Jump to content

Recommended Posts

After discovering infection was intially able to run MBAM and cleaned out some files, but problems came back and MBAM won't run now. Her are my logs. THnaks.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Owner at 11:52:13 on 2011-11-20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.315 [GMT -6:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\SMART Technologies\Education Software\UCService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\explorer.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files\LP\42DC\0CA.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Documents and Settings\Owner\Application Data\C8A5D\ABA42.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.ca/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50323

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uWinlogon: Shell=c:\documents and settings\owner\local settings\application data\ca8df1df\X

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SMART Notebook Download Utility: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\education software\win32\NotebookPlugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [<NO NAME>]

mRun: [HPPQVideo] "c:\program files\hewlett-packard\scheduledlaunch\hp color laserjet cp1510 series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup

mRun: [sMART Board Tools] "c:\program files\smart technologies\education software\SMARTBoardTools.exe"

mRun: [0CA.exe] c:\program files\lp\42dc\0CA.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\gmotes~1.lnk - c:\program files\gmoteserver\GmoteServer.exe

IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} - hxxp://www.miniclip.com/igloader/igloader.CAB

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 172.16.1.254

TCP: Interfaces\{1A6711E0-5D03-4294-8A60-E92617E0F933} : DhcpNameServer = 172.16.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

Hosts: 172.16.1.66 STC1022304

.

============= SERVICES / DRIVERS ===============

.

R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [2009-6-9 18712]

R2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\education software\UCService.exe [2011-7-13 311664]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S3 cpuz;cpuz;\??\c:\docume~1\owner\locals~1\temp\cpuz.sys --> c:\docume~1\owner\locals~1\temp\cpuz.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]

S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-2-16 249856]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-2-23 137600]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-5-14 32896]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

.

=============== Created Last 30 ================

.

2011-11-17 06:59:27 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-11-17 06:56:24 -------- d-----w- c:\program files\Trend Micro

2011-11-17 06:46:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-17 05:30:01 48016 --sha-w- c:\windows\system32\c_41281.nl_

2011-11-17 03:29:53 -------- d-----w- c:\program files\5D3B9

2011-11-17 03:04:37 -------- d-----w- c:\documents and settings\owner\application data\C8A5D

2011-11-17 03:04:35 -------- d-----w- c:\program files\LP

2011-11-14 23:26:08 -------- d-sh--w- c:\documents and settings\owner\local settings\application data\ca8df1df

2011-11-09 01:01:16 -------- d-----w- c:\documents and settings\owner\local settings\application data\SMART Technologies

2011-11-09 00:23:59 -------- d-----w- c:\documents and settings\owner\application data\SMART Technologies

2011-11-08 23:11:55 -------- d-----w- c:\documents and settings\owner\local settings\application data\SMART Technologies Inc

2011-11-08 23:11:55 -------- d-----w- c:\documents and settings\owner\application data\SMART Technologies Inc

2011-11-08 23:11:11 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-11-08 23:11:09 -------- d-----w- c:\windows\Logs

2011-11-08 23:11:00 -------- d-----w- c:\program files\National Instruments

2011-11-08 23:08:16 110592 ----a-w- c:\windows\system32\tsccvid.dll

2011-11-08 23:07:41 -------- d-----w- c:\documents and settings\all users\SMART Technologies

2011-11-08 23:07:06 -------- d-----w- c:\documents and settings\all users\application data\SMART Technologies

2011-11-08 23:06:16 -------- d-----w- c:\program files\SMART Technologies

2011-11-08 23:06:16 -------- d-----w- c:\program files\common files\SMART Technologies

2011-11-08 23:05:44 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations

2011-11-03 22:26:19 -------- d-sh--w- c:\documents and settings\owner\PrivacIE

2011-11-03 05:10:10 -------- d-sh--w- c:\documents and settings\owner\IETldCache

2011-11-03 05:06:12 -------- d-----w- c:\windows\ie8updates

2011-11-03 05:02:28 -------- dc-h--w- c:\windows\ie8

2011-11-03 04:47:42 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-11-03 04:46:26 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-11-03 04:46:25 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-11-03 04:46:25 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-10-31 05:29:31 -------- d-----w- c:\windows\system32\XPSViewer

2011-10-31 05:28:53 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2011-10-31 05:28:37 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2011-10-31 05:28:37 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2011-10-31 05:28:37 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2011-10-31 05:28:37 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2011-10-31 05:28:37 575488 ------w- c:\windows\system32\xpsshhdr.dll

2011-10-31 05:28:37 117760 ------w- c:\windows\system32\prntvpt.dll

2011-10-31 05:28:36 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2011-10-31 05:28:36 1676288 ------w- c:\windows\system32\xpssvcs.dll

2011-10-31 05:28:36 -------- d-----w- C:\e62a6fbdd593e9c22d47383f8490f6

2011-10-31 01:25:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2011-10-30 21:11:17 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2011-10-30 20:34:49 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2011-10-30 20:32:52 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-10-30 20:31:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2011-10-30 20:29:40 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll

2011-10-30 20:29:39 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-10-30 20:29:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-10-30 20:29:36 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-10-30 20:29:35 2069376 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2011-10-30 20:29:30 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2011-10-30 20:29:14 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2011-10-30 20:29:14 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2011-10-30 20:24:50 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2011-10-30 20:24:35 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2011-10-30 20:24:31 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2011-10-30 20:24:25 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-10-30 20:15:51 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-10-30 20:15:11 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2011-10-30 20:15:09 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2011-10-30 20:15:08 110592 -c----w- c:\windows\system32\dllcache\services.exe

2011-10-30 20:15:07 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2011-10-30 20:15:05 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2011-10-30 20:15:02 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-10-30 20:14:57 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2011-10-30 20:13:21 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2011-10-30 20:12:07 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll

2011-10-30 19:53:04 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2011-10-30 19:52:42 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-10-30 19:46:07 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2011-10-30 19:45:58 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2011-10-30 19:45:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-10-30 19:41:22 274288 ----a-w- c:\windows\system32\mucltui.dll

2011-10-30 19:41:22 215920 ----a-w- c:\windows\system32\muweb.dll

2011-10-30 19:41:22 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2011-10-30 16:13:35 -------- d-----w- c:\documents and settings\all users\Microsoft

2011-10-30 16:11:45 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-10-30 16:08:34 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-10-30 16:08:15 -------- d-----w- c:\windows\SHELLNEW

2011-10-30 16:07:21 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Help

.

==================== Find3M ====================

.

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-01-05 22:56:29 5940 ----a-w- c:\program files\display.drv

2003-09-04 22:18:14 512 ----a-w- c:\program files\layout.bin

2003-08-18 20:00:10 1282048 ----a-w- c:\program files\Game.exe

2003-04-17 01:19:58 375808 ----a-w- c:\program files\binkw32.dll

2001-09-05 11:23:24 56320 ----a-w- c:\program files\Setup.exe

2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

.

============= FINISH: 11:52:26.40 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 5/2/2006 5:40:03 PM

System Uptime: 11/20/2011 8:32:52 AM (3 hours ago)

.

Motherboard: First International Computer, Inc. | | K8M-800M

Processor: AMD Sempron Processor 3100+ | Socket 754 | 1800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 89 GiB total, 4.699 GiB free.

D: is FIXED (FAT32) - 4 GiB total, 2.726 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMTSSTCORP_CDW/DVD_TS-H492C_______________GA01____\5&242C7B38&0&0.0.0

Manufacturer: (Standard CD-ROM drives)

Name: TSSTcorp CDW/DVD TS-H492C

PNP Device ID: IDE\CDROMTSSTCORP_CDW/DVD_TS-H492C_______________GA01____\5&242C7B38&0&0.0.0

Service: cdrom

.

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}

Description: Rockwell HCF 56K Data Fax RTAD PCI Modem

Device ID: ROOT\MODEM\0001

Manufacturer:

Name: Rockwell HCF 56K Data Fax RTAD PCI Modem

PNP Device ID: ROOT\MODEM\0001

Service:

.

==== System Restore Points ===================

.

RP1463: 8/23/2011 5:17:47 PM - System Checkpoint

RP1464: 8/25/2011 1:59:31 PM - System Checkpoint

RP1465: 8/27/2011 7:14:37 PM - System Checkpoint

RP1466: 8/28/2011 7:50:52 PM - System Checkpoint

RP1467: 8/29/2011 9:16:39 PM - System Checkpoint

RP1468: 9/2/2011 5:23:53 PM - System Checkpoint

RP1469: 9/5/2011 1:40:45 PM - System Checkpoint

RP1470: 9/6/2011 2:08:36 PM - System Checkpoint

RP1471: 9/8/2011 12:17:58 PM - System Checkpoint

RP1472: 9/9/2011 5:03:48 PM - System Checkpoint

RP1473: 9/9/2011 5:55:57 PM - Software Distribution Service 3.0

RP1474: 9/10/2011 7:20:25 PM - System Checkpoint

RP1475: 9/12/2011 10:56:17 AM - System Checkpoint

RP1476: 9/13/2011 5:06:01 PM - System Checkpoint

RP1477: 9/14/2011 10:31:49 PM - System Checkpoint

RP1478: 9/17/2011 9:23:28 AM - System Checkpoint

RP1479: 9/18/2011 4:03:07 PM - System Checkpoint

RP1480: 9/20/2011 9:58:53 PM - System Checkpoint

RP1481: 9/22/2011 5:39:52 PM - System Checkpoint

RP1482: 9/24/2011 11:38:18 PM - System Checkpoint

RP1483: 9/27/2011 9:34:23 AM - System Checkpoint

RP1484: 9/29/2011 7:19:34 PM - System Checkpoint

RP1485: 10/2/2011 1:18:43 PM - System Checkpoint

RP1486: 10/4/2011 11:40:55 AM - System Checkpoint

RP1487: 10/5/2011 12:25:21 PM - System Checkpoint

RP1488: 10/6/2011 6:14:07 PM - System Checkpoint

RP1489: 10/10/2011 8:58:16 PM - System Checkpoint

RP1490: 10/11/2011 10:20:08 PM - System Checkpoint

RP1491: 10/13/2011 4:59:44 PM - System Checkpoint

RP1492: 10/14/2011 6:48:44 PM - System Checkpoint

RP1493: 10/16/2011 9:17:47 PM - System Checkpoint

RP1494: 10/22/2011 10:36:03 AM - System Checkpoint

RP1495: 10/23/2011 1:31:24 PM - System Checkpoint

RP1496: 10/25/2011 10:14:54 PM - System Checkpoint

RP1497: 10/27/2011 3:36:51 PM - System Checkpoint

RP1498: 10/29/2011 10:58:35 PM - System Checkpoint

RP1499: 10/30/2011 10:06:32 AM - Installed Microsoft Office Professional Plus 2010

RP1500: 10/30/2011 6:54:33 PM - Software Distribution Service 3.0

RP1501: 10/30/2011 11:27:27 PM - Software Distribution Service 3.0

RP1502: 10/30/2011 11:46:16 PM - Printer Driver Microsoft XPS Document Writer Installed

RP1503: 10/31/2011 4:53:15 PM - Software Distribution Service 3.0

RP1504: 11/1/2011 10:39:42 PM - System Checkpoint

RP1505: 11/2/2011 10:47:53 PM - Software Distribution Service 3.0

RP1506: 11/2/2011 11:03:50 PM - Installed Windows Internet Explorer 8.

RP1507: 11/2/2011 11:05:02 PM - Software Distribution Service 3.0

RP1508: 11/3/2011 9:19:15 PM - Software Distribution Service 3.0

RP1509: 11/6/2011 12:26:11 PM - System Checkpoint

RP1510: 11/7/2011 6:03:12 PM - System Checkpoint

RP1511: 11/8/2011 5:06:12 PM - Installed SMART Common Platform.

RP1512: 11/8/2011 5:07:39 PM - Installed SMART Product Drivers.

RP1513: 11/8/2011 5:09:44 PM - Installed SMART Notebook.

RP1514: 11/10/2011 7:31:54 AM - Software Distribution Service 3.0

RP1515: 11/10/2011 5:22:08 PM - Software Distribution Service 3.0

RP1516: 11/11/2011 6:17:32 PM - System Checkpoint

RP1517: 11/13/2011 4:41:47 PM - System Checkpoint

RP1518: 11/15/2011 10:48:40 PM - System Checkpoint

RP1519: 11/17/2011 12:56:22 AM - Installed HiJackThis

RP1520: 11/17/2011 12:58:57 AM - Removed HiJackThis

RP1521: 11/17/2011 12:59:26 AM - Installed HiJackThis

RP1522: 11/17/2011 1:31:09 AM - Software Distribution Service 3.0

RP1523: 11/18/2011 5:14:40 PM - System Checkpoint

RP1524: 11/20/2011 11:04:56 AM - System Checkpoint

.

==== Installed Programs ======================

.

µTorrent

32 Bit HP BiDi Channel Components Installer

3D Groove Playback Engine

7-Zip 4.42

ABC Spelling and Math

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.4

Adobe Shockwave Player 11.5

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Audacity 1.2.6

AVS Disc Creator version 2.1

Backyard Soccer 2004

BigFix

BlackBerry Desktop Software 5.0.1

BlackBerry® Media Sync

Bonjour

BufferChm

calibre

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window MC 5 for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCleaner (remove only)

Compatibility Pack for the 2007 Office system

CustomerResearchQFolder

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DeviceDiscovery

DeviceManagementQFolder

Digital Media Reader

DocuCom PDF Gold

eMusic Download Manager 4.1.4

Exact Audio Copy 0.99pb4

FLAC 1.2.1b (remove only)

Free M4a to MP3 Converter 6.1

GmoteServer

Google Earth

Google Gears

Google Toolbar for Internet Explorer

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP Color LaserJet CP1510 Series 2.0

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

HP Update

HPCarePackCore

HPCarePackProducts

hppCLJCP1510

hppFonts

hppManualsCP1510

hppPQVideoCP1510

hppTLBXFXCP1510

hppusgCP1510

HPSSupply

hpzTLBXFX

Image for Windows 2.30a Trial

InfraRecorder

InterActual Player

iTunes

J2SE Runtime Environment 5.0 Update 2

Japanese Fonts Support For Adobe Reader 8

Java Auto Updater

Java 6 Update 23

Java SE Runtime Environment 6 Update 1

Kobo

Lernout & Hauspie TruVoice American English TTS Engine

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Monopoly (remove only)

Mp3 Tag Tools v1.2

MSVC80_x86_v2

MSVC90_x86

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nancy Drew: Danger by Design

Nancy Drew: Danger on Deception Island

Nancy Drew: The Haunted Carousel

Nancy Drew: Treasure in the Royal Tower

Neat Image v5 Demo (with plug-in)

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

oggcodecs 0.71.0946

OpenOffice.org 2.0

Opera 9.50

Orb

Orb Runtime libraries

Ovi Desktop Sync Engine

OviMPlatform

PC Connectivity Solution

PhotoStitch

PowerDVD

Product_SF_Full_QFolder

Product_SF_Min_QFolder

Quicken 2009

QuickTime

RealPlayer

Realtek AC'97 Audio

REALTEK Gigabit and Fast Ethernet NIC Driver

Recovery Software Suite eMachines

S3GSetup

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Simply Accounting by Sage 2007

Skins

SMART Common Platform

SMART Notebook

SMART Product Drivers

SoftV92 Data Fax Modem with SmartCP

SUPER © Version 2009.bld.35 (Jan 5, 2009)

TBIView 4.08

The Print Shop® 6.0 Deluxe

TOD 012007

TrayApp

UniChrome Series Driver and Utilities

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VideoLAN VLC media player 0.8.6e

Viewpoint Media Player

VoiceOver Kit

Web Stream Recorder Pro 1.3

WebEx Record and Playback

WebFldrs XP

WebReg

Winamp

Windows Backup Utility

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinFF 0.42

WinPcap 3.1 beta3

WinRAR archiver

WMPTagSupportExtender

.

==== Event Viewer Messages From Past Week ========

.

11/18/2011 11:05:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/18/2011 11:05:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cdrom Fips Imapi IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss szkg Tcpip

11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2011 11:05:13 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/18/2011 11:04:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

11/18/2011 11:04:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/18/2011 11:04:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/17/2011 9:39:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Fips Imapi szkg

11/17/2011 9:39:33 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The crypto system or checksum function is invalid because a required function is unavailable.

11/17/2011 9:38:44 PM, error: Fips [1] -

11/17/2011 12:34:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi szkg

11/16/2011 9:34:27 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.

11/16/2011 9:16:04 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'cdrom.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/16/2011 9:06:33 PM, error: Service Control Manager [7031] - The SMART Display Controller service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

11/16/2011 9:06:18 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

11/16/2011 9:06:11 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).

11/16/2011 9:03:56 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

11/16/2011 11:31:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt Cdrom CmdIde Cpqarray dac2w2k dac960nt dpti2o gagp30kx hpn i2omp Imapi ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 szkg TosIde ultra viaagp

11/15/2011 9:23:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o gagp30kx hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 szkg TosIde ultra viaagp

11/15/2011 4:53:36 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/15/2011 4:53:35 PM, error: ati2mtag [45062] - CRT invalid display type

11/15/2011 4:53:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg

11/15/2011 1:59:08 AM, error: Service Control Manager [7034] - The SMART Board Service service terminated unexpectedly. It has done this 1 time(s).

11/15/2011 1:01:36 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

11/15/2011 1:01:24 AM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

11/14/2011 8:04:24 AM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

please help. I'm dyin here! :(

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

ack. thanks for the advice. I'm away from the computer, but will start changing passwords. Unfortunately, I don't think I ever made a backup of the system files, so will look into new os. will reformat of partition and reinstall of os take care of everything, or do I also need to clean the system? Thanks.

Link to post
Share on other sites

Lets try to clean it then

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

K, thanks.

17:47:27.0781 3072 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

17:47:28.0078 3072 ============================================================

17:47:28.0078 3072 Current date / time: 2011/12/01 17:47:28.0078

17:47:28.0078 3072 SystemInfo:

17:47:28.0078 3072

17:47:28.0078 3072 OS Version: 5.1.2600 ServicePack: 3.0

17:47:28.0078 3072 Product type: Workstation

17:47:28.0078 3072 ComputerName: DEN

17:47:28.0078 3072 UserName: Owner

17:47:28.0078 3072 Windows directory: C:\WINDOWS

17:47:28.0078 3072 System windows directory: C:\WINDOWS

17:47:28.0078 3072 Processor architecture: Intel x86

17:47:28.0078 3072 Number of processors: 1

17:47:28.0078 3072 Page size: 0x1000

17:47:28.0078 3072 Boot type: Normal boot

17:47:28.0078 3072 ============================================================

17:47:28.0250 3072 Initialize success

17:48:00.0593 1208 ============================================================

17:48:00.0593 1208 Scan started

17:48:00.0593 1208 Mode: Manual; SigCheck; TDLFS;

17:48:00.0593 1208 ============================================================

17:48:00.0703 1208 .redbook - ok

17:48:00.0812 1208 Abiosdsk - ok

17:48:00.0921 1208 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

17:48:01.0125 1208 abp480n5 - ok

17:48:01.0265 1208 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:48:01.0421 1208 ACPI - ok

17:48:01.0531 1208 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:48:01.0671 1208 ACPIEC - ok

17:48:01.0796 1208 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

17:48:01.0953 1208 adpu160m - ok

17:48:02.0125 1208 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:48:02.0265 1208 aec - ok

17:48:02.0390 1208 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:48:02.0453 1208 AFD - ok

17:48:02.0593 1208 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

17:48:02.0750 1208 agp440 - ok

17:48:02.0875 1208 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

17:48:03.0000 1208 agpCPQ - ok

17:48:03.0109 1208 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

17:48:03.0171 1208 Aha154x - ok

17:48:03.0281 1208 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

17:48:03.0437 1208 aic78u2 - ok

17:48:03.0593 1208 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

17:48:03.0734 1208 aic78xx - ok

17:48:03.0875 1208 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

17:48:03.0984 1208 ALCXSENS - ok

17:48:04.0140 1208 ALCXWDM (6725434f5eb0a975b7716d68566e5d86) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

17:48:04.0265 1208 ALCXWDM - ok

17:48:04.0406 1208 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

17:48:04.0562 1208 AliIde - ok

17:48:04.0687 1208 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

17:48:04.0828 1208 alim1541 - ok

17:48:04.0984 1208 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

17:48:05.0109 1208 amdagp - ok

17:48:05.0218 1208 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

17:48:05.0296 1208 amsint - ok

17:48:05.0437 1208 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

17:48:05.0593 1208 asc - ok

17:48:05.0734 1208 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

17:48:05.0796 1208 asc3350p - ok

17:48:05.0937 1208 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

17:48:06.0109 1208 asc3550 - ok

17:48:06.0281 1208 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:48:06.0421 1208 AsyncMac - ok

17:48:06.0562 1208 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:48:06.0703 1208 atapi - ok

17:48:06.0812 1208 Atdisk - ok

17:48:07.0046 1208 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

17:48:07.0218 1208 ati2mtag - ok

17:48:07.0390 1208 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:48:07.0515 1208 Atmarpc - ok

17:48:07.0656 1208 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:48:07.0828 1208 audstub - ok

17:48:07.0968 1208 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:48:08.0156 1208 Beep - ok

17:48:08.0296 1208 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

17:48:08.0437 1208 BthEnum - ok

17:48:08.0593 1208 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys

17:48:08.0718 1208 BTHMODEM - ok

17:48:08.0843 1208 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

17:48:08.0984 1208 BthPan - ok

17:48:09.0125 1208 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

17:48:09.0171 1208 BTHPORT - ok

17:48:09.0312 1208 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

17:48:09.0437 1208 BTHUSB - ok

17:48:09.0578 1208 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

17:48:09.0750 1208 cbidf - ok

17:48:09.0890 1208 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:48:10.0078 1208 cbidf2k - ok

17:48:10.0218 1208 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

17:48:10.0281 1208 cd20xrnt - ok

17:48:10.0421 1208 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:48:10.0593 1208 Cdaudio - ok

17:48:10.0718 1208 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:48:10.0875 1208 Cdfs - ok

17:48:10.0968 1208 Cdrom - ok

17:48:11.0062 1208 Changer - ok

17:48:11.0171 1208 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

17:48:11.0343 1208 CmdIde - ok

17:48:11.0500 1208 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

17:48:11.0671 1208 Cpqarray - ok

17:48:11.0812 1208 cpuz - ok

17:48:11.0953 1208 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

17:48:12.0140 1208 dac2w2k - ok

17:48:12.0281 1208 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

17:48:12.0453 1208 dac960nt - ok

17:48:12.0609 1208 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:48:12.0718 1208 Disk - ok

17:48:12.0906 1208 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:48:13.0062 1208 dmboot - ok

17:48:13.0203 1208 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:48:13.0328 1208 dmio - ok

17:48:13.0468 1208 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:48:13.0640 1208 dmload - ok

17:48:13.0781 1208 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:48:13.0906 1208 DMusic - ok

17:48:14.0078 1208 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

17:48:14.0250 1208 dpti2o - ok

17:48:14.0375 1208 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:48:14.0500 1208 drmkaud - ok

17:48:14.0656 1208 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:48:14.0812 1208 Fastfat - ok

17:48:14.0968 1208 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:48:15.0109 1208 Fdc - ok

17:48:15.0250 1208 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\tsk42.tmp

17:48:15.0250 1208 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk42.tmp. md5: d45926117eb9fa946a6af572fbe1caa3

17:48:15.0390 1208 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:48:15.0515 1208 Flpydisk - ok

17:48:15.0656 1208 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:48:15.0796 1208 FltMgr - ok

17:48:15.0937 1208 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:48:16.0109 1208 Fs_Rec - ok

17:48:16.0250 1208 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:48:16.0421 1208 Ftdisk - ok

17:48:16.0562 1208 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

17:48:16.0687 1208 gagp30kx - ok

17:48:16.0828 1208 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:48:16.0843 1208 GEARAspiWDM - ok

17:48:16.0984 1208 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:48:17.0109 1208 Gpc - ok

17:48:17.0296 1208 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys

17:48:17.0828 1208 HCF_MSFT - ok

17:48:17.0984 1208 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:48:18.0109 1208 HidUsb - ok

17:48:18.0281 1208 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys

17:48:19.0062 1208 HPFXBULK - ok

17:48:19.0203 1208 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

17:48:19.0375 1208 hpn - ok

17:48:19.0531 1208 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

17:48:19.0562 1208 HPZid412 - ok

17:48:19.0718 1208 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

17:48:19.0765 1208 HPZipr12 - ok

17:48:19.0906 1208 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

17:48:19.0984 1208 HPZius12 - ok

17:48:20.0140 1208 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

17:48:20.0203 1208 HSFHWBS2 - ok

17:48:20.0359 1208 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

17:48:20.0468 1208 HSF_DP - ok

17:48:20.0625 1208 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:48:20.0671 1208 HTTP - ok

17:48:20.0812 1208 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

17:48:20.0953 1208 i2omgmt - ok

17:48:21.0093 1208 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

17:48:21.0234 1208 i2omp - ok

17:48:21.0375 1208 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:48:21.0500 1208 i8042prt - ok

17:48:21.0640 1208 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:48:21.0781 1208 Imapi - ok

17:48:21.0921 1208 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

17:48:22.0109 1208 ini910u - ok

17:48:22.0265 1208 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

17:48:22.0390 1208 IntelIde - ok

17:48:22.0531 1208 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:48:22.0656 1208 Ip6Fw - ok

17:48:22.0796 1208 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:48:22.0968 1208 IpFilterDriver - ok

17:48:23.0125 1208 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:48:23.0250 1208 IpInIp - ok

17:48:23.0390 1208 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:48:23.0531 1208 IpNat - ok

17:48:23.0671 1208 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:48:23.0812 1208 IPSec - ok

17:48:23.0937 1208 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:48:24.0062 1208 IRENUM - ok

17:48:24.0234 1208 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:48:24.0359 1208 isapnp - ok

17:48:24.0500 1208 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:48:24.0625 1208 Kbdclass - ok

17:48:24.0765 1208 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:48:24.0890 1208 kbdhid - ok

17:48:25.0031 1208 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:48:25.0171 1208 kmixer - ok

17:48:25.0328 1208 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:48:25.0406 1208 KSecDD - ok

17:48:25.0531 1208 lbrtfdc - ok

17:48:25.0625 1208 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\WINDOWS\system32\drivers\libusb0.sys

17:48:25.0640 1208 libusb0 ( UnsignedFile.Multi.Generic ) - warning

17:48:25.0640 1208 libusb0 - detected UnsignedFile.Multi.Generic (1)

17:48:25.0796 1208 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

17:48:25.0828 1208 MCSTRM ( UnsignedFile.Multi.Generic ) - warning

17:48:25.0828 1208 MCSTRM - detected UnsignedFile.Multi.Generic (1)

17:48:25.0968 1208 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

17:48:26.0015 1208 mdmxsdk - ok

17:48:26.0156 1208 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:48:26.0328 1208 mnmdd - ok

17:48:26.0484 1208 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:48:26.0593 1208 Modem - ok

17:48:26.0734 1208 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:48:26.0859 1208 Mouclass - ok

17:48:27.0000 1208 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:48:27.0203 1208 mouhid - ok

17:48:27.0343 1208 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:48:27.0484 1208 MountMgr - ok

17:48:27.0609 1208 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

17:48:27.0796 1208 mraid35x - ok

17:48:27.0937 1208 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:48:28.0062 1208 MRxDAV - ok

17:48:28.0234 1208 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:48:28.0296 1208 MRxSmb - ok

17:48:28.0437 1208 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:48:28.0578 1208 Msfs - ok

17:48:28.0718 1208 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:48:28.0843 1208 MSKSSRV - ok

17:48:29.0000 1208 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:48:29.0218 1208 MSPCLOCK - ok

17:48:29.0359 1208 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:48:29.0484 1208 MSPQM - ok

17:48:29.0609 1208 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:48:29.0734 1208 mssmbios - ok

17:48:29.0890 1208 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:48:29.0921 1208 Mup - ok

17:48:30.0078 1208 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

17:48:30.0250 1208 mxnic - ok

17:48:30.0390 1208 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:48:30.0531 1208 NDIS - ok

17:48:30.0656 1208 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:48:30.0703 1208 NdisTapi - ok

17:48:30.0843 1208 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:48:30.0968 1208 Ndisuio - ok

17:48:31.0125 1208 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:48:31.0265 1208 NdisWan - ok

17:48:31.0390 1208 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:48:31.0453 1208 NDProxy - ok

17:48:31.0593 1208 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:48:31.0703 1208 NetBIOS - ok

17:48:31.0843 1208 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:48:31.0984 1208 NetBT - ok

17:48:32.0156 1208 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

17:48:32.0281 1208 nm - ok

17:48:32.0421 1208 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys

17:48:32.0609 1208 nmwcd - ok

17:48:32.0750 1208 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys

17:48:32.0812 1208 nmwcdc - ok

17:48:32.0968 1208 nmwcdnsu (28d40797bcb050321fa6674b08a620c0) C:\WINDOWS\system32\drivers\nmwcdnsu.sys

17:48:33.0046 1208 nmwcdnsu - ok

17:48:33.0171 1208 NPF (74a1d72a79a58436159c924cc34f1c1d) C:\WINDOWS\system32\drivers\npf.sys

17:48:33.0187 1208 NPF ( UnsignedFile.Multi.Generic ) - warning

17:48:33.0187 1208 NPF - detected UnsignedFile.Multi.Generic (1)

17:48:33.0343 1208 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:48:33.0468 1208 Npfs - ok

17:48:33.0609 1208 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:48:33.0750 1208 Ntfs - ok

17:48:33.0890 1208 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:48:34.0062 1208 Null - ok

17:48:34.0265 1208 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:48:34.0437 1208 nv - ok

17:48:34.0578 1208 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:48:34.0750 1208 NwlnkFlt - ok

17:48:34.0890 1208 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:48:35.0062 1208 NwlnkFwd - ok

17:48:35.0218 1208 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

17:48:35.0343 1208 P3 - ok

17:48:35.0484 1208 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:48:35.0609 1208 Parport - ok

17:48:35.0765 1208 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:48:35.0890 1208 PartMgr - ok

17:48:36.0031 1208 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:48:36.0203 1208 ParVdm - ok

17:48:36.0343 1208 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

17:48:36.0375 1208 pccsmcfd - ok

17:48:36.0515 1208 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:48:37.0078 1208 PCI - ok

17:48:37.0203 1208 PCIDump - ok

17:48:37.0359 1208 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:48:37.0515 1208 PCIIde - ok

17:48:37.0656 1208 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:48:37.0796 1208 Pcmcia - ok

17:48:37.0906 1208 PDCOMP - ok

17:48:37.0953 1208 PDFRAME - ok

17:48:38.0046 1208 PDRELI - ok

17:48:38.0140 1208 PDRFRAME - ok

17:48:38.0234 1208 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

17:48:38.0421 1208 perc2 - ok

17:48:38.0562 1208 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

17:48:38.0718 1208 perc2hib - ok

17:48:38.0875 1208 phylock (31f99ba84d72d44731b30c7b08ba8e34) C:\WINDOWS\system32\drivers\phylock.sys

17:48:38.0875 1208 phylock - ok

17:48:39.0031 1208 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:48:39.0156 1208 PptpMiniport - ok

17:48:39.0296 1208 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:48:39.0421 1208 Processor - ok

17:48:39.0578 1208 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:48:39.0718 1208 PSched - ok

17:48:39.0875 1208 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:48:40.0046 1208 Ptilink - ok

17:48:40.0187 1208 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:48:40.0187 1208 PxHelp20 - ok

17:48:40.0328 1208 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

17:48:40.0500 1208 ql1080 - ok

17:48:40.0640 1208 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

17:48:40.0796 1208 Ql10wnt - ok

17:48:40.0953 1208 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

17:48:41.0109 1208 ql12160 - ok

17:48:41.0250 1208 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

17:48:41.0406 1208 ql1240 - ok

17:48:41.0562 1208 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

17:48:41.0718 1208 ql1280 - ok

17:48:41.0859 1208 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:48:42.0015 1208 RasAcd - ok

17:48:42.0375 1208 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:48:42.0515 1208 Rasl2tp - ok

17:48:42.0843 1208 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:48:42.0984 1208 RasPppoe - ok

17:48:43.0312 1208 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:48:43.0468 1208 Raspti - ok

17:48:43.0812 1208 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:48:43.0953 1208 Rdbss - ok

17:48:44.0312 1208 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:48:44.0640 1208 RDPCDD - ok

17:48:45.0046 1208 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:48:45.0234 1208 rdpdr - ok

17:48:45.0656 1208 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:48:45.0734 1208 RDPWD - ok

17:48:46.0078 1208 redbook (bf9b7ce7956c3af6df12be9b6365eea8) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:48:46.0078 1208 redbook ( Rootkit.Win32.ZAccess.e ) - infected

17:48:46.0078 1208 redbook - detected Rootkit.Win32.ZAccess.e (0)

17:48:46.0437 1208 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

17:48:46.0812 1208 RFCOMM - ok

17:48:47.0078 1208 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

17:48:47.0562 1208 RimUsb - ok

17:48:47.0890 1208 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

17:48:48.0000 1208 RimVSerPort - ok

17:48:48.0296 1208 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

17:48:48.0484 1208 ROOTMODEM - ok

17:48:48.0843 1208 rspndr (a3b23fb3f295694091f51865f98588b2) C:\WINDOWS\system32\DRIVERS\rspndr.sys

17:48:48.0890 1208 rspndr ( UnsignedFile.Multi.Generic ) - warning

17:48:48.0890 1208 rspndr - detected UnsignedFile.Multi.Generic (1)

17:48:49.0218 1208 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

17:48:49.0421 1208 RTL8023 - ok

17:48:49.0656 1208 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

17:48:49.0859 1208 RTL8023xp - ok

17:48:50.0234 1208 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

17:48:50.0343 1208 rtl8139 - ok

17:48:50.0671 1208 rtl8185 (1ec5340442a5b5f7065c563ac1d8c625) C:\WINDOWS\system32\DRIVERS\rtl8185.sys

17:48:50.0703 1208 rtl8185 - ok

17:48:51.0046 1208 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:48:51.0218 1208 Secdrv - ok

17:48:51.0500 1208 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:48:51.0640 1208 serenum - ok

17:48:52.0000 1208 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:48:52.0140 1208 Serial - ok

17:48:52.0421 1208 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:48:52.0625 1208 Sfloppy - ok

17:48:52.0859 1208 Simbad - ok

17:48:53.0171 1208 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

17:48:53.0250 1208 Sparrow - ok

17:48:53.0562 1208 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:48:53.0703 1208 splitter - ok

17:48:54.0046 1208 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:48:54.0187 1208 sr - ok

17:48:54.0546 1208 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:48:54.0671 1208 Srv - ok

17:48:55.0000 1208 SunkFilt (86ca1a5c15a5a98d5533945fb1120b05) C:\WINDOWS\System32\Drivers\sunkfilt.sys

17:48:55.0000 1208 SunkFilt ( UnsignedFile.Multi.Generic ) - warning

17:48:55.0000 1208 SunkFilt - detected UnsignedFile.Multi.Generic (1)

17:48:55.0359 1208 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:48:55.0500 1208 swenum - ok

17:48:55.0781 1208 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:48:55.0906 1208 swmidi - ok

17:48:56.0312 1208 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

17:48:56.0453 1208 symc810 - ok

17:48:56.0812 1208 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

17:48:56.0984 1208 symc8xx - ok

17:48:57.0296 1208 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

17:48:57.0468 1208 sym_hi - ok

17:48:57.0781 1208 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

17:48:57.0937 1208 sym_u3 - ok

17:48:58.0312 1208 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:48:58.0453 1208 sysaudio - ok

17:48:58.0718 1208 szkg - ok

17:48:59.0140 1208 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:48:59.0359 1208 Tcpip - ok

17:48:59.0750 1208 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:48:59.0890 1208 TDPIPE - ok

17:49:00.0250 1208 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:49:00.0375 1208 TDTCP - ok

17:49:00.0718 1208 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:49:00.0859 1208 TermDD - ok

17:49:01.0218 1208 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

17:49:01.0406 1208 TosIde - ok

17:49:01.0796 1208 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:49:01.0921 1208 Udfs - ok

17:49:02.0250 1208 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

17:49:02.0328 1208 ultra - ok

17:49:02.0750 1208 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:49:02.0921 1208 Update - ok

17:49:03.0281 1208 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

17:49:03.0343 1208 upperdev - ok

17:49:03.0671 1208 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:49:03.0781 1208 USBAAPL - ok

17:49:04.0140 1208 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:49:04.0312 1208 usbaudio - ok

17:49:04.0656 1208 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:49:04.0796 1208 usbccgp - ok

17:49:05.0203 1208 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:49:05.0328 1208 usbehci - ok

17:49:05.0671 1208 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:49:05.0812 1208 usbhub - ok

17:49:06.0171 1208 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:49:06.0312 1208 usbprint - ok

17:49:06.0625 1208 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:49:06.0765 1208 usbscan - ok

17:49:07.0093 1208 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

17:49:07.0234 1208 usbser - ok

17:49:07.0609 1208 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

17:49:07.0703 1208 UsbserFilt - ok

17:49:08.0046 1208 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:49:08.0187 1208 USBSTOR - ok

17:49:08.0531 1208 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:49:08.0671 1208 usbuhci - ok

17:49:09.0015 1208 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:49:09.0156 1208 VgaSave - ok

17:49:09.0515 1208 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

17:49:09.0640 1208 viaagp - ok

17:49:09.0953 1208 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

17:49:10.0000 1208 viaagp1 - ok

17:49:10.0281 1208 viagfx - ok

17:49:10.0625 1208 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

17:49:10.0765 1208 ViaIde - ok

17:49:11.0125 1208 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:49:11.0265 1208 VolSnap - ok

17:49:11.0593 1208 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:49:11.0718 1208 Wanarp - ok

17:49:12.0156 1208 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

17:49:12.0218 1208 wanatw - ok

17:49:12.0578 1208 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

17:49:12.0750 1208 wceusbsh - ok

17:49:13.0468 1208 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:49:13.0531 1208 Wdf01000 - ok

17:49:13.0812 1208 WDICA - ok

17:49:14.0187 1208 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:49:14.0328 1208 wdmaud - ok

17:49:14.0812 1208 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

17:49:15.0000 1208 winachsf - ok

17:49:15.0375 1208 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

17:49:15.0578 1208 WpdUsb - ok

17:49:15.0906 1208 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:49:15.0984 1208 WudfPf - ok

17:49:16.0328 1208 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:49:16.0359 1208 WudfRd - ok

17:49:16.0437 1208 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

17:49:17.0968 1208 \Device\Harddisk0\DR0 - ok

17:49:18.0015 1208 Boot (0x1200) (979a9e79840f91451aa6b87bb75f6c5f) \Device\Harddisk0\DR0\Partition0

17:49:18.0031 1208 \Device\Harddisk0\DR0\Partition0 - ok

17:49:18.0062 1208 Boot (0x1200) (33ccabc6298a3ed4b0ca89f2ae34443d) \Device\Harddisk0\DR0\Partition1

17:49:18.0078 1208 \Device\Harddisk0\DR0\Partition1 - ok

17:49:18.0078 1208 ============================================================

17:49:18.0078 1208 Scan finished

17:49:18.0078 1208 ============================================================

17:49:18.0218 0148 Detected object count: 6

17:49:18.0218 0148 Actual detected object count: 6

17:49:25.0390 0148 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user

17:49:25.0390 0148 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:49:25.0390 0148 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user

17:49:25.0390 0148 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:49:25.0390 0148 NPF ( UnsignedFile.Multi.Generic ) - skipped by user

17:49:25.0390 0148 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:49:25.0781 0148 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813

17:49:28.0234 0148 Backup copy found, using it..

17:49:28.0406 0148 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot

17:49:46.0156 0148 C:\WINDOWS\system32\c_41281.nls - will be deleted on reboot

17:49:54.0421 0148 redbook ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

17:49:54.0421 0148 rspndr ( UnsignedFile.Multi.Generic ) - skipped by user

17:49:54.0421 0148 rspndr ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:49:54.0421 0148 SunkFilt ( UnsignedFile.Multi.Generic ) - skipped by user

17:49:54.0421 0148 SunkFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:50:27.0828 3672 Deinitialize success

Link to post
Share on other sites

If you haven't rebooted after that scan do so before doing the next fix.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Done. Computer seems faster than it has in a long time. First time opened homepage (igoogle) warned me that it was using a secure connection. Other than that everything seems the same as before the virus.

ComboFix 11-12-01.03 - Owner 12/01/2011 19:20:32.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.469 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\Application Data\C8A5D

c:\documents and settings\Owner\Application Data\C8A5D\ABA42.exe

c:\documents and settings\Owner\Application Data\C8A5D\D3B9.8A5

c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U

c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U\80000000.@

c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U\800000cb.@

c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df\U\800000cf.@

c:\documents and settings\Owner\My Documents\DPE.DUS

c:\documents and settings\Owner\WINDOWS

c:\program files\LP

c:\program files\LP\42DC\10.tmp

c:\program files\LP\42DC\11.tmp

c:\program files\LP\42DC\12.tmp

c:\program files\LP\42DC\13.tmp

c:\program files\LP\42DC\14.tmp

c:\program files\LP\42DC\15.tmp

c:\program files\LP\42DC\16.exe

c:\program files\LP\42DC\16.tmp

c:\program files\LP\42DC\17.tmp

c:\program files\LP\42DC\18.tmp

c:\program files\LP\42DC\19.exe

c:\program files\LP\42DC\19.tmp

c:\program files\LP\42DC\1A.tmp

c:\program files\LP\42DC\1B.exe

c:\program files\LP\42DC\1B.tmp

c:\program files\LP\42DC\1C.exe

c:\program files\LP\42DC\1C.tmp

c:\program files\LP\42DC\1D.tmp

c:\program files\LP\42DC\1E.tmp

c:\program files\LP\42DC\1F.tmp

c:\program files\LP\42DC\20.exe

c:\program files\LP\42DC\20.tmp

c:\program files\LP\42DC\21.tmp

c:\program files\LP\42DC\22.tmp

c:\program files\LP\42DC\23.tmp

c:\program files\LP\42DC\24.exe

c:\program files\LP\42DC\24.tmp

c:\program files\LP\42DC\25.tmp

c:\program files\LP\42DC\26.tmp

c:\program files\LP\42DC\27.exe

c:\program files\LP\42DC\27.tmp

c:\program files\LP\42DC\28.tmp

c:\program files\LP\42DC\29.tmp

c:\program files\LP\42DC\2A.tmp

c:\program files\LP\42DC\2B.tmp

c:\program files\LP\42DC\2C.exe

c:\program files\LP\42DC\2C.tmp

c:\program files\LP\42DC\2DD0.tmp

c:\program files\LP\42DC\4E.tmp

c:\program files\LP\42DC\4F.tmp

c:\program files\LP\42DC\50.tmp

c:\program files\LP\42DC\7.exe

c:\program files\LP\42DC\7.tmp

c:\program files\LP\42DC\8.tmp

c:\program files\LP\42DC\86.tmp

c:\program files\LP\42DC\8D.tmp

c:\program files\LP\42DC\9.tmp

c:\program files\LP\42DC\93.tmp

c:\program files\LP\42DC\A.tmp

c:\program files\LP\42DC\B.tmp

c:\program files\LP\42DC\C.tmp

c:\program files\LP\42DC\D.tmp

c:\program files\LP\42DC\E.tmp

c:\program files\LP\42DC\F.tmp

c:\program files\Setup.exe

c:\program files\WinPCap

c:\program files\WinPCap\daemon_mgm.exe

c:\program files\WinPCap\NetMonInstaller.exe

c:\program files\WinPCap\npf_mgm.exe

c:\program files\WinPCap\rpcapd.exe

c:\program files\WinPCap\Uninstall.exe

C:\Thumbs.db

c:\windows\$NtUninstallKB50349$

c:\windows\$NtUninstallKB50349$\296641204

c:\windows\system32\

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\usmt\migwiz_a.exe

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

D:\Autorun.inf

.

Infected copy of c:\windows\system32\drivers\fips.sys was found and disinfected

Restored copy from - The cat found it :)

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.

Infected copy of c:\windows\system32\Ati2evxx.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907094.exe

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907095.exe

.

Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907096.exe

.

Infected copy of c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS was found and disinfected

Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907097.SYS

.

Infected copy of c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS was found and disinfected

Restored copy from - c:\system volume information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1517\A0907097.SYS

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_.redbook

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))

.

.

2011-12-02 01:36 . 2007-09-29 08:56 483328 ----a-w- c:\windows\system32\Ati2evxx.exe

2011-12-02 01:35 . 2008-04-14 06:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-02 01:35 . 2008-04-14 06:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-01 23:47 . 2011-12-01 23:47 44544 ----a-w- c:\windows\system32\drivers\tsk42.tmp

2011-11-22 23:42 . 2011-11-22 23:42 -------- d-----w- c:\program files\ESET

2011-11-17 06:59 . 2011-11-17 06:59 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-17 06:56 . 2011-11-17 06:56 -------- d-----w- c:\program files\Trend Micro

2011-11-17 06:46 . 2011-11-17 06:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-17 03:29 . 2011-12-02 00:44 -------- d-----w- c:\program files\5D3B9

2011-11-15 04:51 . 2011-11-15 04:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-14 23:34 . 2011-11-14 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-11-14 23:26 . 2011-12-02 01:34 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df

2011-11-09 01:01 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies

2011-11-09 00:23 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies

2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies Inc

2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies Inc

2011-11-08 23:11 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\windows\Logs

2011-11-08 23:07 . 2011-11-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies

2011-11-08 23:06 . 2011-12-01 03:06 -------- d-----w- c:\program files\Common Files\SMART Technologies

2011-11-08 23:05 . 2011-11-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

2011-11-03 22:26 . 2011-11-03 22:26 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE

2011-11-03 05:10 . 2011-11-03 05:10 -------- d-sh--w- c:\documents and settings\Owner\IETldCache

2011-11-03 05:02 . 2011-11-03 05:04 -------- dc-h--w- c:\windows\ie8

2011-11-03 04:47 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-11-03 04:46 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-11-03 04:46 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-11-03 04:46 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-01 23:51 . 2004-08-26 10:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41 . 2011-09-26 17:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-08-26 16:12 1858944 ----a-w- c:\windows\system32\win32k.sys

2010-01-05 22:56 . 2010-01-03 22:57 5940 ----a-w- c:\program files\display.drv

2003-09-04 22:18 . 2010-01-03 22:51 512 ----a-w- c:\program files\layout.bin

2003-08-18 20:00 . 2010-01-03 22:51 1282048 ----a-w- c:\program files\Game.exe

2003-04-17 01:19 . 2010-01-03 22:51 375808 ----a-w- c:\program files\binkw32.dll

2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"HPPQVideo"="c:\program files\Hewlett-Packard\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml" [N/A]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GmoteServer.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GmoteServer.lnk

backup=c:\windows\pss\GmoteServer.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNK

backup=c:\windows\pss\wkcalrem.LNKStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 11:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 19:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]

2007-04-25 20:28 954368 ----a-w- c:\program files\Hewlett-Packard\Dfawep\bin\hpbdfawep.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-08 22:44 36864 ----a-w- c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2003-12-09 19:17 67584 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-07 14:08 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2007-08-28 16:01 53248 ----a-w- c:\program files\Hewlett-Packard\ToolboxFX\bin\HPTLBXFX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]

c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [N/A]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\StubInstaller.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\PROGRAMS\\opera.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\5D3B9\\lvvm.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [6/9/2009 10:13 PM 18712]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]

S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe --> c:\program files\SMART Technologies\Education Software\UCService.exe [?]

S3 cpuz;cpuz;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/24/2010 4:53 PM 21504]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/23/2011 10:58 PM 137600]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55]

.

2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55]

.

2010-01-05 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-09-22 03:37]

.

2011-12-01 c:\windows\Tasks\User_Feed_Synchronization-{18717FA1-CF10-463E-87A5-FE0C63A9728A}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:50323

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 172.16.1.254

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-41831165.sys

AddRemove-Malwarebytes' Anti-Malware_is1 - k:\malwarebytes' anti-malware\unins000.exe

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-01 19:48

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

"ImagePath"="system32\drivers\tsk42.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(872)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2108)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\progra~1\MICROS~4\rapimgr.exe

.

**************************************************************************

.

Completion time: 2011-12-01 19:57:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-02 01:57

.

Pre-Run: 7,433,207,808 bytes free

Post-Run: 9,717,506,048 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

.

- - End Of File - - 456044247846E49C7F8D6100B1B14896

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:50323

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

here is the log. still get the "you are about to view pages over a secure connection..." warning when I open my home page in ie. ( home page is igoogle. Everything else unchanged.

ComboFix 11-12-02.01 - Owner 12/02/2011 10:42:23.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.409 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))

.

.

2011-12-02 03:01 . 2011-12-02 03:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-02 01:36 . 2007-09-29 08:56 483328 ----a-w- c:\windows\system32\Ati2evxx.exe

2011-12-02 01:35 . 2008-04-14 06:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-02 01:35 . 2008-04-14 06:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-01 23:47 . 2011-12-01 23:47 44544 ----a-w- c:\windows\system32\drivers\tsk42.tmp

2011-11-22 23:42 . 2011-11-22 23:42 -------- d-----w- c:\program files\ESET

2011-11-17 06:59 . 2011-11-17 06:59 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-17 06:56 . 2011-11-17 06:56 -------- d-----w- c:\program files\Trend Micro

2011-11-17 06:46 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-17 03:29 . 2011-12-02 00:44 -------- d-----w- c:\program files\5D3B9

2011-11-15 04:51 . 2011-11-15 04:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-14 23:34 . 2011-11-14 23:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-11-14 23:26 . 2011-12-02 01:34 -------- d-sh--w- c:\documents and settings\Owner\Local Settings\Application Data\ca8df1df

2011-11-09 01:01 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies

2011-11-09 00:23 . 2011-11-09 01:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies

2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SMART Technologies Inc

2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\SMART Technologies Inc

2011-11-08 23:11 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2011-11-08 23:11 . 2011-11-08 23:11 -------- d-----w- c:\windows\Logs

2011-11-08 23:07 . 2011-11-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies

2011-11-08 23:06 . 2011-12-01 03:06 -------- d-----w- c:\program files\Common Files\SMART Technologies

2011-11-08 23:05 . 2011-11-08 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

2011-11-03 22:26 . 2011-11-03 22:26 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE

2011-11-03 05:10 . 2011-11-03 05:10 -------- d-sh--w- c:\documents and settings\Owner\IETldCache

2011-11-03 05:02 . 2011-11-03 05:04 -------- dc-h--w- c:\windows\ie8

2011-11-03 04:47 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-11-03 04:46 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-11-03 04:46 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-11-03 04:46 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-01 23:51 . 2004-08-26 10:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-10-10 14:22 . 2004-08-26 18:01 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2004-08-26 16:11 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 17:41 . 2011-09-26 17:41 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 17:41 . 2004-08-26 16:12 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 17:41 . 2004-08-26 16:12 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2004-08-26 16:12 1858944 ----a-w- c:\windows\system32\win32k.sys

2010-01-05 22:56 . 2010-01-03 22:57 5940 ----a-w- c:\program files\display.drv

2003-09-04 22:18 . 2010-01-03 22:51 512 ----a-w- c:\program files\layout.bin

2003-08-18 20:00 . 2010-01-03 22:51 1282048 ----a-w- c:\program files\Game.exe

2003-04-17 01:19 . 2010-01-03 22:51 375808 ----a-w- c:\program files\binkw32.dll

2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-07 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"HPPQVideo"="c:\program files\Hewlett-Packard\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml" [N/A]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GmoteServer.lnk]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GmoteServer.lnk

backup=c:\windows\pss\GmoteServer.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^wkcalrem.LNK]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNK

backup=c:\windows\pss\wkcalrem.LNKStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 11:42 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 19:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 03:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]

2007-04-25 20:28 954368 ----a-w- c:\program files\Hewlett-Packard\Dfawep\bin\hpbdfawep.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]

2007-05-08 22:44 36864 ----a-w- c:\program files\Hewlett-Packard\HP UT\bin\hppusg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2003-12-09 19:17 67584 ----a-w- c:\windows\SOUNDMAN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2006-11-10 18:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-07-07 14:08 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2007-08-28 16:01 53248 ----a-w- c:\program files\Hewlett-Packard\ToolboxFX\bin\HPTLBXFX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]

c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [N/A]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\StubInstaller.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbLauncher.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbSetupWizard.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbControlPanel.exe"=

"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\PROGRAMS\\opera.exe"=

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe"=

"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=

"c:\\WINDOWS\\system32\\msfeedssync.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\5D3B9\\lvvm.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 phylock;phylock;c:\windows\system32\drivers\phylock.sys [6/9/2009 10:13 PM 18712]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]

S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe --> c:\program files\SMART Technologies\Education Software\UCService.exe [?]

S3 cpuz;cpuz;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 1:55 PM 135664]

S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [6/24/2010 4:53 PM 21504]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2/23/2011 10:58 PM 137600]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55]

.

2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 19:55]

.

2011-12-01 c:\windows\Tasks\User_Feed_Synchronization-{18717FA1-CF10-463E-87A5-FE0C63A9728A}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 172.16.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-02 10:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

"ImagePath"="system32\drivers\tsk42.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(872)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1228)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\progra~1\MICROS~4\rapimgr.exe

.

**************************************************************************

.

Completion time: 2011-12-02 11:08:42 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-02 17:08

ComboFix2.txt 2011-12-02 01:57

.

Pre-Run: 9,401,262,080 bytes free

Post-Run: 9,432,735,744 bytes free

.

- - End Of File - - E9C12DF675AF46564C005AB8828042ED

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Thanks so much Larry. I intend to buy the full version of mb and will reccomend it to freinds, largely due to the wonderful service you have provided. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.