48:38.0046 1208 PDRELI - ok17:48:38.0140 1208 PDRFRAME - ok17:48:38.0234 1208 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys17:48:38.0421 1208 perc2 - ok17:48:38.0562 1208 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys17:48:38.0718 1208 perc2hib - ok17:48:38.0875 1208 phylock (31f99ba84d72d44731b30c7b08ba8e34) C:\WINDOWS\system32\drivers\phylock.sys17:48:38.0875 1208 phylock - ok17:48:39.0031 1208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys17:48:39.0156 1208 PptpMiniport - ok17:48:39.0296 1208 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys17:48:39.0421 1208 Processor - ok17:48:39.0578 1208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys17:48:39.0718 1208 PSched - ok17:48:39.0875 1208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys17:48:40.0046 1208 Ptilink - ok17:48:40.0187 1208 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys17:48:40.0187 1208 PxHelp20 - ok17:48:40.0328 1208 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys17:48:40.0500 1208 ql1080 - ok17:48:40.0640 1208 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys17:48:40.0796 1208 Ql10wnt - ok17:48:40.0953 1208 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys17:48:41.0109 1208 ql12160 - ok17:48:41.0250 1208 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys17:48:41.0406 1208 ql1240 - ok17:48:41.0562 1208 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys17:48:41.0718 1208 ql1280 - ok17:48:41.0859 1208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys17:48:42.0015 1208 RasAcd - ok17:48:42.0375 1208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys17:48:42.0515 1208 Rasl2tp - ok17:48:42.0843 1208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys17:48:42.0984 1208 RasPppoe - ok17:48:43.0312 1208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys17:48:43.0468 1208 Raspti - ok17:48:43.0812 1208 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys17:48:43.0953 1208 Rdbss - ok17:48:44.0312 1208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys17:48:44.0640 1208 RDPCDD - ok17:48:45.0046 1208 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys17:48:45.0234 1208 rdpdr - ok17:48:45.0656 1208 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys17:48:45.0734 1208 RDPWD - ok17:48:46.0078 1208 redbook (bf9b7ce7956c3af6df12be9b6365eea8) C:\WINDOWS\system32\DRIVERS\redbook.sys17:48:46.0078 1208 redbook ( Rootkit.Win32.ZAccess.e ) - infected17:48:46.0078 1208 redbook - detected Rootkit.Win32.ZAccess.e (0)17:48:46.0437 1208 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys17:48:46.0812 1208 RFCOMM - ok17:48:47.0078 1208 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys17:48:47.0562 1208 RimUsb - ok17:48:47.0890 1208 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys17:48:48.0000 1208 RimVSerPort - ok17:48:48.0296 1208 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys17:48:48.0484 1208 ROOTMODEM - ok17:48:48.0843 1208 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys17:48:48.0890 1208 rspndr ( UnsignedFile.Multi.Generic ) - warning17:48:48.0890 1208 rspndr - detected UnsignedFile.Multi.Generic (1)17:48:49.0218 1208 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys17:48:49.0421 1208 RTL8023 - ok17:48:49.0656 1208 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys17:48:49.0859 1208 RTL8023xp - ok17:48:50.0234 1208 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS17:48:50.0343 1208 rtl8139 - ok17:48:50.0671 1208 rtl8185 (1ec5340442a5b5f7065c563ac1d8c625) C:\WINDOWS\system32\DRIVERS\rtl8185.sys17:48:50.0703 1208 rtl8185 - ok17:48:51.0046 1208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys17:48:51.0218 1208 Secdrv - ok17:48:51.0500 1208 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys17:48:51.0640 1208 serenum - ok17:48:52.0000 1208 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys17:48:52.0140 1208 Serial - ok17:48:52.0421 1208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys17:48:52.0625 1208 Sfloppy - ok17:48:52.0859 1208 Simbad - ok17:48:53.0171 1208 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys17:48:53.0250 1208 Sparrow - ok17:48:53.0562 1208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys17:48:53.0703 1208 splitter - ok17:48:54.0046 1208 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys17:48:54.0187 1208 sr - ok17:48:54.0546 1208 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys17:48:54.0671 1208 Srv - ok17:48:55.0000 1208 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys17:48:55.0000 1208 SunkFilt ( UnsignedFile.Multi.Generic ) - warning17:48:55.0000 1208 SunkFilt - detected UnsignedFile.Multi.Generic (1)17:48:55.0359 1208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys17:48:55.0500 1208 swenum - ok17:48:55.0781 1208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys17:48:55.0906 1208 swmidi - ok17:48:56.0312 1208 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys17:48:56.0453 1208 symc810 - ok17:48:56.0812 1208 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys17:48:56.0984 1208 symc8xx - ok17:48:57.0296 1208 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys17:48:57.0468 1208 sym_hi - ok17:48:57.0781 1208 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys17:48:57.0937 1208 sym_u3 - ok17:48:58.0312 1208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys17:48:58.0453 1208 sysaudio - ok17:48:58.0718 1208 szkg - ok17:48:59.0140 1208 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys17:48:59.0359 1208 Tcpip - ok17:48:59.0750 1208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys17:48:59.0890 1208 TDPIPE - ok17:49:00.0250 1208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys17:49:00.0375 1208 TDTCP - ok17:49:00.0718 1208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys17:49:00.0859 1208 TermDD - ok17:49:01.0218 1208 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys17:49:01.0406 1208 TosIde - ok17:49:01.0796 1208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys17:49:01.0921 1208 Udfs - ok17:49:02.0250 1208 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys17:49:02.0328 1208 ultra - ok17:49:02.0750 1208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys17:49:02.0921 1208 Update - ok17:49:03.0281 1208 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys17:49:03.0343 1208 upperdev - ok17:49:03.0671 1208 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys17:49:03.0781 1208 USBAAPL - ok17:49:04.0140 1208 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys17:49:04.0312 1208 usbaudio - ok17:49:04.0656 1208 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys17:49:04.0796 1208 usbccgp - ok17:49:05.0203 1208 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys17:49:05.0328 1208 usbehci - ok17:49:05.0671 1208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys17:49:05.0812 1208 usbhub - ok17:49:06.0171 1208 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys17:49:06.0312 1208 usbprint - ok17:49:06.0625 1208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys17:49:06.0765 1208 usbscan - ok17:49:07.0093 1208 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys17:49:07.0234 1208 usbser - ok17:49:07.0609 1208 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys17:49:07.0703 1208 UsbserFilt - ok17:49:08.0046 1208 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS17:49:08.0187 1208 USBSTOR - ok17:49:08.0531 1208 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys17:49:08.0671 1208 usbuhci - ok17:49:09.0015 1208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys17:49:09.0156 1208 VgaSave - ok17:49:09.0515 1208 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys17:49:09.0640 1208 viaagp - ok17:49:09.0953 1208 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys17:49:10.0000 1208 viaagp1 - ok17:49:10.0281 1208 viagfx - ok17:49:10.0625 1208 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys17:49:10.0765 1208 ViaIde - ok17:49:11.0125 1208 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys17:49:11.0265 1208 VolSnap - ok17:49:11.0593 1208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys17:49:11.0718 1208 Wanarp - ok17:49:12.0156 1208 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys17:49:12.0218 1208 wanatw - ok17:49:12.0578 1208 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys17:49:12.0750 1208 wceusbsh - ok17:49:13.0468 1208 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys17:49:13.0531 1208 Wdf01000 - ok17:49:13.0812 1208 WDICA - ok17:49:14.0187 1208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys17:49:14.0328 1208 wdmaud - ok17:49:14.0812 1208 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys17:49:15.0000 1208 winachsf - ok17:49:15.0375 1208 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys17:49:15.0578 1208 WpdUsb - ok17:49:15.0906 1208 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys17:49:15.0984 1208 WudfPf - ok17:49:16.0328 1208 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys17:49:16.0359 1208 WudfRd - ok17:49:16.0437 1208 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR017:49:17.0968 1208 \Device\Harddisk0\DR0 - ok17:49:18.0015 1208 Boot (0x1200) (979a9e79840f91451aa6b87bb75f6c5f) \Device\Harddisk0\DR0\Partition017:49:18.0031 1208 \Device\Harddisk0\DR0\Partition0 - ok17:49:18.0062 1208 Boot (0x1200) (33ccabc6298a3ed4b0ca89f2ae34443d) \Device\Harddisk0\DR0\Partition117:49:18.0078 1208 \Device\Harddisk0\DR0\Partition1 - ok17:49:18.0078 1208 ============================================================17:49:18.0078 1208 Scan finished17:49:18.0078 1208 ============================================================17:49:18.0218 0148 Detected object count: 617:49:18.0218 0148 Actual detected object count: 617:49:25.0390 0148 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user17:49:25.0390 0148 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:25.0390 0148 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user17:49:25.0390 0148 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:25.0390 0148 NPF ( UnsignedFile.Multi.Generic ) - skipped by user17:49:25.0390 0148 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:25.0781 0148 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 181317:49:28.0234 0148 Backup copy found, using it..17:49:28.0406 0148 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot17:49:46.0156 0148 C:\WINDOWS\system32\c_41281.nls - will be deleted on reboot17:49:54.0421 0148 redbook ( Rootkit.Win32.ZAccess.e ) - User select action: Cure 17:49:54.0421 0148 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user17:49:54.0421 0148 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:54.0421 0148 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user17:49:54.0421 0148 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:50:27.0828 3672 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500278 Share Posted December 2, 2011 If you haven't rebooted after that scan do so before doing the next fix.Please do not attach the scan results from Combofx. Use copy/paste.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
Monroe2000 Posted December 2, 2011 Author ID:500322 Share Posted December 2, 2011 Done. Computer seems faster than it has in a long time. First time opened homepage (igoogle) warned me that it was using a secure connection. Other than that everything seems the same as before the virus. ComboFix 11-12-01.03 - Owner 12/01/2011 19:20:32.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.469 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Default User\WINDOWSc:\documents and settings\Owner\Application Data\C8A5Dc:\documents and settings\Owner\Application Data\C8A5D\ABA42.exec:\documents and settings\Owner\Application Data\C8A5D\D3B9.8A5c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\Uc:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U\80000000.@c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U\800000cb.@c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U\800000cf.@c:\documents and settings\Owner\My Documents\DPE.DUSc:\documents and settings\Owner\WINDOWSc:\program files\LPc:\program files\LP\42DC\10.tmpc:\program files\LP\42DC\11.tmpc:\program files\LP\42DC\12.tmpc:\program files\LP\42DC\13.tmpc:\program files\LP\42DC\14.tmpc:\program files\LP\42DC\15.tmpc:\program files\LP\42DC\16.exec:\program files\LP\42DC\16.tmpc:\program files\LP\42DC\17.tmpc:\program files\LP\42DC\18.tmpc:\program files\LP\42DC\19.exec:\program files\LP\42DC\19.tmpc:\program files\LP\42DC\1A.tmpc:\program files\LP\42DC\1B.exec:\program files\LP\42DC\1B.tmpc:\program files\LP\42DC\1C.exec:\program files\LP\42DC\1C.tmpc:\program files\LP\42DC\1D.tmpc:\program files\LP\42DC\1E.tmpc:\program files\LP\42DC\1F.tmpc:\program files\LP\42DC\20.exec:\program files\LP\42DC\20.tmpc:\program files\LP\42DC\21.tmpc:\program files\LP\42DC\22.tmpc:\program files\LP\42DC\23.tmpc:\program files\LP\42DC\24.exec:\program files\LP\42DC\24.tmpc:\program files\LP\42DC\25.tmpc:\program files\LP\42DC\26.tmpc:\program files\LP\42DC\27.exec:\program files\LP\42DC\27.tmpc:\program files\LP\42DC\28.tmpc:\program files\LP\42DC\29.tmpc:\program files\LP\42DC\2A.tmpc:\program files\LP\42DC\2B.tmpc:\program files\LP\42DC\2C.exec:\program files\LP\42DC\2C.tmpc:\program files\LP\42DC\2DD0.tmpc:\program files\LP\42DC\4E.tmpc:\program files\LP\42DC\4F.tmpc:\program files\LP\42DC\50.tmpc:\program files\LP\42DC\7.exec:\program files\LP\42DC\7.tmpc:\program files\LP\42DC\8.tmpc:\program files\LP\42DC\86.tmpc:\program files\LP\42DC\8D.tmpc:\program files\LP\42DC\9.tmpc:\program files\LP\42DC\93.tmpc:\program files\LP\42DC\A.tmpc:\program files\LP\42DC\B.tmpc:\program files\LP\42DC\C.tmpc:\program files\LP\42DC\D.tmpc:\program files\LP\42DC\E.tmpc:\program files\LP\42DC\F.tmpc:\program files\Setup.exec:\program files\WinPCapc:\program files\WinPCap\daemon_mgm.exec:\program files\WinPCap\NetMonInstaller.exec:\program files\WinPCap\npf_mgm.exec:\program files\WinPCap\rpcapd.exec:\program files\WinPCap\Uninstall.exeC:\Thumbs.dbc:\windows\$NtUninstallKB50349$c:\windows\$NtUninstallKB50349$\296641204c:\windows\system32\ c:\windows\system32\config\systemprofile\WINDOWSc:\windows\system32\drivers\npf.sysc:\windows\system32\Packet.dllc:\windows\system32\pthreadVC.dllc:\windows\system32\usmt\migwiz_a.exec:\windows\system32\WanPacket.dllc:\windows\system32\wpcap.dllD:\Autorun.inf.Infected copy of c:\windows\system32\drivers\fips.sys was found and disinfected Restored copy from - The cat found it c:\windows\system32\drivers\cdrom.sys was missing Restored copy from - c:\windows\system32\dllcache\cdrom.sys.Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907094.exe .Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907095.exe .Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907096.exe .Infected copy of c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS was found and disinfected Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907097.SYS .Infected copy of c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS was found and disinfected Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907097.SYS.((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_.redbook-------\Service_NPF..((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))..2011-12-02 01:36 . 2007-09-29 08:56 483328 ----a-w- c:\windows\system32\Ati2evxx.exe2011-12-02 01:35 . 2008-04-14 06:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2011-12-02 01:35 . 2008-04-14 06:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2011-12-01 23:47 . 2011-12-01 23:47 44544 ----a-w- c:\windows\system32\drivers\tsk42.tmp2011-11-22 23:42 . 2011-11-22 23:42 -------- d-----w- c:\program files\ESET2011-11-17 06:59 . 2011-11-17 06:59 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-11-17 06:56 . 2011-11-17 06:56 -------- d-----w- c:\program files\Trend Micro2011-11-17 06:46 . 2011-11-17 06:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-17 03:29 . 2011-12-02 00:44 -------- d-----w- c:\program files\5D3B92011-11-15 04:51 . 2011-11-15 04:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-11-14 23:34 . 2011-11-14 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2011-11-14 23:26 . 2011-12-02 01:34 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df2011-11-09 01:01 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies2011-11-09 00:23 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies Inc2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies Inc2011-11-08 23:11 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\windows\Logs2011-11-08 23:07 . 2011-11-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies2011-11-08 23:06 . 2011-12-01 03:06 -------- d-----w- c:\program files\Common Files\SMART Technologies2011-11-08 23:05 . 2011-11-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations2011-11-03 22:26 . 2011-11-03 22:26 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE2011-11-03 05:10 . 2011-11-03 05:10 -------- d-sh--w- c:\documents and settings\Owner\IETldCache2011-11-03 05:02 . 2011-11-03 05:04 -------- dc-h--w- c:\windows\ie82011-11-03 04:47 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-11-03 04:46 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-11-03 04:46 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-11-03 04:46 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-01 23:51 . 2004-08-26 10:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 17:41 . 2011-09-26 17:41 611328 ------w- c:\windows\system32\uiautomationcore.dll2011-09-26 17:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 17:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2004-08-26 16:12 1858944 ----a-w- c:\windows\system32\win32k.sys2010-01-05 22:56 . 2010-01-03 22:57 5940 ----a-w- c:\program files\display.drv2003-09-04 22:18 . 2010-01-03 22:51 512 ----a-w- c:\program files\layout.bin2003-08-18 20:00 . 2010-01-03 22:51 1282048 ----a-w- c:\program files\Game.exe2003-04-17 01:19 . 2010-01-03 22:51 375808 ----a-w- c:\program files\binkw32.dll2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll..((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]"HPPQVideo"="c:\program files\Hewlett-Packard\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml" [N/A]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnkbackup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GmoteServer.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GmoteServer.lnkbackup=c:\windows\pss\GmoteServer.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNKbackup=c:\windows\pss\wkcalrem.LNKStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]2008-04-14 11:42 110592 ----a-w- c:\windows\system32\bthprops.cpl.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]2006-11-13 19:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]2007-04-25 20:28 954368 ----a-w- c:\program files\Hewlett-Packard\Dfawep\bin\hpbdfawep.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]2007-05-08 22:44 36864 ----a-w- c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]2003-12-09 19:17 67584 ----a-w- c:\windows\SOUNDMAN.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2007-07-07 14:08 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]2007-08-28 16:01 53248 ----a-w- c:\program files\Hewlett-Packard\ToolboxFX\bin\HPTLBXFX.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [N/A].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\StubInstaller.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="c:\\WINDOWS\\system32\\dwwin.exe"="c:\\PROGRAMS\\opera.exe"="c:\\Program Files\\Outlook Express\\msimn.exe"="c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"="c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"="c:\\WINDOWS\\system32\\msfeedssync.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\5D3B9\\lvvm.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service.R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [6/9/2009 10:13 PM 18712]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe --> c:\program files\SMART Technologies\Education Software\UCService.exe [?]S3 cpuz;cpuz;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys [?]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/24/2010 4:53 PM 21504]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/23/2011 10:58 PM 137600]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55].2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55].2010-01-05 c:\windows\Tasks\NSSstub.job- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-09-22 03:37].2011-12-01 c:\windows\Tasks\User_Feed_Synchronization-{18717FA1-CF10-463E-87A5-FE0C63A9728A}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.ca/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuInternet Settings,ProxyServer = http=127.0.0.1:50323uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTMLIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 172.16.1.254.- - - - ORPHANS REMOVED - - - -.WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)SafeBoot-41831165.sysAddRemove-Malwarebytes' Anti-Malware_is1 - k:\malwarebytes' anti-malware\unins000.exeAddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-01 19:48Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]"ImagePath"="system32\drivers\tsk42.tmp".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(872)c:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(2108)c:\windows\system32\WININET.dllc:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odfc:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYSc:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exec:\windows\system32\wscntfy.exec:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exec:\progra~1\MICROS~4\rapimgr.exe.**************************************************************************.Completion time: 2011-12-01 19:57:41 - machine was rebootedComboFix-quarantined-files.txt 2011-12-02 01:57.Pre-Run: 7,433,207,808 bytes freePost-Run: 9,717,506,048 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut.- - End Of File - - 456044247846E49C7F8D6100B1B14896 Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500445 Share Posted December 2, 2011 Copy/paste the text in the Codebox below into notepad:Here's how to do that:Click Start > Run type Notepad click OK.This will open an empty notepad file: Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. KillAll::DDS::uInternet Settings,ProxyServer = http=127.0.0.1:50323Save this file to your desktop, Save this as "CFScript" Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files"; 4.Type in the file name: CFScript5.Click Save ...Drag CFScript.txt into ComboFix.exeThen post the results log using Copy / PasteAlso please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
Monroe2000 Posted December 2, 2011 Author ID:500515 Share Posted December 2, 2011 here is the log. still get the "you are about to view pages over a secure connection..." warning when I open my home page in ie. ( home page is igoogle. Everything else unchanged.ComboFix 11-12-02.01 - Owner 12/02/2011 10:42:23.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.409 [GMT -6:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt..((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))..2011-12-02 03:01 . 2011-12-02 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-12-02 01:36 . 2007-09-29 08:56 483328 ----a-w- c:\windows\system32\Ati2evxx.exe2011-12-02 01:35 . 2008-04-14 06:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys2011-12-02 01:35 . 2008-04-14 06:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys2011-12-01 23:47 . 2011-12-01 23:47 44544 ----a-w- c:\windows\system32\drivers\tsk42.tmp2011-11-22 23:42 . 2011-11-22 23:42 -------- d-----w- c:\program files\ESET2011-11-17 06:59 . 2011-11-17 06:59 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-11-17 06:56 . 2011-11-17 06:56 -------- d-----w- c:\program files\Trend Micro2011-11-17 06:46 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-17 03:29 . 2011-12-02 00:44 -------- d-----w- c:\program files\5D3B92011-11-15 04:51 . 2011-11-15 04:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-11-14 23:34 . 2011-11-14 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache2011-11-14 23:26 . 2011-12-02 01:34 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df2011-11-09 01:01 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies2011-11-09 00:23 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies Inc2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies Inc2011-11-08 23:11 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\windows\Logs2011-11-08 23:07 . 2011-11-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies2011-11-08 23:06 . 2011-12-01 03:06 -------- d-----w- c:\program files\Common Files\SMART Technologies2011-11-08 23:05 . 2011-11-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations2011-11-03 22:26 . 2011-11-03 22:26 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE2011-11-03 05:10 . 2011-11-03 05:10 -------- d-sh--w- c:\documents and settings\Owner\IETldCache2011-11-03 05:02 . 2011-11-03 05:04 -------- dc-h--w- c:\windows\ie82011-11-03 04:47 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll2011-11-03 04:46 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll2011-11-03 04:46 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2011-11-03 04:46 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-12-01 23:51 . 2004-08-26 10:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 17:41 . 2011-09-26 17:41 611328 ------w- c:\windows\system32\uiautomationcore.dll2011-09-26 17:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 17:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2004-08-26 16:12 1858944 ----a-w- c:\windows\system32\win32k.sys2010-01-05 22:56 . 2010-01-03 22:57 5940 ----a-w- c:\program files\display.drv2003-09-04 22:18 . 2010-01-03 22:51 512 ----a-w- c:\program files\layout.bin2003-08-18 20:00 . 2010-01-03 22:51 1282048 ----a-w- c:\program files\Game.exe2003-04-17 01:19 . 2010-01-03 22:51 375808 ----a-w- c:\program files\binkw32.dll2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll..((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]"HPPQVideo"="c:\program files\Hewlett-Packard\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml" [N/A]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnkbackup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GmoteServer.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GmoteServer.lnkbackup=c:\windows\pss\GmoteServer.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNKbackup=c:\windows\pss\wkcalrem.LNKStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]2008-04-14 11:42 110592 ----a-w- c:\windows\system32\bthprops.cpl.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]2006-11-13 19:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]2007-04-25 20:28 954368 ----a-w- c:\program files\Hewlett-Packard\Dfawep\bin\hpbdfawep.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]2007-05-08 22:44 36864 ----a-w- c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe [N/A].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]2003-12-09 19:17 67584 ----a-w- c:\windows\SOUNDMAN.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2007-07-07 14:08 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]2007-08-28 16:01 53248 ----a-w- c:\program files\Hewlett-Packard\ToolboxFX\bin\HPTLBXFX.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [N/A].[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\StubInstaller.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"="c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"="c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="c:\\WINDOWS\\system32\\dwwin.exe"="c:\\PROGRAMS\\opera.exe"="c:\\Program Files\\Outlook Express\\msimn.exe"="c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"="c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"="c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"="c:\\WINDOWS\\system32\\msfeedssync.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="c:\\Program Files\\5D3B9\\lvvm.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service.R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [6/9/2009 10:13 PM 18712]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe --> c:\program files\SMART Technologies\Education Software\UCService.exe [?]S3 cpuz;cpuz;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys [?]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/24/2010 4:53 PM 21504]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/23/2011 10:58 PM 137600]S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55].2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55].2011-12-01 c:\windows\Tasks\User_Feed_Synchronization-{18717FA1-CF10-463E-87A5-FE0C63A9728A}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.ca/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTMLIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 172.16.1.254..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-02 10:59Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]"ImagePath"="system32\drivers\tsk42.tmp".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(872)c:\windows\system32\Ati2evxx.dll.- - - - - - - > 'explorer.exe'(1228)c:\windows\system32\WININET.dllc:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odfc:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYSc:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exec:\windows\system32\wscntfy.exec:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exec:\progra~1\MICROS~4\rapimgr.exe.**************************************************************************.Completion time: 2011-12-02 11:08:42 - machine was rebootedComboFix-quarantined-files.txt 2011-12-02 17:08ComboFix2.txt 2011-12-02 01:57.Pre-Run: 9,401,262,080 bytes freePost-Run: 9,432,735,744 bytes free.- - End Of File - - E9C12DF675AF46564C005AB8828042ED Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500524 Share Posted December 2, 2011 To disable this security alert box poping up again and again, you can do one thing,Go to Internet Explorer then go to tool->OptionGo to Advanced tabUnder the security HeadingMake sure (Warn if changing between secure and not-secure mode is unchecked) Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500525 Share Posted December 2, 2011 Good job The following will implement some cleanup procedures as well as reset System Restore points:For XP: Click START run Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.For Vista / Windows 7 Click START Search Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.If you used DeFoggerTo re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.Your Emulation drivers are now re-enabled.Here's my usual all clean postTo be on the safe side, I would also change all my passwords. This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.Log looks good Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.Without a firewall your computer is succeptible to being hacked and taken over.I am very serious about this and see it happen almost every day with my clients.Simply using a Firewall in its default configuration can lower your risk greatly.Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.•Free browser plug-in for Internet Explorer and Firefox•Real-time safety ratings•Ideal for Facebook, Twitter and LinkedIn JAVA Click this link and click on the Free JAVA DownloadVisit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.This will ensure your computer has always the latest security updates available installed on your computer.If there are new updates to install, install them immediately, reboot your computer, and revisit the siteuntil there are no more critical updates.Only run one Anti-Virus and Firewall program.I would suggest you read:PC Safety and Security--What Do I Need?.How to Prevent Malware:The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected. Link to post Share on other sites More sharing options...
Monroe2000 Posted December 2, 2011 Author ID:500534 Share Posted December 2, 2011 Good job The following will implement some cleanup procedures as well as reset System Restore points:For XP: Click START run Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.For Vista / Windows 7 Click START Search Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.If you used DeFoggerTo re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.Your Emulation drivers are now re-enabled.Here's my usual all clean postTo be on the safe side, I would also change all my passwords. This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.Log looks good Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.Without a firewall your computer is succeptible to being hacked and taken over.I am very serious about this and see it happen almost every day with my clients.Simply using a Firewall in its default configuration can lower your risk greatly.Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.•Free browser plug-in for Internet Explorer and Firefox•Real-time safety ratings•Ideal for Facebook, Twitter and LinkedIn JAVA Click this link and click on the Free JAVA DownloadVisit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.This will ensure your computer has always the latest security updates available installed on your computer.If there are new updates to install, install them immediately, reboot your computer, and revisit the siteuntil there are no more critical updates.Only run one Anti-Virus and Firewall program.I would suggest you read:PC Safety and Security--What Do I Need?.How to Prevent Malware:The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected.Thanks so much Larry. I intend to buy the full version of mb and will reccomend it to freinds, largely due to the wonderful service you have provided. Link to post Share on other sites More sharing options...
Monroe2000 Posted December 2, 2011 Author ID:500535 Share Posted December 2, 2011 sorry for the accidental quote. feel free to edit it out. Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500536 Share Posted December 2, 2011 Great job You're more than welcome. Glad we were able to helpPeace be with you Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2011 ID:500538 Share Posted December 2, 2011 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts