Jump to content

Recommended Posts

Here are my two logs. I ran Malwarebytes and Kapersky TDSSKiller, but I am still having issues. I noticed this moring my anti virus was turned off and tried to turn it back on with no success (McAfee Virus Scan Enterprise). Whenever I search through any search engine I get redirected to some obscure web site.

Thanks for the help

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by rtrinkwalder at 12:11:04 on 2011-11-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3241.2500 [GMT -5:00]

.

AV: VirusScan Enterprise + AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IDT\WDM\stacsv.exe

svchost.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Novell\ZENworks\nalntsrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\DRIVERS\o2flash.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe

C:\WINDOWS\system32\ptumlcmsvc.exe

C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Novell\ZENworks\wm.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Novell\ZENworks\NALDESK.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

mWinlogon: System=ziswin.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\rtrinkwalder\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\applic~1.lnk - c:\program files\novell\zenworks\NALDESK.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program files\novell\zenworks\AxNalServer.dll

LSP: mswsock.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139406804265

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0B9815E1-F457-4BDF-84C4-2C3FAEABA7DF} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {b4870b70-f390-11d2-9fb9-f4ed725ea20d} - c:\program files\novell\zenworks\NalExpEx.dll

LSA: Authentication Packages = msv1_0 nwv1_0

mASetup: Sun_Java_1.6.0_12_ENG - msiexec /fu {26A24AE4-039D-4CA4-87B4-2F83216012FF} /qn

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-27 343920]

R0 NCFilter;Novell UNC Path Filter - Filter;c:\windows\system32\drivers\ncfilter.sys [2010-1-27 80000]

R0 NCRecognizer;Novell UNC Path Filter - Recognizer;c:\windows\system32\drivers\ncrecognizer.sys [2010-1-27 90240]

R0 NCUncFilter;Novell UNC Path Filter - UNC Filter;c:\windows\system32\drivers\ncuncfilter.sys [2010-1-27 14720]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-6-27 17648]

R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2003-3-18 4768]

R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [2003-3-18 4043]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-22 366152]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-3-25 22816]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-3-25 66880]

R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [2003-3-18 4080]

R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\program files\novell\zenworks\remotemanagement\rmagent\WolSerNT.exe [2003-3-18 49152]

R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-10-11 106496]

R2 Remote Management Agent;Novell ZfD Remote Management;c:\program files\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2003-10-22 135168]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-6-27 43888]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2011-6-27 113664]

R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2003-3-18 2773]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-6-27 260864]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-22 22216]

R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-6-27 41088]

R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-6-27 7391104]

R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\o2mdrxp.sys [2011-6-27 61728]

R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjxp.sys [2011-6-27 63136]

R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]

S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2010-10-11 17968]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-14 136176]

S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-3-25 147472]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe --> c:\windows\system32\mfevtps.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-14 136176]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-27 91832]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-27 43288]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-27 66600]

S3 nscmnt;Novell Local Security Context Manager;c:\windows\system32\drivers\novell\nscmnt.sys [2004-3-3 25616]

S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-10-11 59792]

S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-10-11 168208]

S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-10-11 168208]

S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [2011-10-11 80912]

S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-10-11 168848]

S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [2011-10-11 60432]

S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-10-11 168208]

S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2010-10-11 23984]

S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2010-10-11 62768]

S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [2010-10-11 34992]

S3 xauthnt;Novell XTier Authentication Service;c:\windows\system32\drivers\novell\xauthnt.sys [2004-3-24 11640]

.

=============== Created Last 30 ================

.

2011-11-22 17:03:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-22 15:43:43 -------- d-----w- c:\documents and settings\rtrinkwalder\application data\Malwarebytes

2011-11-22 15:43:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-22 15:43:32 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-22 15:43:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-22 15:02:52 -------- d-----w- c:\documents and settings\all users\application data\Citrix

2011-11-22 14:56:23 -------- d-----w- c:\program files\Citrix

2011-11-22 14:55:57 -------- d-----w- c:\documents and settings\rtrinkwalder\local settings\application data\Citrix

2011-11-22 14:55:54 103784 ----a-w- c:\documents and settings\rtrinkwalder\GoToAssistDownloadHelper.exe

2011-11-22 13:13:27 -------- d-----w- c:\documents and settings\rtrinkwalder\application data\McAfee

2011-11-22 12:56:36 -------- d-----w- c:\documents and settings\rtrinkwalder\local settings\application data\PCHealth

2011-11-22 12:56:05 -------- dc-h--w- c:\windows\ie8

2011-11-21 14:49:23 296330 ----a-w- c:\windows\system32\shimg.dll

2011-11-21 14:49:20 -------- d-sh--w- c:\documents and settings\rtrinkwalder\local settings\application data\21b42a66

2011-11-21 14:48:51 -------- d-----w- C:\Quarantine

2011-11-09 13:29:45 -------- d-----w- c:\documents and settings\rtrinkwalder\application data\LexisNexis

2011-11-09 13:16:40 -------- d-----w- c:\documents and settings\all users\application data\Seisint

2011-11-09 13:11:10 -------- d-----w- c:\documents and settings\rtrinkwalder\application data\Seisint

2011-10-31 19:22:43 -------- d-----w- c:\program files\common files\Deterministic Networks

2011-10-31 19:10:54 -------- d-----w- c:\windows\Internet Logs

2011-10-31 19:10:41 125328 ----a-w- c:\windows\system32\drivers\dne2000.sys

2011-10-31 19:10:41 106768 ----a-w- c:\windows\system32\dneinobj.dll

2011-10-31 19:10:24 -------- d-----w- c:\program files\Cisco Systems

.

==================== Find3M ====================

.

2011-11-22 16:56:51 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-11-22 16:56:48 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-11-22 16:55:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-11-21 14:55:31 72296 ----a-w- c:\windows\system32\drivers\o2flash.exe

2011-11-17 10:49:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-26 10:28:33 17920 ----a-w- c:\windows\system32\rpcnetp.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 12:11:32.25 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 6/27/2011 7:05:20 AM

System Uptime: 11/22/2011 11:55:44 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 03PH4G

Processor: Intel Pentium III Xeon processor | CPU 1 | 2294/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 210.309 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP65: 10/24/2011 8:23:07 AM - System Checkpoint

RP66: 10/24/2011 7:02:04 PM - System Checkpoint

RP67: 10/25/2011 5:03:13 AM - System Checkpoint

RP68: 10/25/2011 5:01:57 PM - System Checkpoint

RP69: 10/27/2011 11:37:52 AM - System Checkpoint

RP70: 10/27/2011 10:08:54 PM - System Checkpoint

RP71: 10/31/2011 8:51:20 AM - System Checkpoint

RP72: 10/31/2011 3:10:20 PM - Installed Cisco Systems VPN Client 5.0.03.0560

RP73: 10/31/2011 3:16:07 PM - Removed Cisco Systems VPN Client 5.0.03.0560

RP74: 10/31/2011 3:22:37 PM - Installed Cisco Systems VPN Client 5.0.03.0560

RP75: 11/1/2011 1:28:35 AM - System Checkpoint

RP76: 11/1/2011 12:41:00 PM - System Checkpoint

RP77: 11/1/2011 11:28:35 PM - System Checkpoint

RP78: 11/2/2011 10:16:34 AM - System Checkpoint

RP79: 11/2/2011 8:28:29 PM - System Checkpoint

RP80: 11/3/2011 8:49:22 AM - System Checkpoint

RP81: 11/3/2011 7:28:29 PM - System Checkpoint

RP82: 11/4/2011 6:28:29 AM - System Checkpoint

RP83: 11/6/2011 3:24:50 PM - System Checkpoint

RP84: 11/7/2011 1:54:34 AM - System Checkpoint

RP85: 11/8/2011 10:25:43 AM - System Checkpoint

RP86: 11/8/2011 9:02:42 PM - System Checkpoint

RP87: 11/9/2011 8:54:58 AM - System Checkpoint

RP88: 11/9/2011 7:02:42 PM - System Checkpoint

RP89: 11/10/2011 7:18:52 AM - Software Distribution Service 3.0

RP90: 11/14/2011 8:16:14 AM - System Checkpoint

RP91: 11/14/2011 6:22:02 PM - System Checkpoint

RP92: 11/15/2011 3:00:12 AM - Software Distribution Service 3.0

RP93: 11/15/2011 5:29:21 PM - System Checkpoint

RP94: 11/16/2011 4:29:21 AM - System Checkpoint

RP95: 11/16/2011 3:35:15 PM - System Checkpoint

RP96: 11/17/2011 2:29:21 AM - System Checkpoint

RP97: 11/17/2011 5:16:25 PM - System Checkpoint

RP98: 11/18/2011 3:51:35 AM - System Checkpoint

RP99: 11/18/2011 2:51:35 PM - System Checkpoint

RP100: 11/19/2011 1:51:35 AM - System Checkpoint

RP101: 11/19/2011 12:39:22 PM - System Checkpoint

RP102: 11/19/2011 10:48:42 PM - System Checkpoint

RP103: 11/20/2011 8:51:35 AM - System Checkpoint

RP104: 11/20/2011 7:52:40 PM - System Checkpoint

RP105: 11/21/2011 6:51:35 AM - System Checkpoint

RP106: 11/21/2011 5:51:34 PM - System Checkpoint

RP107: 11/22/2011 4:51:40 AM - System Checkpoint

RP108: 11/22/2011 7:56:19 AM - Installed Windows Internet Explorer 8.

RP109: 11/22/2011 7:56:42 AM - Software Distribution Service 3.0

RP110: 11/22/2011 8:02:55 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

32 Bit HP CIO Components Installer

7-Zip 4.65

Accurint Government Plus

Adobe Acrobat 9 Pro

Adobe Acrobat 9.4.6 - CPSID_83708

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player

Adobe Shockwave Player 11.5

AIO_Scan

BlackBerry Desktop Software 6.1

BlackBerry USB Drivers

BufferChm

Cisco Systems VPN Client 5.0.03.0560

Copy

CustomerResearchQFolder

Dell Touchpad

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DJ_AIO_Software

DJ_AIO_Software_min

eSupportQFolder

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GroupWise

GroupWise - VC8

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB944043-v3)

Hotfix for Windows XP (KB951830)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB969084)

HP Customer Participation Program 9.0

HP Deskjet All-In-One Software 9.0

HP Imaging Device Functions 9.0

hp LaserJet 4250/4350/4240

hp LaserJet Toolbox

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

Java 6 Update 12

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee Virtual Technician

McAfee VirusScan Enterprise

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mobius DocumentDirect

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP3 Parser (KB973685)

NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)

NMAS Challenge Response Method

NMAS Client

Novell Client for Windows

PANTECH UML290

PowerDVD DX

PrintKey2007

PSSWCORE

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio Update Manager

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2124261)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2290570)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2483614)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB955417)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB970483)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975254)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SolutionCenter

Sonic CinePlayer Decoder Pack

Status

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB951618-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955704)

Update for Windows XP (KB955759)

Update for Windows XP (KB958752)

Update for Windows XP (KB961503)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

User Profile Hive Cleanup Service

Verizon Wireless UML290 Firmware Updates

VideoToolkit01

VZAccess Manager

WebEx Recorder and Player

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Hotfix - KB895181

Windows Media Player 11

ZENworks for Desktops Management Agent

.

==== Event Viewer Messages From Past Week ========

.

11/22/2011 7:24:10 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/22/2011 7:24:06 AM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The system cannot find the file specified.

11/22/2011 7:24:06 AM, error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The system cannot find the file specified.

11/22/2011 11:29:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde vmscsi

11/22/2011 11:28:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/21/2011 9:55:34 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:32 AM, error: Service Control Manager [7034] - The Workstation Manager service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:32 AM, error: Service Control Manager [7034] - The User Profile Hive Cleanup service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:31 AM, error: Service Control Manager [7034] - The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:31 AM, error: Service Control Manager [7034] - The Novell ZfD Wake on LAN Status Agent service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:31 AM, error: Service Control Manager [7034] - The Novell ZfD Remote Management service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:31 AM, error: Service Control Manager [7034] - The Novell Application Launcher service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:25 AM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:25 AM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:25 AM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:25 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:24 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:24 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 9:55:24 AM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

I still have issues with redirect, and I can no get McAfee to turn on, error message, "the ordinal 1112 could not be located in the dynamic link library wsock32.dll

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.