Jump to content

Help needed with StopMalwareSite.com


Recommended Posts

I am working on a PC that had Antivirus GT loaded on it (a piece of scareware - his wife is click-happy). It apparently loaded a bunch of malware on the PC and now it redirects intercepts every IE request and displays a red box claiming that the target site refused the connection because of an infected PC. The PC is running Windows XP Professional, SP3. MalwareBytes and MS Security Essentials have found a couple of infections and removed them, but the problem persists. I would appreciate any help that anyone can offer.

Below are the log files from RSIT, GMER and Security Check. Again, any help would be appreciated. Thanks in advance.

RSIT Log.txt:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Administrator at 2010-08-23 18:15:28

Microsoft Windows XP Professional Service Pack 3

System drive C: has 180 GB (94%) free of 191 GB

Total RAM: 1015 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3F3508C-D26D-4094-90E6-1B0F4C8627DB}]

brumaqpyxgrm Object - C:\WINDOWS\$NtUninstallMTF1011$\mmx.dll [2010-08-17 247296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5D4DC23-C4EB-4359-9115-4B138567AE0F}]

adfaqpyxpr Object - C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll [2010-08-17 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-03-29 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-09-30 155648]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-09-30 126976]

"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-07-30 143360]

"MAKTray"=C:\WINDOWS\MAKTray.exe [2004-08-27 287232]

"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2006-01-03 219648]

"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-20 525824]

"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

"EEventManager"=C:\Program Files\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]

"bipro"=rundll32 C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll,,Run []

"owvoodnd"=C:\Documents and Settings\NetworkService\Local Settings\Application Data\rwqnumbnk\jqrajbkshdw.exe [2010-08-23 256512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"EPSON NX125 NX127 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGA.EXE [2009-09-14 200704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

Epson all-in-one Registration.lnk - E:\Common\EpsonReg\EpsonReg.exe

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2004-09-30 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager.exe"

"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-23 18:15:29 ----D---- C:\Program Files\trend micro

2010-08-23 18:15:28 ----D---- C:\rsit

2010-08-23 13:11:56 ----D---- C:\WINDOWS\ERDNT

2010-08-23 13:11:31 ----D---- C:\Program Files\ERUNT

2010-08-23 12:56:32 ----A---- C:\WINDOWS\ntbtlog.txt

2010-08-23 12:54:11 ----D---- C:\Documents and Settings\Administrator\Application Data\Street-Ads

2010-08-23 12:54:11 ----D---- C:\Documents and Settings\Administrator\Application Data\Sky-Banners

2010-08-23 12:50:53 ----A---- C:\WINDOWS\ubirebevamikumi.dll

2010-08-23 12:50:24 ----A---- C:\WINDOWS\system32\drivers\gevfcaz.sys

2010-08-23 12:50:23 ----D---- C:\WINDOWS\$NtUninstallMTF1011$

2010-08-23 03:32:56 ----D---- C:\WINDOWS\Minidump

2010-08-22 22:39:40 ----D---- C:\Program Files\CCleaner

2010-08-22 19:22:46 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2010-08-22 19:22:40 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-08-22 19:22:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-08-22 19:22:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-08-22 19:22:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2010-08-22 19:00:15 ----D---- C:\Documents and Settings\Administrator\Application Data\GetRightToGo

2010-08-22 18:15:12 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys

2010-08-22 18:15:05 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys

2010-08-22 18:15:00 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS

2010-08-20 18:28:16 ----SHD---- C:\WINDOWS\CSC

2010-08-20 15:06:31 ----D---- C:\WINDOWS\system32\appmgmt

2010-08-20 03:16:58 ----A---- C:\WINDOWS\EEventManager.INI

2010-08-20 03:00:25 ----SHD---- C:\Config.Msi

2010-08-19 23:51:40 ----D---- C:\WINDOWS\Sun

2010-08-19 19:38:09 ----D---- C:\Documents and Settings\Administrator\Application Data\Google

2010-08-19 19:23:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-08-19 19:22:29 ----D---- C:\Program Files\Google

2010-08-19 19:22:10 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

2010-08-19 03:46:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Leader Technologies

2010-08-19 03:46:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Epson

2010-08-19 03:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$

2010-08-19 03:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$

2010-08-19 03:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$

2010-08-19 03:12:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$

2010-08-19 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$

2010-08-19 03:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$

2010-08-19 03:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$

2010-08-19 03:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$

2010-08-18 17:49:22 ----D---- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications

2010-08-18 15:41:13 ----RHD---- C:\MSOCache

2010-08-18 15:35:56 ----D---- C:\Documents and Settings\Administrator\Application Data\SoftGrid Client

2010-08-18 15:34:13 ----D---- C:\Program Files\Common Files\DESIGNER

2010-08-18 15:34:08 ----D---- C:\Program Files\Microsoft Application Virtualization Client

2010-08-18 15:33:14 ----D---- C:\Documents and Settings\Administrator\Application Data\TP

2010-08-18 15:23:23 ----D---- C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage

2010-08-18 15:23:14 ----D---- C:\Program Files\Microsoft ActiveSync

2010-08-18 15:23:12 ----D---- C:\WINDOWS\ShellNew

2010-08-18 15:12:53 ----D---- C:\Program Files\Common Files\EPSON

2010-08-18 15:06:10 ----D---- C:\Documents and Settings\Administrator\Application Data\Leadertech

2010-08-18 14:47:22 ----D---- C:\Program Files\LTCM Client

2010-08-18 14:46:56 ----D---- C:\Documents and Settings\All Users\Application Data\UDL

2010-08-18 14:01:02 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys

2010-08-18 14:00:50 ----A---- C:\WINDOWS\system32\PICSDK2.dll

2010-08-18 14:00:50 ----A---- C:\WINDOWS\system32\PICSDK.ini

2010-08-18 14:00:50 ----A---- C:\WINDOWS\system32\PICSDK.dll

2010-08-18 14:00:50 ----A---- C:\WINDOWS\system32\PICEntry.dll

2010-08-18 14:00:50 ----A---- C:\WINDOWS\system32\EpPicPrt.dll

2010-08-18 14:00:49 ----A---- C:\WINDOWS\system32\EpPicMgr.dll

2010-08-18 14:00:47 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield

2010-08-18 14:00:30 ----A---- C:\WINDOWS\system32\E_FLBGGA.DLL

2010-08-18 14:00:30 ----A---- C:\WINDOWS\system32\E_FD4BGGA.DLL

2010-08-18 14:00:14 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-08-18 14:00:11 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON

2010-08-18 13:59:44 ----D---- C:\Program Files\Epson Software

2010-08-18 13:59:16 ----A---- C:\WINDOWS\system32\eswiaud.dll

2010-08-18 13:59:16 ----A---- C:\WINDOWS\system32\esdevapp.exe

2010-08-18 13:59:16 ----A---- C:\WINDOWS\system32\escdev.dll

2010-08-18 13:59:14 ----D---- C:\Program Files\epson

2010-08-18 13:58:46 ----A---- C:\WINDOWS\ENX125_127.ini

2010-08-18 13:56:09 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys

2010-08-18 13:51:46 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-08-18 13:51:46 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-08-18 13:50:47 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys

2010-08-11 19:13:59 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\zh-TW

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\zh-HK

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\tr-TR

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\sv-SE

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\pt-BR

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\nl-NL

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\nb-NO

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\ko-KR

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\it-IT

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\he-IL

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\fr-FR

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\fi-FI

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\es-ES

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\el-GR

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\de-DE

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\da-DK

2010-08-08 12:55:22 ----D---- C:\WINDOWS\system32\ar-SA

2010-08-08 12:53:28 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-08-08 12:52:37 ----A---- C:\WINDOWS\system32\hccoin.dll

2010-08-08 12:52:37 ----A---- C:\WINDOWS\system32\drivers\usbehci.sys

2010-08-08 12:52:25 ----A---- C:\WINDOWS\system32\drivers\redbook.sys

2010-08-08 12:52:22 ----A---- C:\WINDOWS\system32\drivers\wmiacpi.sys

2010-08-08 12:49:59 ----ASH---- C:\pagefile.sys

2010-08-08 12:48:47 ----A---- C:\WINDOWS\system32\igfxzoom.exe

2010-08-08 12:48:47 ----A---- C:\WINDOWS\system32\igfxtray.exe

2010-08-08 12:48:47 ----A---- C:\WINDOWS\system32\igfxsrvc.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxress.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxpph.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxhk.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxext.exe

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxexps.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxeud.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxdo.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxdiag.exe

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxdgps.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxdev.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\igfxcfg.exe

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmrnt5.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmrem.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmgicd.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmgdev.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmdnt5.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmdev5.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\ialmdd5.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\iAlmCoIn_v3924.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\hkcmd.exe

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\hccutils.dll

2010-08-08 12:48:46 ----A---- C:\WINDOWS\system32\drivers\ialmnt5.sys

2010-08-08 12:48:42 ----A---- C:\WINDOWS\system32\drivers\b57xp32.sys

2010-08-08 12:48:40 ----A---- C:\WINDOWS\system32\drivers\smwdm.sys

2010-08-08 12:48:40 ----A---- C:\WINDOWS\system32\drivers\smsens.sys

2010-08-08 12:48:39 ----A---- C:\WINDOWS\system32\drivers\aeaudio.sys

2010-08-08 12:48:39 ----A---- C:\WINDOWS\system32\a3d.dll

2010-08-08 12:48:27 ----SD---- C:\WINDOWS\Tasks

2010-08-08 12:48:27 ----RD---- C:\WINDOWS\Web

2010-08-08 12:48:27 ----D---- C:\WINDOWS\WinSxS

2010-08-08 12:48:27 ----D---- C:\WINDOWS\twain_32

2010-08-08 12:48:27 ----D---- C:\WINDOWS\Temp

2010-08-08 12:48:27 ----D---- C:\WINDOWS\system32\xircom

2010-08-08 12:48:27 ----D---- C:\WINDOWS\system32\wins

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\wbem

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\usmt

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\spool

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\ShellExt

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\Setup

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\Restore

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\ras

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\oobe

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\npp

2010-08-08 12:48:26 ----D---- C:\WINDOWS\system32\mui

2010-08-08 12:48:25 ----SD---- C:\WINDOWS\system32\Microsoft

2010-08-08 12:48:25 ----RSHD---- C:\WINDOWS\system32\dllcache

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\MsDtc

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\Macromed

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\inetsrv

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\IME

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\icsxml

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\ias

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\export

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\drivers\etc

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\drivers\disdn

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\drivers

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\DirectX

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\dhcp

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\config

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\Com

2010-08-08 12:48:25 ----D---- C:\WINDOWS\system32\CatRoot2

2010-08-08 12:48:24 ----RD---- C:\WINDOWS\Offline Web Pages

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\CatRoot

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\3com_dmi

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\3076

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\2052

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1054

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1042

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1041

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1037

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1033

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1031

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1028

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32\1025

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system32

2010-08-08 12:48:24 ----D---- C:\WINDOWS\system

2010-08-08 12:48:24 ----D---- C:\WINDOWS\srchasst

2010-08-08 12:48:24 ----D---- C:\WINDOWS\SoftwareDistribution

2010-08-08 12:48:24 ----D---- C:\WINDOWS\security

2010-08-08 12:48:24 ----D---- C:\WINDOWS\Resources

2010-08-08 12:48:24 ----D---- C:\WINDOWS\repair

2010-08-08 12:48:24 ----D---- C:\WINDOWS\Registration

2010-08-08 12:48:24 ----D---- C:\WINDOWS\Provisioning

2010-08-08 12:48:24 ----D---- C:\WINDOWS\PeerNet

2010-08-08 12:48:24 ----D---- C:\WINDOWS\pchealth

2010-08-08 12:48:24 ----D---- C:\WINDOWS\mui

2010-08-08 12:48:24 ----D---- C:\WINDOWS\msapps

2010-08-08 12:48:24 ----D---- C:\WINDOWS\msagent

2010-08-08 12:48:24 ----D---- C:\WINDOWS\Media

2010-08-08 12:48:23 ----SHD---- C:\WINDOWS\Installer

2010-08-08 12:48:23 ----HD---- C:\WINDOWS\inf

2010-08-08 12:48:23 ----D---- C:\WINDOWS\java

2010-08-08 12:48:23 ----D---- C:\WINDOWS\ime

2010-08-08 12:48:22 ----SHD---- C:\System Volume Information

2010-08-08 12:48:22 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-08-08 12:48:22 ----RSD---- C:\WINDOWS\Fonts

2010-08-08 12:48:22 ----RD---- C:\Program Files

2010-08-08 12:48:22 ----HD---- C:\Program Files\WindowsUpdate

2010-08-08 12:48:22 ----HD---- C:\Program Files\Uninstall Information

2010-08-08 12:48:22 ----D---- C:\WINDOWS\Help

2010-08-08 12:48:22 ----D---- C:\WINDOWS\ehome

2010-08-08 12:48:22 ----D---- C:\WINDOWS\Driver Cache

2010-08-08 12:48:22 ----D---- C:\WINDOWS\Debug

2010-08-08 12:48:22 ----D---- C:\WINDOWS\Cursors

2010-08-08 12:48:22 ----D---- C:\WINDOWS\Connection Wizard

2010-08-08 12:48:22 ----D---- C:\WINDOWS\Config

2010-08-08 12:48:22 ----D---- C:\WINDOWS\AppPatch

2010-08-08 12:48:22 ----D---- C:\WINDOWS\addins

2010-08-08 12:48:22 ----D---- C:\WINDOWS

2010-08-08 12:48:22 ----D---- C:\Program Files\xerox

2010-08-08 12:48:22 ----D---- C:\Program Files\Windows NT

2010-08-08 12:48:22 ----D---- C:\Program Files\Windows Media Player

2010-08-08 12:48:22 ----D---- C:\Program Files\Outlook Express

2010-08-08 12:48:22 ----D---- C:\Program Files\Online Services

2010-08-08 12:48:22 ----D---- C:\Program Files\NetMeeting

2010-08-08 12:48:22 ----D---- C:\Program Files\MSN Gaming Zone

2010-08-08 12:48:22 ----D---- C:\Program Files\MSN

2010-08-08 12:48:22 ----D---- C:\Program Files\Movie Maker

2010-08-08 12:48:22 ----D---- C:\Program Files\microsoft frontpage

2010-08-08 12:48:22 ----D---- C:\Program Files\Messenger

2010-08-08 12:48:22 ----D---- C:\Program Files\Internet Explorer

2010-08-08 12:48:22 ----D---- C:\Program Files\ComPlus Applications

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files\System

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files\SpeechEngines

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files\Services

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files\ODBC

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files\MSSoap

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files\Microsoft Shared

2010-08-08 12:48:22 ----D---- C:\Program Files\Common Files

2010-08-08 12:48:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-08-08 12:48:21 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2010-08-08 12:48:21 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities

2010-08-08 12:48:21 ----D---- C:\Documents and Settings

2010-08-08 12:48:21 ----D---- C:\Cpqapps

2010-08-08 12:47:01 ----A---- C:\WINDOWS\ODBC.INI

2010-08-08 12:46:56 ----RASH---- C:\boot.ini

2010-08-08 12:46:20 ----A---- C:\WINDOWS\win.ini

2010-08-08 12:46:20 ----A---- C:\WINDOWS\vbaddin.ini

2010-08-08 12:46:20 ----A---- C:\WINDOWS\vb.ini

2010-08-08 12:46:13 ----A---- C:\WINDOWS\system32\winntbbu.dll

2010-08-08 12:45:59 ----A---- C:\WINDOWS\system32\vwipxspx.exe

2010-08-08 12:45:59 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2010-08-08 12:45:55 ----A---- C:\WINDOWS\system32\telnet.exe

2010-08-08 12:45:51 ----A---- C:\WINDOWS\system32\spnpinst.exe

2010-08-08 12:45:48 ----A---- C:\WINDOWS\system32\share.exe

2010-08-08 12:45:42 ----A---- C:\WINDOWS\system32\prodspec.ini

2010-08-08 12:45:42 ----A---- C:\WINDOWS\system32\pidgen.dll

2010-08-08 12:45:41 ----A---- C:\WINDOWS\system32\perffilt.ini

2010-08-08 12:45:20 ----A---- C:\WINDOWS\system32\ntsdexts.dll

2010-08-08 12:45:20 ----A---- C:\WINDOWS\system32\ntsd.exe

2010-08-08 12:45:18 ----A---- C:\WINDOWS\system32\ntdll.dll

2010-08-08 12:45:16 ----A---- C:\WINDOWS\system32\netsetup.exe

2010-08-08 12:45:15 ----D---- C:\Program Files\Microsoft Office

2010-08-08 12:44:54 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2010-08-08 12:44:53 ----A---- C:\WINDOWS\system32\mscdexnt.exe

2010-08-08 12:44:48 ----A---- C:\WINDOWS\system32\login.cmd

2010-08-08 12:44:47 ----A---- C:\WINDOWS\system32\loadfix.com

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdycl.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdycc.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbduzb.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdusx.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdusr.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdusl.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdus.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdur.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbduk.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdtuq.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdtuf.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdtat.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdsw.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdsp.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdsl1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdsl.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdsg.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdsf.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdru1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdru.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdro.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdpo.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdpl1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdpl.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdno.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdnec.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdne.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdmon.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdlv1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdlv.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdlt1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdlt.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdla.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdkyr.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdkaz.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdit142.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdit.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdir.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdic.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhu1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhu.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhept.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhela3.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhela2.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhe319.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhe220.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdhe.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdgr1.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdgr.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdgkl.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdgae.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdfr.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdfi.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdfc.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdest.dll

2010-08-08 12:44:46 ----A---- C:\WINDOWS\system32\kbdes.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbddv.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdda.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdcz2.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdcz1.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdcz.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdcr.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdca.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdbu.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdbr.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdblr.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdbe.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdazel.dll

2010-08-08 12:44:45 ----A---- C:\WINDOWS\system32\kbdaze.dll

2010-08-08 12:44:43 ----A---- C:\WINDOWS\system32\imagehlp.dll

2010-08-08 12:44:40 ----A---- C:\WINDOWS\system32\h323log.txt

2010-08-08 12:44:38 ----A---- C:\WINDOWS\system32\fastopen.exe

2010-08-08 12:44:38 ----A---- C:\WINDOWS\system32\exts.dll

2010-08-08 12:44:38 ----A---- C:\WINDOWS\system32\expand.exe

2010-08-08 12:44:37 ----A---- C:\WINDOWS\system32\eula.txt

2010-08-08 12:44:30 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys

2010-08-08 12:44:28 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys

2010-08-08 12:44:27 ----A---- C:\WINDOWS\system32\drivers\gmreadme.txt

2010-08-08 12:44:19 ----AH---- C:\WINDOWS\system32\desktop.ini

2010-08-08 12:44:19 ----A---- C:\WINDOWS\system32\dbghelp.dll

2010-08-08 12:44:18 ----A---- C:\WINDOWS\system32\dbgeng.dll

2010-08-08 12:44:08 ----A---- C:\WINDOWS\system32\cabinet.dll

2010-08-08 12:44:07 ----A---- C:\WINDOWS\system32\autofmt.exe

2010-08-08 12:44:06 ----A---- C:\WINDOWS\system32\autochk.exe

2010-08-08 12:44:00 ----A---- C:\WINDOWS\system32\KBDAL.DLL

2010-08-08 12:43:51 ----A---- C:\WINDOWS\system.ini

2010-08-08 12:43:41 ----A---- C:\WINDOWS\regedit.exe

2010-08-08 12:43:16 ----A---- C:\WINDOWS\msdfmap.ini

2010-08-08 12:43:13 ----AH---- C:\WINDOWS\desktop.ini

2010-08-08 12:43:13 ----A---- C:\WINDOWS\control.ini

2010-08-08 12:43:12 ----A---- C:\WINDOWS\_default.pif

2010-08-08 12:42:32 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-08-08 12:37:04 ----D---- C:\i386

2010-08-08 12:36:01 ----A---- C:\WINDOWS\system32\oeminfo.ini

2010-08-08 12:34:55 ----D---- C:\Compaq

2010-08-08 12:31:32 ----HD---- C:\SYSTEM.SAV

2010-08-08 12:30:41 ----RASH---- C:\NTDETECT.COM

2010-08-08 12:30:17 ----D---- C:\WINDOWS\system32\WindowsPowerShell

2010-08-08 12:30:15 ----D---- C:\WINDOWS\system32\winrm

2010-08-08 12:30:11 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$

2010-08-08 12:30:09 ----D---- C:\WINDOWS\$NtUninstallKB968930$

2010-08-08 12:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2010-08-08 12:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2010-08-08 12:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-08-08 12:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2010-08-08 12:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2010-08-08 12:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-08-08 11:49:58 ----D---- C:\Program Files\Microsoft.NET

2010-08-08 11:48:12 ----D---- C:\Program Files\Microsoft Silverlight

2010-08-08 11:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-08-08 11:43:41 ----D---- C:\WINDOWS\system32\XPSViewer

2010-08-08 11:43:37 ----D---- C:\Program Files\MSBuild

2010-08-08 11:43:30 ----D---- C:\Program Files\Reference Assemblies

2010-08-08 11:43:03 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2010-08-08 11:43:03 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2010-08-08 11:43:03 ----N---- C:\WINDOWS\system32\prntvpt.dll

2010-08-08 11:43:02 ----D---- C:\590d8f5cf3ca16200893

2010-08-08 11:42:42 ----D---- C:\Program Files\Program Shortcuts

2010-08-08 11:42:19 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2010-08-08 11:40:04 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$

2010-08-08 11:40:03 ----D---- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search

2010-08-08 11:39:36 ----D---- C:\WINDOWS\system32\GroupPolicy

2010-08-08 11:39:36 ----D---- C:\Program Files\Windows Desktop Search

2010-08-08 11:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-08-08 11:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-08-08 11:38:51 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-08-08 11:38:50 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2010-08-08 11:38:35 ----D---- C:\Program Files\Windows Media Connect 2

2010-08-08 11:38:23 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2010-08-08 11:37:42 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2010-08-08 11:37:14 ----D---- C:\WINDOWS\system32\LogFiles

2010-08-08 11:37:14 ----D---- C:\WINDOWS\system32\drivers\UMDF

2010-08-08 11:37:10 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2010-08-08 11:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-08-08 11:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-08-08 11:13:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

2010-08-08 11:12:42 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia

2010-08-08 11:03:35 ----SHD---- C:\RECYCLER

2010-08-08 11:03:34 ----A---- C:\WINDOWS\smscfg.ini

2010-08-08 11:01:53 ----A---- C:\WINDOWS\IsUninst.exe

2010-08-08 11:01:27 ----D---- C:\Program Files\Compaq

2010-08-08 11:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$

2010-08-08 11:01:23 ----D---- C:\Program Files\PDF Complete

2010-08-08 11:01:23 ----A---- C:\WINDOWS\system32\pxc25pm.dll

2010-08-08 11:01:13 ----D---- C:\Program Files\HPMAK

2010-08-08 11:01:13 ----A---- C:\WINDOWS\MAKUSB.dll

2010-08-08 11:01:13 ----A---- C:\WINDOWS\MAKTray.exe

2010-08-08 11:01:13 ----A---- C:\WINDOWS\MAKHkey.exe

2010-08-08 11:01:13 ----A---- C:\WINDOWS\MAKHkdll.dll

2010-08-08 11:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$

2010-08-08 10:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$

2010-08-08 10:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$

2010-08-08 10:59:41 ----D---- C:\Program Files\HPQ

2010-08-08 10:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$

2010-08-08 10:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$

2010-08-08 10:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$

2010-08-08 10:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$

2010-08-08 10:59:15 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll

2010-08-08 10:59:15 ----A---- C:\WINDOWS\system32\IVIresizePX.dll

2010-08-08 10:59:15 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll

2010-08-08 10:59:15 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll

2010-08-08 10:59:15 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll

2010-08-08 10:59:15 ----A---- C:\WINDOWS\system32\IVIresize.dll

2010-08-08 10:59:13 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$

2010-08-08 10:59:12 ----D---- C:\Program Files\InterVideo

2010-08-08 10:59:08 ----RASH---- C:\MSDOS.SYS

2010-08-08 10:59:08 ----RASH---- C:\IO.SYS

2010-08-08 10:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

2010-08-08 10:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

2010-08-08 10:58:59 ----D---- C:\Program Files\Altiris

2010-08-08 10:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-08-08 10:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$

2010-08-08 10:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$

2010-08-08 10:58:40 ----A---- C:\WINDOWS\system32\Baspxp32.dll

2010-08-08 10:58:39 ----D---- C:\Program Files\Broadcom

2010-08-08 10:58:36 ----D---- C:\WINDOWS\Downloaded Installations

2010-08-08 10:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-08-08 10:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-08-08 10:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-08-08 10:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-08-08 10:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-08-08 10:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

2010-08-08 10:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-08-08 10:57:48 ----A---- C:\WINDOWS\system32\wdmioctl.dll

2010-08-08 10:57:48 ----A---- C:\WINDOWS\system32\SMMedia.dll

2010-08-08 10:57:48 ----A---- C:\WINDOWS\SynthCoreA.Dll

2010-08-08 10:57:48 ----A---- C:\WINDOWS\SynCor.exe

2010-08-08 10:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-08-08 10:57:47 ----HD---- C:\Program Files\InstallShield Installation Information

2010-08-08 10:57:47 ----D---- C:\Program Files\Analog Devices

2010-08-08 10:57:47 ----A---- C:\WINDOWS\system32\SynthCore11Resources.dll

2010-08-08 10:57:47 ----A---- C:\WINDOWS\system32\Syncor11.dll

2010-08-08 10:57:47 ----A---- C:\WINDOWS\system32\S11thk32.dll

2010-08-08 10:57:47 ----A---- C:\WINDOWS\system32\msssc.dll

2010-08-08 10:57:47 ----A---- C:\WINDOWS\system32\DSndUp.exe

2010-08-08 10:57:47 ----A---- C:\WINDOWS\system32\CleanUp.exe

2010-08-08 10:57:45 ----D---- C:\Program Files\Common Files\InstallShield

2010-08-08 10:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-08-08 10:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-08-08 10:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-08-08 10:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-08-08 10:57:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun

2010-08-08 10:57:12 ----A---- C:\WINDOWS\system32\javaw.exe

2010-08-08 10:57:12 ----A---- C:\WINDOWS\system32\java.exe

2010-08-08 10:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-08-08 10:57:04 ----D---- C:\Program Files\Java

2010-08-08 10:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2010-08-08 10:57:03 ----D---- C:\Program Files\Common Files\Java

2010-08-08 10:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-08-08 10:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2010-08-08 10:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB886199$

2010-08-08 10:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2010-08-08 10:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2010-08-08 10:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2010-08-08 10:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$

2010-08-08 10:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

2010-08-08 10:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$

2010-08-08 10:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$

2010-08-08 10:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$

2010-08-08 10:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$

2010-08-08 10:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$

2010-08-08 10:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$

2010-08-08 10:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$

2010-08-08 10:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2010-08-08 10:55:14 ----RSD---- C:\WINDOWS\assembly

2010-08-08 10:55:14 ----D---- C:\WINDOWS\Microsoft.NET

2010-08-08 10:55:13 ----D---- C:\WINDOWS\system32\URTTemp

2010-08-08 10:54:50 ----D---- C:\WINDOWS\ie8updates

2010-08-08 10:54:32 ----D---- C:\WINDOWS\WBEM

2010-08-08 10:53:36 ----HDC---- C:\WINDOWS\ie8

2010-08-08 10:52:47 ----A---- C:\WINDOWS\system32\MRT.exe

2010-08-08 10:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2010-08-08 10:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2010-08-08 10:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2010-08-08 10:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2010-08-08 10:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2010-08-08 10:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2010-08-08 10:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2010-08-08 10:50:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2010-08-08 10:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2010-08-08 10:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2010-08-08 10:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2010-08-08 10:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2010-08-08 10:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2010-08-08 10:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2010-08-08 10:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2010-08-08 10:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2010-08-08 10:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2010-08-08 10:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2010-08-08 10:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2010-08-08 10:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2010-08-08 10:49:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2010-08-08 10:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2010-08-08 10:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2010-08-08 10:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2010-08-08 10:48:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2010-08-08 10:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2010-08-08 10:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2010-08-08 10:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2010-08-08 10:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2010-08-08 10:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2010-08-08 10:37:53 ----N---- C:\WINDOWS\system32\xpsp4res.dll

2010-08-08 10:34:32 ----D---- C:\WINDOWS\Prefetch

2010-08-08 10:29:47 ----D---- C:\WINDOWS\system32\scripting

2010-08-08 10:29:47 ----D---- C:\WINDOWS\system32\en-us

2010-08-08 10:29:46 ----D---- C:\WINDOWS\system32\en

2010-08-08 10:29:46 ----D---- C:\WINDOWS\l2schemas

2010-08-08 10:29:45 ----D---- C:\WINDOWS\system32\bits

2010-08-08 10:26:58 ----D---- C:\WINDOWS\ServicePackFiles

2010-08-08 10:24:32 ----D---- C:\WINDOWS\network diagnostic

2010-08-08 10:21:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2010-08-08 10:15:10 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys

2010-08-08 10:15:10 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys

2010-08-08 10:15:10 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys

2010-08-08 10:15:10 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys

2010-08-08 10:15:10 ----N---- C:\WINDOWS\system32\drivers\recagent.sys

2010-08-08 10:15:09 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys

2010-08-08 10:15:08 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys

2010-08-08 10:15:08 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys

2010-08-08 10:15:05 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys

2010-08-08 10:15:01 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2010-08-08 10:15:00 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2010-08-08 10:15:00 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2010-08-08 10:13:34 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys

2010-08-08 10:13:34 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys

2010-08-08 10:13:34 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys

2010-08-08 10:13:34 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys

2010-08-08 10:13:34 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys

2010-08-08 10:04:36 ----D---- C:\WINDOWS\system32\PreInstall

2010-08-08 10:04:36 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2010-08-08 10:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

2010-08-08 09:56:13 ----N---- C:\WINDOWS\system32\MpSigStub.exe

2010-08-08 09:50:26 ----D---- C:\Program Files\Microsoft Security Essentials

2010-08-08 09:50:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$

2010-08-08 09:50:15 ----HD---- C:\WINDOWS\$hf_mig$

2010-08-08 09:49:59 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2010-08-08 09:46:58 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2010-08-08 09:44:11 ----D---- C:\Intel

2010-08-08 09:44:10 ----A---- C:\WINDOWS\system32\igfxres.dll

2010-08-08 09:44:01 ----A---- C:\WINDOWS\system32\wmpns.dll

======List of files/folders modified in the last 1 months======

2010-08-23 18:11:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-07-27 01:30:35 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-11-16 190592]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

S1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]

S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]

S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2004-02-04 51584]

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]

S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]

S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]

S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]

S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]

S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]

S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]

S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]

S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]

S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]

S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]

S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]

S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]

S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]

S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]

S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-09-30 752093]

S3 Sftfs;Sftfs; C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys [2010-04-24 554344]

S3 Sftplay;Sftplay; C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys [2010-04-24 211432]

S3 Sftredir;Sftredir; C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys [2010-04-24 20584]

S3 Sftvol;Sftvol; C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys [2010-04-24 18280]

S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-15 612416]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-08 105472]

S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-19 135664]

S2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

RSIT Info.txt

info.txt logfile of random's system information tool 1.08 2010-08-23 18:15:34

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Broadcom Management Programs-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Epson CreativeZone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6C82F8F-2031-4825-8CC3-98C5960875C1}\Setup.exe" -l0x9

Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}\Setup.exe -runfromtemp -l0x0009 UNINST -removeonly

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)-->C:\Program Files\InstallShield Installation Information\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}\setup.exe -runfromtemp -l0x0009 -removeonly

Epson Event Manager-->MsiExec.exe /X{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}

EPSON NX125 NX127 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSGGA.EXE /R /APD /P:"EPSON NX125 NX127 Series"

EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.EXE" -l0x9

HP MAK Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{269F596B-E679-40DD-866A-DF7182A483BF}\Setup.exe" -l0x9

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Click-to-Run 2010-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall

Microsoft Office Click-to-Run 2010-->MsiExec.exe /I{90140000-006D-0409-0000-0000000FF1CE}

Microsoft Office Home and Business 2010 - English-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0062-0409-0000-0000000FF1CE}

Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x

Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI

Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Software Setup-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"

Street-Ads Browser Enhancer-->"C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

212.117.178.25 www.google.com

======Security center information======

AV: Microsoft Security Essentials (disabled)

======System event log======

Computer Name: HP23372342432

Event Code: 2001

Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.87.1480.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.6004.0

Error code: 0x8024402c

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 651

Source Name: Microsoft Antimalware

Time Written: 20100811192440.000000-300

Event Type: error

User:

Computer Name: HP23372342432

Event Code: 4

Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 637

Source Name: b57w2k

Time Written: 20100811191359.000000-300

Event Type: warning

User:

Computer Name: HP23372342432

Event Code: 20

Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417).

Record Number: 551

Source Name: Windows Update Agent

Time Written: 20100808122719.000000-300

Event Type: error

User:

Computer Name: HP23372342432

Event Code: 20

Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 433

Source Name: Print

Time Written: 20100808114314.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: HP23372342432

Event Code: 20

Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 432

Source Name: Print

Time Written: 20100808114312.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: HP23372342432

Event Code: 1020

Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 64

Source Name: ASP.NET 2.0.50727.0

Time Written: 20100808114246.000000-300

Event Type: warning

User:

Computer Name: HP23372342432

Event Code: 1008

Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 50

Source Name: Windows Search Service

Time Written: 20100808113947.000000-300

Event Type: warning

User:

Computer Name: HP23372342432

Event Code: 5603

Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 15

Source Name: WinMgmt

Time Written: 20100808103506.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: HP23372342432

Event Code: 5603

Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 14

Source Name: WinMgmt

Time Written: 20100808103506.000000-300

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: HP23372342432

Event Code: 63

Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12

Source Name: WinMgmt

Time Written: 20100808103051.000000-300

Event Type: warning

User: HP23372342432\Administrator

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0403

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

GMER.log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-23 21:52:36

Windows 5.1.2600 Service Pack 3

Running: 5f2kjzlh.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwdoyaod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text gevfcaz.sys F74B0059 12 Bytes [19, 00, 00, 86, F0, C0, C0, ...] {SBB [EAX], EAX; ADD [ESI+0x5c0c0f0], AL; PUSHF ; BTR EDX, ESP}

.text gevfcaz.sys F74B0066 20 Bytes [55, 00, D2, D0, 83, C5, 02, ...]

.text gevfcaz.sys F74B007B 85 Bytes [45, 00, 9C, 50, 8D, 64, 24, ...]

.text gevfcaz.sys F74B00D1 153 Bytes [00, 68, 3E, 27, 51, 32, FF, ...]

.text gevfcaz.sys F74B016B 72 Bytes [C7, 9C, 60, 66, 89, 0C, 24, ...]

.text ...

? C:\WINDOWS\system32\drivers\gevfcaz.sys A device attached to the system is not functioning.

PAGE Ntfs.sys F73A1E56 3 Bytes CALL 863E079A

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\explorer.exe[512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A

.text C:\WINDOWS\explorer.exe[512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\explorer.exe[512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A

.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A

.text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C

.text C:\WINDOWS\system32\svchost.exe[1084] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00B8000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86366BD0

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [bOOT] gevfcaz <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gevfcaz@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\gevfcaz@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\gevfcaz@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\gevfcaz@Group Boot Bus Extender

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 7710

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 7711

Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 7698 7704

Reg HKLM\SYSTEM\ControlSet002\Services\gevfcaz@Type 1

Reg HKLM\SYSTEM\ControlSet002\Services\gevfcaz@Start 0

Reg HKLM\SYSTEM\ControlSet002\Services\gevfcaz@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet002\Services\gevfcaz@Group Boot Bus Extender

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gevfcaz.sys (size mismatch) 783872/0 bytes executable

---- EOF - GMER 1.0.15 ----

Checkup.txt

Results of screen317's Security Check version 0.99.5

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 2 Runtime Environment, SE v1.4.2_03

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

````````````````````````````````

DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

Link to post
Share on other sites

Hi,

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Here is the ComboFix.txt:

ComboFix 10-08-24.0A - Administrator 08/24/2010 22:22:19.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.608 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))

.

2010-08-25 03:12 . 2010-08-25 03:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2010-08-23 23:15 . 2010-08-25 02:41 -------- d-----w- c:\program files\trend micro

2010-08-23 23:15 . 2010-08-25 02:41 -------- d-----w- C:\rsit

2010-08-23 18:11 . 2010-08-23 18:11 -------- d-----w- c:\program files\ERUNT

2010-08-23 17:50 . 2010-08-23 17:50 2762 ----a-w- c:\windows\ubirebevamikumi.dll

2010-08-23 03:39 . 2010-08-23 03:39 -------- d-----w- c:\program files\CCleaner

2010-08-23 00:22 . 2010-08-23 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-23 00:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-23 00:22 . 2010-08-23 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-23 00:22 . 2010-08-23 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 00:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-23 00:00 . 2010-08-23 00:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo

2010-08-22 23:15 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-08-22 23:15 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-08-22 23:15 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-08-22 23:15 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2010-08-22 23:15 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys

2010-08-20 04:51 . 2010-08-20 04:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-08-20 04:51 . 2010-08-20 04:51 -------- d-----w- c:\windows\Sun

2010-08-20 04:50 . 2010-08-20 07:57 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-20 04:27 . 2010-08-20 04:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-08-20 01:51 . 2010-08-20 01:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-08-20 01:51 . 2010-08-20 01:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-08-20 01:46 . 2010-08-20 01:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-08-20 00:38 . 2010-08-23 17:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-08-20 00:23 . 2010-08-20 00:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-08-20 00:22 . 2010-08-20 20:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2010-08-20 00:22 . 2010-08-23 17:52 -------- d-----w- c:\program files\Google

2010-08-20 00:22 . 2010-08-20 00:22 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-08-20 00:22 . 2010-08-20 00:22 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe

2010-08-20 00:22 . 2010-08-20 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-08-19 08:46 . 2010-08-19 08:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leader Technologies

2010-08-19 08:46 . 2010-08-19 08:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson

2010-08-18 22:49 . 2010-08-18 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications

2010-08-18 20:41 . 2010-08-18 20:41 -------- d-----r- C:\MSOCache

2010-08-18 20:35 . 2010-08-18 20:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SoftGrid Client

2010-08-18 20:35 . 2010-08-23 17:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\SoftGrid Client

2010-08-18 20:35 . 2010-08-18 20:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}

2010-08-18 20:35 . 2010-08-25 03:19 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client

2010-08-18 20:34 . 2010-08-18 20:34 -------- d-----w- c:\documents and settings\All Users\Microsoft

2010-08-18 20:34 . 2010-08-20 08:00 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2010-08-18 20:33 . 2010-08-18 20:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\TP

2010-08-18 20:23 . 2010-08-18 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage

2010-08-18 20:23 . 2010-08-18 20:23 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-08-18 20:23 . 2010-08-18 20:23 -------- d-----w- c:\windows\ShellNew

2010-08-18 20:12 . 2010-08-18 20:12 -------- d-----w- c:\program files\Common Files\EPSON

2010-08-18 20:06 . 2010-08-18 20:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech

2010-08-18 19:47 . 2010-08-23 17:49 -------- d-----w- c:\program files\LTCM Client

2010-08-18 19:46 . 2010-08-18 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL

2010-08-18 19:01 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-08-18 19:01 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2010-08-18 18:59 . 2010-08-18 19:46 -------- d-----w- c:\program files\Epson Software

2010-08-18 18:59 . 2009-09-17 05:00 342016 ----a-w- c:\windows\system32\eswiaud.dll

2010-08-18 18:59 . 2009-05-01 05:00 15872 ----a-w- c:\windows\system32\escdev.dll

2010-08-18 18:59 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe

2010-08-18 18:59 . 2010-08-18 19:47 -------- d-----w- c:\program files\epson

2010-08-18 18:56 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-08-18 18:56 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

2010-08-18 18:51 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-18 18:50 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-08-18 18:50 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-08-12 00:24 . 2010-08-12 00:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-12 00:13 . 2010-08-12 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-18 20:12 . 2010-08-18 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2010-08-18 19:47 . 2010-08-08 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-18 19:00 . 2010-08-18 19:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2010-08-08 18:13 . 2010-08-08 14:44 61960 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-08 17:48 . 2010-08-08 17:48 -------- d-----w- c:\program files\microsoft frontpage

2010-08-08 17:15 . 2010-08-08 16:39 -------- d-----w- c:\program files\Windows Desktop Search

2010-08-08 16:49 . 2010-08-08 16:49 -------- d-----w- c:\program files\Microsoft.NET

2010-08-08 16:48 . 2010-08-08 16:48 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-08 16:43 . 2010-08-08 16:43 -------- d-----w- c:\program files\MSBuild

2010-08-08 16:43 . 2010-08-08 16:43 -------- d-----w- c:\program files\Reference Assemblies

2010-08-08 16:42 . 2010-08-08 16:42 -------- d-----w- c:\program files\Program Shortcuts

2010-08-08 16:40 . 2010-08-08 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2010-08-08 16:38 . 2010-08-08 16:38 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-08 16:02 . 2010-08-08 16:02 1617 --sha-r- c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dc5100 MT(PZ582UA)_YB_0CBD_QMXL614_EU_46_I09E0h_SHP_V_B786C2 v01.07_T050825_WXP2_L409_M1016_J200_7Intel_8Pentium 4_92.99_#100808_N14E41677_(PZ582UA)_X_CD6_Z_2_G80862582_OLITE-ON DVD SOHD-167T.MRK

2010-06-30 12:31 . 2004-08-04 07:56 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 06:17 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 06:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 07:56 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-04 07:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 07:56 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-01 17:37 . 2010-08-08 14:56 221568 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-08-25_01.45.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-09 20:44 . 2010-08-25 03:24 86518 c:\windows\system32\perfc009.dat

+ 2010-08-25 03:09 . 2010-08-25 03:09 8192 c:\windows\ERDNT\AutoBackup\8-24-2010\Users\00000002\UsrClass.dat

+ 2004-08-09 20:44 . 2010-08-25 03:24 502818 c:\windows\system32\perfh009.dat

+ 2010-08-25 03:09 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-24-2010\ERDNT.EXE

+ 2010-08-25 03:09 . 2010-08-25 03:09 1228800 c:\windows\ERDNT\AutoBackup\8-24-2010\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]

"MAKTray"="MAKTray.exe" [2004-08-28 287232]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-01-04 219648]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 8:46 PM 135664]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 2:56 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 01:46]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 01:46]

2010-08-25 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

2010-08-25 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Vfemikerevafide - c:\windows\oupacip2.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-24 22:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x862C5ACE]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf761af28

\Driver\ACPI -> ACPI.sys @ 0xf758dcb8

\Driver\atapi -> atapi.sys @ 0xf751f852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf742bbb0

PacketIndicateHandler -> NDIS.sys @ 0xf741aa0d

SendHandler -> NDIS.sys @ 0xf742eb40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-494422526-3924072409-3259442291-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,ed,18,83,cf,2a,ed,4f,bf,10,69,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,ed,18,83,cf,2a,ed,4f,bf,10,69,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(728)

c:\windows\system32\WININET.dll

.

Completion time: 2010-08-24 22:31:31

ComboFix-quarantined-files.txt 2010-08-25 03:31

ComboFix2.txt 2010-08-25 01:48

Pre-Run: 187,387,314,176 bytes free

Post-Run: 187,379,494,912 bytes free

- - End Of File - - B4F3DA20E12C0BCCB8BF0D8730707D76

Link to post
Share on other sites

Hi,

Can you please also post the TDSSKiller log file?

The log file can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. :)

Hi, I have tried to find this but I can't? I went to My Computer>C:\ and I don't knw where to go from there. If you tell me where to find those files I'll post them.

Link to post
Share on other sites

Hi,

Can you please also post the TDSSKiller log file?

The log file can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. :)

Here is the TDSSKiller file from the computer I am working on:

2010/08/24 18:12:08.0015 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23

2010/08/24 18:12:08.0015 ================================================================================

2010/08/24 18:12:08.0015 SystemInfo:

2010/08/24 18:12:08.0015

2010/08/24 18:12:08.0015 OS Version: 5.1.2600 ServicePack: 3.0

2010/08/24 18:12:08.0015 Product type: Workstation

2010/08/24 18:12:08.0015 ComputerName: HP23372342432

2010/08/24 18:12:08.0015 UserName: Administrator

2010/08/24 18:12:08.0015 Windows directory: C:\WINDOWS

2010/08/24 18:12:08.0015 System windows directory: C:\WINDOWS

2010/08/24 18:12:08.0015 Processor architecture: Intel x86

2010/08/24 18:12:08.0015 Number of processors: 2

2010/08/24 18:12:08.0015 Page size: 0x1000

2010/08/24 18:12:08.0015 Boot type: Safe boot with network

2010/08/24 18:12:08.0015 ================================================================================

2010/08/24 18:12:08.0250 Initialize success

2010/08/24 18:12:13.0250 ================================================================================

2010/08/24 18:12:13.0250 Scan started

2010/08/24 18:12:13.0250 Mode: Manual;

2010/08/24 18:12:13.0250 ================================================================================

2010/08/24 18:12:14.0843 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/08/24 18:12:14.0921 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/24 18:12:14.0984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/08/24 18:12:15.0031 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/08/24 18:12:15.0093 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2010/08/24 18:12:15.0171 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys

2010/08/24 18:12:15.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/08/24 18:12:15.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/08/24 18:12:15.0421 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/08/24 18:12:15.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/08/24 18:12:16.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/24 18:12:16.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/24 18:12:16.0359 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/24 18:12:16.0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/24 18:12:16.0625 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/08/24 18:12:16.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/24 18:12:16.0828 Blfp (9976971b7092f5bff20073ab31ba1598) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

2010/08/24 18:12:16.0921 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/24 18:12:17.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/24 18:12:17.0187 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/24 18:12:17.0281 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/24 18:12:17.0937 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/24 18:12:18.0062 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/24 18:12:18.0171 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/24 18:12:18.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/24 18:12:18.0359 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/24 18:12:18.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/08/24 18:12:18.0593 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/24 18:12:18.0656 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/08/24 18:12:18.0843 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/24 18:12:18.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/08/24 18:12:19.0046 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/24 18:12:19.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/08/24 18:12:19.0250 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/08/24 18:12:19.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/24 18:12:19.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/24 18:12:19.0500 Suspicious service (NoAccess): gevfcaz

2010/08/24 18:12:19.0593 gevfcaz (b32882c2479a5462b69e4cf1327730ef) C:\WINDOWS\system32\drivers\gevfcaz.sys

2010/08/24 18:12:19.0593 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\gevfcaz.sys. md5: b32882c2479a5462b69e4cf1327730ef

2010/08/24 18:12:19.0640 gevfcaz - detected Locked service (1)

2010/08/24 18:12:19.0718 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/24 18:12:19.0890 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/24 18:12:20.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/24 18:12:20.0375 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/08/24 18:12:20.0468 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2010/08/24 18:12:20.0546 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2010/08/24 18:12:20.0578 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2010/08/24 18:12:20.0640 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2010/08/24 18:12:20.0703 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2010/08/24 18:12:20.0765 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2010/08/24 18:12:20.0828 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2010/08/24 18:12:20.0890 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2010/08/24 18:12:20.0953 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2010/08/24 18:12:21.0015 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2010/08/24 18:12:21.0062 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2010/08/24 18:12:21.0125 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2010/08/24 18:12:21.0187 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2010/08/24 18:12:21.0250 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2010/08/24 18:12:21.0312 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2010/08/24 18:12:21.0406 ialm (1432958dc80b7bbacf07377763d70e91) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/08/24 18:12:21.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/24 18:12:21.0812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/08/24 18:12:21.0906 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/24 18:12:21.0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/08/24 18:12:22.0078 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/24 18:12:22.0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/24 18:12:22.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/24 18:12:22.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/24 18:12:22.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/24 18:12:22.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/24 18:12:22.0640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/24 18:12:22.0687 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/24 18:12:22.0765 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/24 18:12:22.0843 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/24 18:12:23.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/24 18:12:23.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/24 18:12:23.0265 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/24 18:12:23.0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/24 18:12:23.0390 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/08/24 18:12:23.0531 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/24 18:12:23.0640 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/24 18:12:23.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/24 18:12:23.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/24 18:12:24.0046 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/24 18:12:24.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/24 18:12:24.0250 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/24 18:12:24.0328 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/24 18:12:24.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/24 18:12:24.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/24 18:12:24.0640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/24 18:12:24.0718 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/24 18:12:24.0812 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/24 18:12:24.0921 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/24 18:12:25.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/24 18:12:25.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/24 18:12:25.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/24 18:12:25.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/24 18:12:25.0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/24 18:12:25.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/24 18:12:25.0656 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/08/24 18:12:25.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/08/24 18:12:25.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/24 18:12:25.0828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/24 18:12:25.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/24 18:12:26.0000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/24 18:12:26.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/24 18:12:26.0609 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/24 18:12:26.0703 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/24 18:12:26.0796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/24 18:12:27.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/24 18:12:27.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/24 18:12:27.0484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/24 18:12:27.0562 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/24 18:12:27.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/24 18:12:27.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/24 18:12:27.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/08/24 18:12:27.0984 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/24 18:12:28.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/24 18:12:28.0390 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/24 18:12:28.0515 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/08/24 18:12:28.0609 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/08/24 18:12:28.0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/24 18:12:28.0953 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys

2010/08/24 18:12:29.0093 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys

2010/08/24 18:12:29.0218 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys

2010/08/24 18:12:29.0328 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys

2010/08/24 18:12:29.0656 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys

2010/08/24 18:12:29.0843 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/24 18:12:29.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/24 18:12:30.0156 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/24 18:12:30.0296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/24 18:12:30.0390 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/24 18:12:30.0531 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/08/24 18:12:30.0609 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/08/24 18:12:30.0703 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2010/08/24 18:12:30.0781 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/08/24 18:12:30.0843 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/08/24 18:12:30.0953 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/24 18:12:31.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/24 18:12:31.0218 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/24 18:12:31.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/24 18:12:31.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/24 18:12:31.0671 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/24 18:12:31.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/24 18:12:32.0109 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/24 18:12:32.0234 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/24 18:12:32.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/24 18:12:32.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/08/24 18:12:32.0515 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/08/24 18:12:32.0625 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/24 18:12:32.0734 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/24 18:12:32.0843 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/08/24 18:12:32.0921 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/08/24 18:12:33.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/24 18:12:33.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/24 18:12:33.0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/24 18:12:33.0640 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/08/24 18:12:33.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/08/24 18:12:34.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/08/24 18:12:34.0234 ================================================================================

2010/08/24 18:12:34.0234 Scan finished

2010/08/24 18:12:34.0234 ================================================================================

2010/08/24 18:12:34.0281 Detected object count: 1

2010/08/24 18:17:56.0546 HKLM\SYSTEM\ControlSet001\services\gevfcaz - will be deleted after reboot

2010/08/24 18:17:56.0546 HKLM\SYSTEM\ControlSet002\services\gevfcaz - will be deleted after reboot

2010/08/24 18:17:56.0562 C:\WINDOWS\system32\drivers\gevfcaz.sys - will be deleted after reboot

2010/08/24 18:17:56.0562 Locked service(gevfcaz) - User select action: Delete

2010/08/24 18:18:11.0375 Deinitialize success

Link to post
Share on other sites

Also, since these were done, I have been running MalwareBytes AntiMalware scanner on it doing full scans. It will find a few problems and I will remove them and run it again and it will be clean. Then the next day (with it unplugged from the Internet) I will plug it in just long enough to get the newest update and run it again. It will find a few different ones and we repeat the process.

Link to post
Share on other sites

Hi,

jorr1013, for you own sake, please do NOT try fixing the problem yourself. B)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=61203

Collect::
c:\windows\ubirebevamikumi.dll

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:652

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Hi,

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Here are the results of the procedure:

ComboFix 10-08-24.0A - Administrator 08/26/2010 19:02:25.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.750 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

file zipped: c:\windows\ubirebevamikumi.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\ubirebevamikumi.dll

.

((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 )))))))))))))))))))))))))))))))

.

2010-08-26 03:43 . 2010-08-26 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications

2010-08-26 03:35 . 2010-08-26 03:35 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-08-26 03:31 . 2010-08-26 03:31 -------- d-----w- C:\HPMAK

2010-08-26 03:30 . 2010-08-26 03:30 61960 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-25 03:12 . 2010-08-25 03:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search

2010-08-23 23:15 . 2010-08-25 02:41 -------- d-----w- c:\program files\trend micro

2010-08-23 23:15 . 2010-08-25 02:41 -------- d-----w- C:\rsit

2010-08-23 18:11 . 2010-08-23 18:11 -------- d-----w- c:\program files\ERUNT

2010-08-23 03:39 . 2010-08-23 03:39 -------- d-----w- c:\program files\CCleaner

2010-08-23 00:22 . 2010-08-23 00:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-23 00:22 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-23 00:22 . 2010-08-23 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-23 00:22 . 2010-08-23 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 00:22 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-23 00:00 . 2010-08-23 00:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo

2010-08-22 23:15 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-08-22 23:15 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-08-22 23:15 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-08-22 23:15 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2010-08-22 23:15 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys

2010-08-20 04:51 . 2010-08-20 04:51 -------- d-----w- c:\windows\Sun

2010-08-20 04:50 . 2010-08-20 07:57 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-20 04:27 . 2010-08-20 04:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-08-20 01:51 . 2010-08-20 01:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2010-08-20 01:46 . 2010-08-20 01:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-08-20 00:38 . 2010-08-23 17:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2010-08-20 00:23 . 2010-08-20 00:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-08-19 08:46 . 2010-08-19 08:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leader Technologies

2010-08-19 08:46 . 2010-08-19 08:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Epson

2010-08-18 20:41 . 2010-08-18 20:41 -------- d-----r- C:\MSOCache

2010-08-18 20:35 . 2010-08-18 20:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SoftGrid Client

2010-08-18 20:35 . 2010-08-26 23:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SoftGrid Client

2010-08-18 20:35 . 2010-08-18 20:35 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0062-0409-0000-0000000FF1CE}

2010-08-18 20:35 . 2010-08-26 23:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client

2010-08-18 20:34 . 2010-08-18 20:34 -------- d-----w- c:\documents and settings\All Users\Microsoft

2010-08-18 20:34 . 2010-08-20 08:00 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2010-08-18 20:33 . 2010-08-18 20:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\TP

2010-08-18 20:23 . 2010-08-18 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage

2010-08-18 20:23 . 2010-08-18 20:23 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-08-18 20:23 . 2010-08-18 20:23 -------- d-----w- c:\windows\ShellNew

2010-08-18 20:12 . 2010-08-18 20:12 -------- d-----w- c:\program files\Common Files\EPSON

2010-08-18 20:06 . 2010-08-18 20:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech

2010-08-18 19:46 . 2010-08-18 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL

2010-08-18 19:01 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-08-18 19:01 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

2010-08-18 18:59 . 2010-08-18 19:46 -------- d-----w- c:\program files\Epson Software

2010-08-18 18:59 . 2009-09-17 05:00 342016 ----a-w- c:\windows\system32\eswiaud.dll

2010-08-18 18:59 . 2009-05-01 05:00 15872 ----a-w- c:\windows\system32\escdev.dll

2010-08-18 18:59 . 2009-05-01 05:00 128392 ----a-w- c:\windows\system32\esdevapp.exe

2010-08-18 18:59 . 2010-08-18 19:47 -------- d-----w- c:\program files\epson

2010-08-18 18:56 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-08-18 18:56 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

2010-08-18 18:51 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-08-18 18:50 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-08-18 18:50 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-08-12 00:24 . 2010-08-12 00:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-08-12 00:13 . 2010-08-12 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-26 03:18 . 2010-08-08 15:58 -------- d-----w- c:\program files\Altiris

2010-08-18 20:12 . 2010-08-18 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2010-08-18 19:47 . 2010-08-08 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-18 19:00 . 2010-08-18 19:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield

2010-08-08 17:48 . 2010-08-08 17:48 -------- d-----w- c:\program files\microsoft frontpage

2010-08-08 17:15 . 2010-08-08 16:39 -------- d-----w- c:\program files\Windows Desktop Search

2010-08-08 16:49 . 2010-08-08 16:49 -------- d-----w- c:\program files\Microsoft.NET

2010-08-08 16:48 . 2010-08-08 16:48 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-08 16:43 . 2010-08-08 16:43 -------- d-----w- c:\program files\MSBuild

2010-08-08 16:43 . 2010-08-08 16:43 -------- d-----w- c:\program files\Reference Assemblies

2010-08-08 16:42 . 2010-08-08 16:42 -------- d-----w- c:\program files\Program Shortcuts

2010-08-08 16:40 . 2010-08-08 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search

2010-08-08 16:38 . 2010-08-08 16:38 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-08 16:02 . 2010-08-08 16:02 1617 --sha-r- c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dc5100 MT(PZ582UA)_YB_0CBD_QMXL614_EU_46_I09E0h_SHP_V_B786C2 v01.07_T050825_WXP2_L409_M1016_J200_7Intel_8Pentium 4_92.99_#100808_N14E41677_(PZ582UA)_X_CD6_Z_2_G80862582_OLITE-ON DVD SOHD-167T.MRK

2010-08-08 16:01 . 2010-08-08 16:01 -------- d-----w- c:\program files\Compaq

2010-08-08 16:01 . 2010-08-08 16:01 -------- d-----w- c:\program files\HPMAK

2010-08-08 15:59 . 2010-08-08 15:59 -------- d-----w- c:\program files\HPQ

2010-08-08 15:59 . 2010-08-08 15:57 -------- d-----w- c:\program files\Common Files\InstallShield

2010-08-08 15:59 . 2010-08-08 15:59 -------- d-----w- c:\program files\InterVideo

2010-08-08 15:58 . 2010-08-08 15:58 -------- d-----w- c:\program files\Broadcom

2010-08-08 15:57 . 2010-08-08 15:57 -------- d-----w- c:\program files\Analog Devices

2010-08-08 15:31 . 2004-08-09 20:32 87883 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-08-08 14:50 . 2010-08-08 14:50 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-08-08 14:48 . 2010-08-08 16:01 -------- d-----w- c:\program files\PDF Complete

2010-06-30 12:31 . 2004-08-04 07:56 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 06:17 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 06:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 07:56 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-04 07:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 07:56 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-08-25_01.45.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-09 20:44 . 2010-08-27 00:04 86518 c:\windows\system32\perfc009.dat

+ 2010-08-25 12:09 . 2010-08-25 12:09 8192 c:\windows\ERDNT\AutoBackup\8-25-2010\Users\00000002\UsrClass.dat

+ 2010-08-25 03:09 . 2010-08-25 03:09 8192 c:\windows\ERDNT\AutoBackup\8-24-2010\Users\00000002\UsrClass.dat

+ 2004-08-09 20:44 . 2010-08-27 00:04 502818 c:\windows\system32\perfh009.dat

+ 2010-08-08 14:56 . 2010-05-21 19:14 221568 c:\windows\system32\MpSigStub.exe

- 2010-08-08 14:56 . 2010-06-01 17:37 221568 c:\windows\system32\MpSigStub.exe

+ 2010-08-25 12:09 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-25-2010\ERDNT.EXE

+ 2010-08-25 03:09 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-24-2010\ERDNT.EXE

+ 2010-08-25 12:09 . 2010-08-25 12:09 1228800 c:\windows\ERDNT\AutoBackup\8-25-2010\Users\00000001\NTUSER.DAT

+ 2010-08-25 03:09 . 2010-08-25 03:09 1228800 c:\windows\ERDNT\AutoBackup\8-24-2010\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]

"MAKTray"="MAKTray.exe" [2004-08-28 287232]

"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-01-04 219648]

"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 2:56 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = <local>

.

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-26 19:08

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x862C5ACE]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf761af28

\Driver\ACPI -> ACPI.sys @ 0xf758dcb8

\Driver\atapi -> atapi.sys @ 0xf751f852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a

ParseProcedure -> ntoskrnl.exe @ 0x80578f7a

NDIS: Broadcom NetXtreme Gigabit Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xf742bbb0

PacketIndicateHandler -> NDIS.sys @ 0xf741aa0d

SendHandler -> NDIS.sys @ 0xf742eb40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-494422526-3924072409-3259442291-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,ed,18,83,cf,2a,ed,4f,bf,10,69,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,ed,18,83,cf,2a,ed,4f,bf,10,69,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(724)

c:\windows\system32\WININET.dll

.

Completion time: 2010-08-26 19:10:57

ComboFix-quarantined-files.txt 2010-08-27 00:10

ComboFix2.txt 2010-08-25 03:31

ComboFix3.txt 2010-08-25 01:48

Pre-Run: 189,605,871,616 bytes free

Post-Run: 189,599,764,480 bytes free

- - End Of File - - 7AB1FF0F5773AA3FDD92E316625F173B

Upload was successful

Link to post
Share on other sites

Hi,

Are you still experiencing any problems?

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Gammo,

Yes, I am still having problems. I followed the latest instructions and still no luck. Both the MBAM and ESET scans came back clean (I even ran the MBAM doing a Full Scan the 2nd time I ran it).

In order to run the ESET scan, I had to download it to another computer and then save it to a USB drive and then run it on the infected machine because if I tried to get to the ESET website I got the following screen which has been my trouble for a while now - I can't get where I try to go on the Internet on this machine. Attached is a screenshot of the error.

http://forums.malwarebytes.org/style_image.../attach_add.png

In case you want it, here is the MBAM Quick Scan results, though they are clean:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4492

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/27/2010 10:12:01 PM

mbam-log-2010-08-27 (22-12-01).txt

Scan type: Quick scan

Objects scanned: 126452

Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------

So, what am I missing? Why can we find this malware and remove it and all of its damage?

Don't let me sound ungrateful, because I'm not. I really do appreciate the help, I just wish we could get it resolved. Thank you.

Let me know what you think the next step is.

-John

post-50043-1282970149_thumb.jpg

Link to post
Share on other sites

Hi,

Delete you copy of TDSSKiller from the desktop.

Then download the latest version of TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillerMain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Hi,

Please copy and paste the contents of that file here.

Wooohoo! Success!!

That run of TDSSKiller got it from the MBR. Here is the log file:

2010/08/28 11:28:05.0484 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42

2010/08/28 11:28:05.0484 ================================================================================

2010/08/28 11:28:05.0484 SystemInfo:

2010/08/28 11:28:05.0484

2010/08/28 11:28:05.0484 OS Version: 5.1.2600 ServicePack: 3.0

2010/08/28 11:28:05.0484 Product type: Workstation

2010/08/28 11:28:05.0484 ComputerName: HP23372342432

2010/08/28 11:28:05.0484 UserName: Administrator

2010/08/28 11:28:05.0484 Windows directory: C:\WINDOWS

2010/08/28 11:28:05.0484 System windows directory: C:\WINDOWS

2010/08/28 11:28:05.0484 Processor architecture: Intel x86

2010/08/28 11:28:05.0484 Number of processors: 2

2010/08/28 11:28:05.0484 Page size: 0x1000

2010/08/28 11:28:05.0484 Boot type: Normal boot

2010/08/28 11:28:05.0484 ================================================================================

2010/08/28 11:28:05.0843 Initialize success

2010/08/28 11:28:11.0078 ================================================================================

2010/08/28 11:28:11.0078 Scan started

2010/08/28 11:28:11.0078 Mode: Manual;

2010/08/28 11:28:11.0078 ================================================================================

2010/08/28 11:28:13.0265 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2010/08/28 11:28:13.0375 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/08/28 11:28:13.0406 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/08/28 11:28:13.0437 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/08/28 11:28:13.0453 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2010/08/28 11:28:13.0500 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys

2010/08/28 11:28:13.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/08/28 11:28:13.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/08/28 11:28:13.0671 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/08/28 11:28:13.0687 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/08/28 11:28:13.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/08/28 11:28:13.0906 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/08/28 11:28:13.0953 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/08/28 11:28:14.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/08/28 11:28:14.0031 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/08/28 11:28:14.0078 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/08/28 11:28:14.0109 Blfp (9976971b7092f5bff20073ab31ba1598) C:\WINDOWS\system32\DRIVERS\baspxp32.sys

2010/08/28 11:28:14.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/08/28 11:28:14.0265 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/08/28 11:28:14.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/08/28 11:28:14.0375 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/08/28 11:28:14.0546 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/08/28 11:28:14.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/08/28 11:28:14.0703 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/08/28 11:28:14.0734 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/08/28 11:28:14.0765 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/08/28 11:28:14.0828 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/08/28 11:28:14.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/08/28 11:28:14.0890 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/08/28 11:28:14.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/08/28 11:28:14.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/08/28 11:28:15.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/08/28 11:28:15.0062 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/08/28 11:28:15.0125 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/08/28 11:28:15.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/08/28 11:28:15.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/08/28 11:28:15.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/08/28 11:28:15.0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/08/28 11:28:15.0390 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/08/28 11:28:15.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/08/28 11:28:15.0515 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2010/08/28 11:28:15.0562 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2010/08/28 11:28:15.0578 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2010/08/28 11:28:15.0609 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2010/08/28 11:28:15.0625 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2010/08/28 11:28:15.0656 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2010/08/28 11:28:15.0671 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2010/08/28 11:28:15.0687 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2010/08/28 11:28:15.0703 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2010/08/28 11:28:15.0718 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2010/08/28 11:28:15.0734 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2010/08/28 11:28:15.0765 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2010/08/28 11:28:15.0781 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2010/08/28 11:28:15.0796 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2010/08/28 11:28:15.0812 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2010/08/28 11:28:15.0859 ialm (1432958dc80b7bbacf07377763d70e91) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/08/28 11:28:15.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/08/28 11:28:16.0031 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/08/28 11:28:16.0062 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/08/28 11:28:16.0109 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/08/28 11:28:16.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/08/28 11:28:16.0171 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/08/28 11:28:16.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/08/28 11:28:16.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/08/28 11:28:16.0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/08/28 11:28:16.0343 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/08/28 11:28:16.0375 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/08/28 11:28:16.0406 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/08/28 11:28:16.0437 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/08/28 11:28:16.0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/08/28 11:28:16.0562 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/08/28 11:28:16.0609 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/08/28 11:28:16.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/08/28 11:28:16.0718 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/08/28 11:28:16.0765 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/08/28 11:28:16.0843 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/08/28 11:28:16.0937 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/08/28 11:28:17.0015 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/08/28 11:28:17.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/08/28 11:28:17.0109 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/08/28 11:28:17.0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/08/28 11:28:17.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/08/28 11:28:17.0234 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/08/28 11:28:17.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/08/28 11:28:17.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/08/28 11:28:17.0359 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/08/28 11:28:17.0406 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/08/28 11:28:17.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/08/28 11:28:17.0484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/08/28 11:28:17.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/08/28 11:28:17.0640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/08/28 11:28:17.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/08/28 11:28:17.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/08/28 11:28:17.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/08/28 11:28:17.0781 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/08/28 11:28:17.0843 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2010/08/28 11:28:17.0890 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/08/28 11:28:17.0953 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/08/28 11:28:17.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/08/28 11:28:18.0031 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/08/28 11:28:18.0078 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/08/28 11:28:18.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/08/28 11:28:18.0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/08/28 11:28:18.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/08/28 11:28:18.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/08/28 11:28:18.0500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/08/28 11:28:18.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/08/28 11:28:18.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/08/28 11:28:18.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/08/28 11:28:18.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/08/28 11:28:18.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/08/28 11:28:18.0781 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/08/28 11:28:18.0859 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/08/28 11:28:18.0921 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/08/28 11:28:19.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/08/28 11:28:19.0031 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/08/28 11:28:19.0093 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/08/28 11:28:19.0171 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/08/28 11:28:19.0234 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys

2010/08/28 11:28:19.0296 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys

2010/08/28 11:28:19.0328 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys

2010/08/28 11:28:19.0375 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys

2010/08/28 11:28:19.0468 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys

2010/08/28 11:28:19.0546 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/08/28 11:28:19.0609 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/08/28 11:28:19.0671 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/08/28 11:28:19.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/08/28 11:28:19.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/08/28 11:28:19.0890 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/08/28 11:28:19.0906 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/08/28 11:28:19.0984 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2010/08/28 11:28:20.0281 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/08/28 11:28:20.0296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/08/28 11:28:20.0312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/08/28 11:28:20.0406 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/08/28 11:28:20.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/08/28 11:28:20.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/08/28 11:28:20.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/08/28 11:28:20.0578 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/08/28 11:28:20.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/08/28 11:28:20.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/08/28 11:28:20.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/08/28 11:28:20.0828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/08/28 11:28:20.0890 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/08/28 11:28:20.0937 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/08/28 11:28:20.0984 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/08/28 11:28:21.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/08/28 11:28:21.0062 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/08/28 11:28:21.0109 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/08/28 11:28:21.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/08/28 11:28:21.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/08/28 11:28:21.0265 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/08/28 11:28:21.0359 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/08/28 11:28:21.0421 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/08/28 11:28:21.0468 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/08/28 11:28:21.0515 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/08/28 11:28:21.0515 ================================================================================

2010/08/28 11:28:21.0515 Scan finished

2010/08/28 11:28:21.0515 ================================================================================

2010/08/28 11:28:21.0531 Detected object count: 1

2010/08/28 11:28:27.0468 \HardDisk0\MBR - will be cured after reboot

2010/08/28 11:28:27.0468 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/08/28 11:28:30.0796 Deinitialize success

Thank you so much for your help. Definitely be looking for me to make a donation!

Thanks again.

-John

Link to post
Share on other sites

Hi,

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :P

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :P

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.