Jump to content

Recommended Posts

I think I need some technical help...this all started with me having problems getting the Adobe printer to reload during a fresh reinstall of Acrobat Pro. I've include a zip file with a word doc that has screen shots of the errors. I tried reinstalling a different spoolsv.exe file (since there appeared to be a number of different versions located in different locations) and noticed I was having a number of other different problems...computer hanging up, browser not loading. I was running the Panda Antivirus software and it quit working. I removed Panda and tried to install AVG and Microsoft Security Essentials antivirus software and they both would not install. So, I think I have something serious going on and request your help in determining if my laptop is infected. Thank you for any assistance rendered.

ark.zip

Acrobat PDF Printer error.zip

Link to post
Share on other sites

Would like some help please. My wife will not use laptop to do internet banking since she is concerned about security of data...and I think rightfully so. If I should seek assistance through another venue, please let me know. I presume this is a busy forum but I filed my original post over 2 days ago. Thanks for assistance.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I do not think this is malware-related, but let's check to be sure.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

Link to post
Share on other sites

Thank you for your help...I thought initially the same...that something is wrong with configuration but not being able to install an AV program concerned me. I've posted directly the logs you requested below:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6158

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/24/2011 2:32:02 PM

mbam-log-2011-03-24 (14-32-02).txt

Scan type: Quick scan

Objects scanned: 191070

Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Home at 14:41:08.79 on Thu 03/24/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.451 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: PC Tools Firewall Plus *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Sococo\SococoService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Quicken\bagent.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Home\Desktop\dds.scr

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://amer-ml23.amer.csc.com/iNotes6W.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://amer-ml22.amer.csc.com/download/dolcontrol.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185634028187

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://amer-ml22.amer.csc.com/dwa8W.cab

DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\e7rfrmjt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=

FF - plugin: c:\documents and settings\home\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\firefox\profiles\e7rfrmjt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdolctl7.dll

FF - plugin: c:\program files\picasa3\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-24 249616]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-2-6 10448]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-5-24 160448]

R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-5-24 287024]

R2 SococoSvc;Sococo Service;c:\program files\sococo\SococoService.exe [2010-10-15 35016]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-1-23 17984]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-3-14 89192]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-3-14 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-5-24 124992]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-1-25 401920]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2007-10-22 153760]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-3-14 57536]

S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2011-3-14 17544]

S3 RkPavproc2;RkPavproc2;c:\windows\system32\drivers\RkPavproc2.sys [2011-3-18 17544]

S3 RkPavproc3;RkPavproc3;c:\windows\system32\drivers\RkPavproc3.sys [2011-3-20 17544]

S3 RkPavproc4;RkPavproc4;c:\windows\system32\drivers\RkPavproc4.sys [2011-3-20 17544]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-03-20 15:24:22 17544 ----a-w- c:\windows\system32\drivers\RkPavproc4.sys

2011-03-20 15:15:35 17544 ----a-w- c:\windows\system32\drivers\RkPavproc3.sys

2011-03-20 12:01:28 -------- d-----w- c:\documents and settings\home\SecurityScans

2011-03-20 11:50:58 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2

2011-03-20 11:27:38 58368 ----a-w- c:\windows\system32\spoolsv.exe

2011-03-19 20:29:30 -------- d-----w- c:\docume~1\home\applic~1\SUPERAntiSpyware.com

2011-03-19 01:14:47 17544 ----a-w- c:\windows\system32\drivers\RkPavproc2.sys

2011-03-16 02:05:19 1310720 ----a-w- c:\windows\system32\CNC340C.dll

2011-03-16 02:05:19 110592 ----a-w- c:\windows\system32\CNC340I.dll

2011-03-16 02:05:18 307200 ----a-w- c:\windows\system32\CNC340L.dll

2011-03-16 02:05:18 102400 ----a-w- c:\windows\system32\CNC340U.dll

2011-03-16 02:02:24 -------- d-----w- c:\docume~1\home\applic~1\Canon Easy-WebPrint EX

2011-03-16 01:55:52 179200 ----a-w- c:\windows\system32\CNMIUA5.DLL

2011-03-14 20:06:36 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys

2011-03-14 13:14:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-14 13:14:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-03-14 13:14:03 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-03-14 13:14:03 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-03-14 13:14:03 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-03-14 13:14:03 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-03-14 13:14:03 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-03-14 13:14:03 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-03-14 12:58:11 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2011-03-14 12:58:11 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2011-03-14 12:58:11 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2011-03-10 00:50:32 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJScan

2011-03-10 00:50:07 -------- d-----w- c:\documents and settings\home\.ehdc

2011-03-09 03:31:49 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJEGV

2011-03-09 03:07:51 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-03-09 02:56:58 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA5.DLL

2011-03-09 02:56:57 276992 ----a-w- c:\windows\system32\CNMLMA5.DLL

2011-03-09 02:56:57 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA5.DLL

2011-03-09 02:55:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-03-09 02:55:51 -------- d-----w- c:\windows\system32\STRING

2011-03-09 02:55:50 354816 ----a-w- c:\windows\system32\CNMNPPM.DLL

2011-03-09 02:55:49 -------- d-----w- c:\windows\system32\CHM

2011-03-09 02:53:10 -------- d-----w- c:\program files\Canon

2011-02-22 23:51:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

.

==================== Find3M ====================

.

2011-02-21 11:17:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-21 11:17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-28 15:50:58 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll

2011-01-28 15:50:58 17712 ----a-w- c:\windows\system32\nitrolocalui.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-23 21:19:29 180224 ----a-w- c:\windows\system32\WinVd32.sys

2011-01-23 21:19:26 7680 ----a-w- c:\windows\system32\WinFLsrv.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 14:42:41.53 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/7/2006 2:01:21 AM

System Uptime: 3/24/2011 2:21:32 PM (0 hours ago)

.

Motherboard: Hewlett-Packard | | 30A4

Processor: AMD Turion 64 Mobile Technology ML-34 | U23 | 1790/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 61 GiB total, 28.555 GiB free.

D: is FIXED (FAT32) - 13 GiB total, 0.736 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

Adobe Acrobat 7.0 Professional

Adobe Acrobat 7.1.0 Professional

Adobe Flash Player 10 Plugin

Amazon Games & Software Downloader

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI - Software Uninstall Utility

ATI Control Panel

ATI Display Driver

AVS DVDMenu Editor 1.0.0.5

AVS Video Tools 5.5

Broadcom 802.11 Wireless LAN Adapter

BufferChm

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.1

Canon MX340 series MP Drivers

Canon MX340 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

CCleaner

Compatibility Pack for the 2007 Office system

Conexant AC-Link Audio

ContentManager

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

cp_PosterPrintConfig

cp_UpdateProjectsConfig

Critical Update for Windows Media Player 11 (KB959772)

CueTour

DeductionPro 2006

DeductionPro 2007

DeductionPro 2008

DeductionPro 2009

Definition update for Microsoft Office 2010 (KB982726)

Destinations

DeviceManagementQFolder

eReg

FileHippo.com Update Checker

Free Window Registry Repair

FullDPAppQFolder

Garmin ANT Agent

Garmin Communicator Plugin

Garmin Training Center 3.4.3.0

Garmin USB Drivers

Garmin WebUpdater

Glary Utilities 2.33.0.1158

Google Chrome

Google Talk (remove only)

Google Talk Plugin

H&R Block Deluxe + Efile + State 2009

H&R Block Deluxe + Efile + State 2010

H&R Block New York 2010

H&R Block Virginia 2009

H&R Block Virginia 2010

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP BatteryCheck 1.00 A7

HP Help and Support

HP Imaging Device Functions 6.0

HP Photosmart Premier Software 6.0

HP QuickPlay 2.0

HP Update

HP User Guides--System Recovery

HP User Guides 0025

HP Wireless Assistant 2.00 C1

HpSdpAppCoreApp

InstantShareDevices

iTunes

Java Auto Updater

Java 6 Update 24

LightScribe 1.4.105.1

Logitech SetPoint 6.20

Malwarebytes' Anti-Malware

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Baseline Security Analyzer 2.2

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Money Plus

Microsoft Money Shared Libraries

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Move Media Player

Mozilla Firefox 4.0 (x86 en-US)

MSN Money Investment Toolbox

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

muvee autoProducer 4.5

MyDefrag v4.3.1

NetWaiting

OptionalContentQFolder

PC Tools Firewall Plus 7.0

Pdf995 (installed by TaxCut)

PdfEdit995 (installed by TaxCut)

PhotoGallery

Picasa 3

Quick Launch Buttons 5.20 G1

Quicken 2010

QuickTime

RandMap

REALTEK Gigabit and Fast Ethernet NIC Driver

Revo Uninstaller 1.91

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SkinsHP1

Skype Toolbars

Skype

Link to post
Share on other sites

I forgot to mention that I think its odd that the one report says:

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

I have no AV currently running on this laptop since it would not complete the install of MSE...I received an error before the install was fully complete...

If that helps....

Link to post
Share on other sites

Hello: I had some problems running combofix...it kept detecting microsoft security essentials as running although it isn't from what I can tell...I've posted two Combo fix text files...one run in the am and one (pm) run a few hours later when I could come back a rerun after trying to remove MSE with Microsoft Fix It tool. I have included the DDS log below and attached the Atch txt in Zip format per your instructions. Please let me know what I should do/try next...thank you...

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Home at 14:01:32.60 on Sat 03/26/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.368 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: PC Tools Firewall Plus *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Sococo\SococoService.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Quicken\bagent.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe

C:\Documents and Settings\Home\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://amer-ml23.amer.csc.com/iNotes6W.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://amer-ml22.amer.csc.com/download/dolcontrol.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185634028187

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://amer-ml22.amer.csc.com/dwa8W.cab

DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\e7rfrmjt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=

FF - plugin: c:\documents and settings\home\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\firefox\profiles\e7rfrmjt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdolctl7.dll

FF - plugin: c:\program files\picasa3\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-24 249616]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-2-6 10448]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-5-24 160448]

R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-5-24 287024]

R2 SococoSvc;Sococo Service;c:\program files\sococo\SococoService.exe [2010-10-15 35016]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-1-23 17984]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-3-14 89192]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-3-14 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-5-24 124992]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-1-25 401920]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2007-10-22 153760]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-3-14 57536]

S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2011-3-14 17544]

S3 RkPavproc2;RkPavproc2;c:\windows\system32\drivers\RkPavproc2.sys [2011-3-18 17544]

S3 RkPavproc3;RkPavproc3;c:\windows\system32\drivers\RkPavproc3.sys [2011-3-20 17544]

S3 RkPavproc4;RkPavproc4;c:\windows\system32\drivers\RkPavproc4.sys [2011-3-20 17544]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-03-26 11:21:22 98816 ----a-w- c:\windows\sed.exe

2011-03-26 11:21:22 89088 ----a-w- c:\windows\MBR.exe

2011-03-26 11:21:22 256512 ----a-w- c:\windows\PEV.exe

2011-03-26 11:21:22 161792 ----a-w- c:\windows\SWREG.exe

2011-03-26 11:20:18 2406 ----a-w- C:\FixitRegBackup.reg

2011-03-20 15:24:22 17544 ----a-w- c:\windows\system32\drivers\RkPavproc4.sys

2011-03-20 15:15:35 17544 ----a-w- c:\windows\system32\drivers\RkPavproc3.sys

2011-03-20 12:01:28 -------- d-----w- c:\documents and settings\home\SecurityScans

2011-03-20 11:50:58 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2

2011-03-20 11:27:38 58368 ----a-w- c:\windows\system32\spoolsv.exe

2011-03-19 20:29:30 -------- d-----w- c:\docume~1\home\applic~1\SUPERAntiSpyware.com

2011-03-19 01:14:47 17544 ----a-w- c:\windows\system32\drivers\RkPavproc2.sys

2011-03-16 02:05:19 1310720 ----a-w- c:\windows\system32\CNC340C.dll

2011-03-16 02:05:19 110592 ----a-w- c:\windows\system32\CNC340I.dll

2011-03-16 02:05:18 307200 ----a-w- c:\windows\system32\CNC340L.dll

2011-03-16 02:05:18 102400 ----a-w- c:\windows\system32\CNC340U.dll

2011-03-16 02:02:24 -------- d-----w- c:\docume~1\home\applic~1\Canon Easy-WebPrint EX

2011-03-16 01:55:52 179200 ----a-w- c:\windows\system32\CNMIUA5.DLL

2011-03-14 20:06:36 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys

2011-03-14 13:14:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-14 13:14:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-03-14 13:14:03 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-03-14 13:14:03 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-03-14 13:14:03 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-03-14 13:14:03 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-03-14 13:14:03 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-03-14 13:14:03 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-03-14 12:58:11 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2011-03-14 12:58:11 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2011-03-14 12:58:11 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2011-03-10 00:50:32 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJScan

2011-03-10 00:50:07 -------- d-----w- c:\documents and settings\home\.ehdc

2011-03-09 03:31:49 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJEGV

2011-03-09 03:07:51 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-03-09 02:56:58 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA5.DLL

2011-03-09 02:56:57 276992 ----a-w- c:\windows\system32\CNMLMA5.DLL

2011-03-09 02:56:57 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA5.DLL

2011-03-09 02:55:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-03-09 02:55:51 -------- d-----w- c:\windows\system32\STRING

2011-03-09 02:55:50 354816 ----a-w- c:\windows\system32\CNMNPPM.DLL

2011-03-09 02:55:49 -------- d-----w- c:\windows\system32\CHM

2011-03-09 02:53:10 -------- d-----w- c:\program files\Canon

.

==================== Find3M ====================

.

2011-02-22 23:51:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2011-02-21 11:17:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-21 11:17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-28 15:50:58 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll

2011-01-28 15:50:58 17712 ----a-w- c:\windows\system32\nitrolocalui.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-23 21:19:29 180224 ----a-w- c:\windows\system32\WinVd32.sys

2011-01-23 21:19:26 7680 ----a-w- c:\windows\system32\WinFLsrv.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 14:02:22.87 ===============

Attach 3-26.2011.zip

ComboFix 3-26 am.txt

ComboFix 3-26 pm.txt

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of ComboFix. Save it to your Desktop but don't run it quite yet.

Next, click Start --> Run, and enter this command as shown:

"%userprofile%\desktop\ComboFix.exe" /killall

If you are prompted about Microsoft Security Essentials, are you given a prompt to ignore it?

Link to post
Share on other sites

Hello,

I did the steps you outlined...after giving the killall instruction the computer ran for a bit and then came up with the same information warning as the last combofix run...the warning window said "Combofix has detected the following real time scanner(s) to be active--antivirus: Microsoft Security Essentials. Please disable these scanners before checking OK.

I had nothing to disable so I checked OK like I did the last time I ran Combofix. This time however the computer somewhere during the Combofix checking process shutdown and rebooted (I had stepped away from the computer for a few minutes). When I returned I was at the XP sign on page. After signing on, I had an Informational Window that said: "The system recovered from a serious error" and directed me to the following Microsoft site...

http://wer.microsoft.com/responses/Response.aspx/10/en-us/5.1.2600.2.00010100.3.0?SGD=158871dc-24c4-4f49-ad82-8cef63a22f4c

Combofix did not run further and no logs were presented for me to post.

Link to post
Share on other sites

  • Staff

Hi,

See if this file exists:

C:\ComboFix.txt

or

C:\ComboFix\ComboFix.txt

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

Hi Chris:

After running the Search function for a few hours, I couldn't ever find a Combofix.txt file...I terminated Search before it had completed, I am not sure it ever would have completed the search!

TDSSKiller did not prompt me to reboot the machine but I did anyway before running MBRCheck. The log files follow...

2011/03/30 22:11:40.0048 2608 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/30 22:11:40.0220 2608 ================================================================================

2011/03/30 22:11:40.0220 2608 SystemInfo:

2011/03/30 22:11:40.0220 2608

2011/03/30 22:11:40.0220 2608 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/30 22:11:40.0220 2608 Product type: Workstation

2011/03/30 22:11:40.0220 2608 ComputerName: WIESBADEN

2011/03/30 22:11:40.0220 2608 UserName: Home

2011/03/30 22:11:40.0220 2608 Windows directory: C:\WINDOWS

2011/03/30 22:11:40.0220 2608 System windows directory: C:\WINDOWS

2011/03/30 22:11:40.0220 2608 Processor architecture: Intel x86

2011/03/30 22:11:40.0220 2608 Number of processors: 1

2011/03/30 22:11:40.0220 2608 Page size: 0x1000

2011/03/30 22:11:40.0220 2608 Boot type: Normal boot

2011/03/30 22:11:40.0220 2608 ================================================================================

2011/03/30 22:11:40.0423 2608 Initialize success

2011/03/30 22:11:47.0751 3116 ================================================================================

2011/03/30 22:11:47.0751 3116 Scan started

2011/03/30 22:11:47.0751 3116 Mode: Manual;

2011/03/30 22:11:47.0751 3116 ================================================================================

2011/03/30 22:11:49.0251 3116 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/03/30 22:11:49.0392 3116 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/30 22:11:49.0470 3116 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/03/30 22:11:49.0564 3116 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/30 22:11:49.0658 3116 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/30 22:11:49.0798 3116 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/03/30 22:11:49.0876 3116 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/03/30 22:11:49.0970 3116 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/03/30 22:11:50.0142 3116 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/30 22:11:50.0173 3116 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/30 22:11:50.0345 3116 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/03/30 22:11:50.0579 3116 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/30 22:11:50.0673 3116 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/30 22:11:50.0720 3116 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/03/30 22:11:50.0814 3116 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/03/30 22:11:50.0876 3116 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/30 22:11:50.0954 3116 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/03/30 22:11:51.0064 3116 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys

2011/03/30 22:11:51.0173 3116 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys

2011/03/30 22:11:51.0423 3116 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/30 22:11:51.0486 3116 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/30 22:11:51.0579 3116 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/30 22:11:51.0642 3116 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/30 22:11:51.0689 3116 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/30 22:11:51.0783 3116 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/30 22:11:51.0861 3116 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/30 22:11:52.0033 3116 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/03/30 22:11:52.0173 3116 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2011/03/30 22:11:52.0298 3116 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/30 22:11:52.0392 3116 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/30 22:11:52.0470 3116 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/30 22:11:52.0533 3116 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/30 22:11:52.0564 3116 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/30 22:11:52.0658 3116 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/03/30 22:11:52.0892 3116 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/30 22:11:52.0939 3116 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys

2011/03/30 22:11:53.0001 3116 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys

2011/03/30 22:11:53.0033 3116 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys

2011/03/30 22:11:53.0111 3116 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/30 22:11:53.0173 3116 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/03/30 22:11:53.0220 3116 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/30 22:11:53.0251 3116 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/03/30 22:11:53.0298 3116 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/30 22:11:53.0345 3116 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/30 22:11:53.0376 3116 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/30 22:11:53.0454 3116 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/03/30 22:11:53.0533 3116 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/30 22:11:53.0595 3116 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/30 22:11:53.0704 3116 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

2011/03/30 22:11:53.0876 3116 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/03/30 22:11:54.0079 3116 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/03/30 22:11:54.0283 3116 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/30 22:11:54.0548 3116 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/30 22:11:54.0642 3116 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/30 22:11:54.0767 3116 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/30 22:11:54.0814 3116 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/30 22:11:54.0861 3116 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/30 22:11:54.0908 3116 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/30 22:11:54.0954 3116 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/30 22:11:55.0017 3116 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/30 22:11:55.0064 3116 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/30 22:11:55.0126 3116 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/30 22:11:55.0173 3116 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/30 22:11:55.0236 3116 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/30 22:11:55.0298 3116 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/30 22:11:55.0361 3116 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2011/03/30 22:11:55.0454 3116 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/03/30 22:11:55.0533 3116 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/03/30 22:11:55.0767 3116 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys

2011/03/30 22:11:55.0814 3116 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/03/30 22:11:55.0876 3116 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/03/30 22:11:55.0908 3116 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/30 22:11:55.0986 3116 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/30 22:11:56.0033 3116 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/30 22:11:56.0079 3116 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/30 22:11:56.0111 3116 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/30 22:11:56.0204 3116 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/03/30 22:11:56.0283 3116 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/30 22:11:56.0376 3116 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/30 22:11:56.0533 3116 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/03/30 22:11:56.0564 3116 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/30 22:11:56.0611 3116 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/30 22:11:56.0642 3116 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/30 22:11:56.0673 3116 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/30 22:11:56.0720 3116 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/30 22:11:56.0751 3116 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/30 22:11:56.0798 3116 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/30 22:11:56.0845 3116 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/30 22:11:56.0892 3116 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/30 22:11:56.0923 3116 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/30 22:11:56.0954 3116 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/30 22:11:57.0017 3116 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/30 22:11:57.0111 3116 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/30 22:11:57.0158 3116 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/30 22:11:57.0236 3116 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/30 22:11:57.0283 3116 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/30 22:11:57.0361 3116 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/03/30 22:11:57.0408 3116 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/30 22:11:57.0454 3116 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/30 22:11:57.0533 3116 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/30 22:11:57.0595 3116 nuvaud2 (363be28dda6160610d7361ed368f1813) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys

2011/03/30 22:11:57.0642 3116 NUVision (45c4a903426c96b5a824f69c859f9ca1) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys

2011/03/30 22:11:57.0704 3116 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/30 22:11:57.0861 3116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/30 22:11:57.0908 3116 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/03/30 22:11:57.0970 3116 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/03/30 22:11:58.0017 3116 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/30 22:11:58.0048 3116 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/30 22:11:58.0095 3116 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/30 22:11:58.0158 3116 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/30 22:11:58.0220 3116 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/03/30 22:11:58.0298 3116 PCTAppEvent (f767f3b35c3ecf8a60b2a65beec50ef5) C:\WINDOWS\system32\drivers\PCTAppEvent.sys

2011/03/30 22:11:58.0345 3116 PCTFW-PacketFilter (58db891ca76a2d49e33ba9fa13b86c89) C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys

2011/03/30 22:11:58.0454 3116 pctgntdi (b76c829f00b9b534405b4ed5f58b8f52) C:\WINDOWS\system32\drivers\pctgntdi.sys

2011/03/30 22:11:58.0517 3116 pctNdis (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys

2011/03/30 22:11:58.0548 3116 pctNdisMP (3ec79cfb2e0e74aada8b561ed8904577) C:\WINDOWS\system32\DRIVERS\pctNdis.sys

2011/03/30 22:11:58.0611 3116 pctplfw (78d871114e7cb3115e058d1f85751c7f) C:\WINDOWS\system32\drivers\pctplfw.sys

2011/03/30 22:11:58.0908 3116 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/30 22:11:58.0939 3116 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/03/30 22:11:59.0064 3116 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/30 22:11:59.0111 3116 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/30 22:11:59.0173 3116 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/03/30 22:11:59.0376 3116 QV2KUX (0087f01d35a65b32393cc8bba46ee4a6) C:\WINDOWS\system32\DRIVERS\qv2kux.sys

2011/03/30 22:11:59.0423 3116 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/30 22:11:59.0470 3116 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/30 22:11:59.0517 3116 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/30 22:11:59.0564 3116 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/30 22:11:59.0689 3116 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/30 22:11:59.0720 3116 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/30 22:11:59.0783 3116 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/30 22:11:59.0845 3116 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/30 22:11:59.0939 3116 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/30 22:12:00.0095 3116 RkPavproc1 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc1.sys

2011/03/30 22:12:00.0158 3116 RkPavproc2 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc2.sys

2011/03/30 22:12:00.0220 3116 RkPavproc3 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc3.sys

2011/03/30 22:12:00.0283 3116 RkPavproc4 (53f647be062c55e3a18c68608ffd105b) C:\WINDOWS\system32\drivers\RkPavproc4.sys

2011/03/30 22:12:00.0517 3116 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/03/30 22:12:00.0673 3116 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/03/30 22:12:00.0751 3116 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/03/30 22:12:00.0814 3116 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/30 22:12:00.0986 3116 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/03/30 22:12:01.0033 3116 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/30 22:12:01.0111 3116 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/30 22:12:01.0189 3116 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2011/03/30 22:12:01.0267 3116 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/30 22:12:01.0298 3116 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/30 22:12:01.0376 3116 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/30 22:12:01.0517 3116 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/03/30 22:12:01.0579 3116 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/30 22:12:01.0626 3116 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/30 22:12:01.0658 3116 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/30 22:12:01.0861 3116 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/03/30 22:12:02.0017 3116 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/30 22:12:02.0111 3116 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/30 22:12:02.0158 3116 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/30 22:12:02.0189 3116 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/30 22:12:02.0236 3116 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/30 22:12:02.0314 3116 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys

2011/03/30 22:12:02.0439 3116 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\WINDOWS\system32\drivers\truecrypt.sys

2011/03/30 22:12:02.0486 3116 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/30 22:12:02.0595 3116 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/30 22:12:02.0673 3116 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/03/30 22:12:02.0845 3116 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/30 22:12:02.0908 3116 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/30 22:12:02.0939 3116 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/30 22:12:02.0970 3116 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/03/30 22:12:03.0017 3116 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/30 22:12:03.0064 3116 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/30 22:12:03.0126 3116 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/30 22:12:03.0158 3116 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/30 22:12:03.0204 3116 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/03/30 22:12:03.0236 3116 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/30 22:12:03.0314 3116 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

2011/03/30 22:12:03.0595 3116 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/30 22:12:03.0658 3116 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2011/03/30 22:12:03.0798 3116 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/03/30 22:12:03.0892 3116 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/30 22:12:04.0001 3116 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/03/30 22:12:04.0173 3116 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\WINDOWS\system32\WinFLdrv.sys

2011/03/30 22:12:04.0220 3116 Suspicious file (Hidden): C:\WINDOWS\system32\WinFLdrv.sys. md5: 7acc77e135a709ae0f7e1df428a2f908

2011/03/30 22:12:04.0220 3116 WinFLdrv - detected Hidden file (1)

2011/03/30 22:12:04.0329 3116 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/03/30 22:12:04.0423 3116 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/30 22:12:04.0470 3116 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/30 22:12:04.0501 3116 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/30 22:12:04.0595 3116 ================================================================================

2011/03/30 22:12:04.0595 3116 Scan finished

2011/03/30 22:12:04.0595 3116 ================================================================================

2011/03/30 22:12:04.0626 3108 Detected object count: 1

2011/03/30 22:12:13.0564 3108 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\WINDOWS\system32\WinFLdrv.sys

2011/03/30 22:12:13.0595 3108 Suspicious file (Hidden): C:\WINDOWS\system32\WinFLdrv.sys. md5: 7acc77e135a709ae0f7e1df428a2f908

2011/03/30 22:12:13.0611 3108 C:\WINDOWS\system32\WinFLdrv.sys - copied to quarantine

2011/03/30 22:12:13.0611 3108 Hidden file(WinFLdrv) - User select action: Quarantine

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 151):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D1000 \WINDOWS\system32\hal.dll

0xF7AD2000 \WINDOWS\system32\KDCOM.DLL

0xF79E2000 \WINDOWS\system32\BOOTVID.dll

0xF74A3000 ACPI.sys

0xF7AD4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7492000 pci.sys

0xF75D2000 isapnp.sys

0xF79E6000 compbatt.sys

0xF79EA000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7B9A000 pciide.sys

0xF7852000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7AD6000 intelide.sys

0xF7AD8000 viaide.sys

0xF7ADA000 aliide.sys

0xF7474000 pcmcia.sys

0xF75E2000 MountMgr.sys

0xF7455000 ftdisk.sys

0xF7ADC000 dmload.sys

0xF742F000 dmio.sys

0xF79EE000 ACPIEC.sys

0xF7B9B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xF785A000 PartMgr.sys

0xF75F2000 VolSnap.sys

0xF7417000 atapi.sys

0xF7602000 disk.sys

0xF7612000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF73F7000 fltmgr.sys

0xF73E5000 sr.sys

0xF7622000 PxHelp20.sys

0xF73CE000 KSecDD.sys

0xF7341000 Ntfs.sys

0xF7314000 NDIS.sys

0xF7632000 Serial.sys

0xF7642000 ohci1394.sys

0xF7652000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF72FA000 Mup.sys

0xF7742000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF7732000 \SystemRoot\system32\DRIVERS\AmdK8.sys

0xF72A1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xF6C09000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

0xF6BF5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF794A000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF6BD1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7952000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7752000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7762000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7772000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF6BAE000 \SystemRoot\system32\DRIVERS\ks.sys

0xF795A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF7782000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7962000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF6B7C000 \SystemRoot\system32\DRIVERS\SynTP.sys

0xF7B10000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF796A000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF6D90000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF6AE8000 \SystemRoot\system32\DRIVERS\bcmwl5.sys

0xF6ABA000 \SystemRoot\system32\drivers\tifm21.sys

0xF6AA6000 \SystemRoot\system32\DRIVERS\sdbus.sys

0xF6A92000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF6A3C000 \SystemRoot\system32\drivers\camc6hal.sys

0xF77A2000 \SystemRoot\system32\drivers\camc6aud.sys

0xF6A18000 \SystemRoot\system32\drivers\portcls.sys

0xF77B2000 \SystemRoot\system32\drivers\drmk.sys

0xF69DF000 \SystemRoot\system32\DRIVERS\HSFHWATI.sys

0xF68E2000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xF6832000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF7972000 \SystemRoot\System32\Drivers\Modem.SYS

0xF6814000 \SystemRoot\system32\DRIVERS\dne2000.sys

0xF7CA5000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF77C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF6D8C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF67FD000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF77D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF77E2000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF797A000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF67EC000 \SystemRoot\system32\DRIVERS\psched.sys

0xF77F2000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7982000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF798A000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF67BC000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF7802000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7812000 \SystemRoot\system32\DRIVERS\pctNdis.sys

0xF7B16000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF675E000 \SystemRoot\system32\DRIVERS\update.sys

0xF6D70000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7822000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7682000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xED0EE000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xF79AA000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xF7B4C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7C71000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B4E000 \SystemRoot\System32\Drivers\Beep.SYS

0xF79BA000 \SystemRoot\System32\drivers\vga.sys

0xF7B50000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B52000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF79C2000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF79CA000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7AC2000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xED0BB000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xED062000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xED027000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys

0xECFFF000 \SystemRoot\system32\DRIVERS\netbt.sys

0xECFDD000 \SystemRoot\System32\drivers\afd.sys

0xF6F57000 \SystemRoot\system32\DRIVERS\netbios.sys

0xECF06000 \SystemRoot\System32\drivers\truecrypt.sys

0xF79D2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xECEDB000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xECE6B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF6F37000 \SystemRoot\System32\Drivers\Fips.SYS

0xECE45000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF6F27000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF6F17000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xF7B54000 \??\C:\WINDOWS\system32\drivers\EABFiltr.sys

0xF72B1000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF6F07000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7882000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7872000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys

0xF6EF7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xECDAC000 \SystemRoot\System32\Drivers\wdf01000.sys

0xF72AD000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF787A000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys

0xECD88000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xECD70000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7AF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xECE3D000 \SystemRoot\System32\drivers\Dxapi.sys

0xF78C2000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7BD6000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\ati2dvag.dll

0xBF054000 \SystemRoot\System32\ati2cqag.dll

0xBF08E000 \SystemRoot\System32\atikvmag.dll

0xBF0C4000 \SystemRoot\System32\ati3duag.dll

0xBF32B000 \SystemRoot\System32\ativvaxx.dll

0xBF439000 \SystemRoot\System32\ATMFD.DLL

0xF66F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB8453000 \SystemRoot\system32\drivers\wdmaud.sys

0xECF9D000 \SystemRoot\system32\drivers\sysaudio.sys

0xB8178000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB8020000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

0xB7EEF000 \SystemRoot\System32\Drivers\HTTP.sys

0xF7C18000 \SystemRoot\System32\Drivers\LBeepKE.sys

0xB7DCF000 \SystemRoot\system32\DRIVERS\srv.sys

0xF7B64000 \SystemRoot\System32\Drivers\MCSTRM.SYS

0xB8004000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB7CE1000 \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys

0xF793A000 \SystemRoot\system32\WinFLdrv.sys

0xB7845000 \??\C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys

0xB7828000 \??\C:\WINDOWS\system32\drivers\pctplfw.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):

0 System Idle Process

4 System

1532 C:\WINDOWS\system32\smss.exe

1736 csrss.exe

1768 C:\WINDOWS\system32\winlogon.exe

1812 C:\WINDOWS\system32\services.exe

1824 C:\WINDOWS\system32\lsass.exe

1976 C:\WINDOWS\system32\ati2evxx.exe

1992 C:\WINDOWS\system32\svchost.exe

180 svchost.exe

216 C:\WINDOWS\system32\svchost.exe

404 svchost.exe

576 svchost.exe

988 C:\WINDOWS\system32\spoolsv.exe

1340 C:\WINDOWS\system32\ati2evxx.exe

1472 C:\WINDOWS\explorer.exe

1636 svchost.exe

268 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

312 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

336 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

384 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

412 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

424 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

436 C:\WINDOWS\ehome\ehtray.exe

444 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

504 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

536 C:\WINDOWS\ehome\ehrecvr.exe

584 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

628 C:\Program Files\Quicken\bagent.exe

644 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

676 C:\WINDOWS\ehome\ehSched.exe

776 C:\Program Files\Java\jre6\bin\jqs.exe

868 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

1072 C:\WINDOWS\system32\lxddcoms.exe

1100 C:\Program Files\PC Tools Firewall Plus\FWService.exe

1276 C:\Program Files\Sococo\SococoService.exe

2060 svchost.exe

2124 C:\WINDOWS\system32\svchost.exe

2184 mcrdsvc.exe

2228 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

2360 C:\WINDOWS\system32\wuauclt.exe

2600 C:\WINDOWS\system32\dllhost.exe

2816 wmiprvse.exe

2856 alg.exe

3016 C:\WINDOWS\ehome\ehmsas.exe

3320 wmiprvse.exe

3556 C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE

3696 C:\Documents and Settings\Home\desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000f`32be0000 (FAT32)

PhysicalDrive0 Model Number: HTS541080G9AT00, Rev: MB4OA60A

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

I placed the one identified file in TDSSKiller in quarantine. Although something appeared to be identified in MBR Check, I took no actions. Awaiting further instructions. Thank you for your ongoing help.

Link to post
Share on other sites

Hi, I have run a fresh copy of Combofix...it still thinks that I am running Microsoft Security Essentials. I have attached the Combofix.txt file. The text file indicates MSE and PCTools Firewall Plus are enabled. I have no indications in my systray that they are on or that my computer is protected. Also, do I not need to do something about the "Found non-standard or infected MBR" during the previously run MBRCheck instruction? Thank you for your assistance and patience...I guess I have really fouled up by machine.

ComboFix.txt

Link to post
Share on other sites

  • Staff

Hi,

Please go to VirusTotal, and upload the following file for analysis:

c:\windows\system32\spoolsv.exe

Post the results in your reply.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

FCOPY::
c:\windows\system32\dllcache\spoolsv.exe | c:\windows\system32\spoolsv.exe
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

Hi Chris,

Attempted to accomplish everything you asked with these results...

VirusTotal results of spoolsv.exe scan are in attached pdf

Combofix started, received same warning that MSE was running, went ahead with Combofix but program never entered "stages" before I got the BSD...computer rebooted and then had errors as indicated in the attached Error Messages 4-4-11 pdf.

Ran DDS with these results and Zip file attached.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Home at 21:17:46.67 on Mon 04/04/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.632 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: PC Tools Firewall Plus *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sococo\SococoService.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Quicken\bagent.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE

C:\Documents and Settings\Home\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/go/notebookaccessories

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab

DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://amer-ml23.amer.csc.com/iNotes6W.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - hxxps://amer-ml22.amer.csc.com/download/dolcontrol.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185634028187

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://amer-ml22.amer.csc.com/dwa8W.cab

DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\home\applic~1\mozilla\firefox\profiles\e7rfrmjt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1143&p=

FF - plugin: c:\documents and settings\home\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\firefox\profiles\e7rfrmjt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\home\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdolctl7.dll

FF - plugin: c:\program files\picasa3\npPicasa3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-5-24 249616]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-2-6 10448]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-5-24 160448]

R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-5-24 287024]

R2 SococoSvc;Sococo Service;c:\program files\sococo\SococoService.exe [2010-10-15 35016]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-1-23 17984]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-3-14 89192]

R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-3-14 57536]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-5-24 124992]

S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2011-4-4 256512]

S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-1-25 401920]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2007-10-22 153760]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-3-14 57536]

S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [2011-3-14 17544]

S3 RkPavproc2;RkPavproc2;c:\windows\system32\drivers\RkPavproc2.sys [2011-3-18 17544]

S3 RkPavproc3;RkPavproc3;c:\windows\system32\drivers\RkPavproc3.sys [2011-3-20 17544]

S3 RkPavproc4;RkPavproc4;c:\windows\system32\drivers\RkPavproc4.sys [2011-3-20 17544]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

.

=============== Created Last 30 ================

.

2011-04-05 01:06:49 -------- d-s---w- C:\ComboFix

2011-04-01 19:58:50 -------- d-----w- c:\docume~1\home\applic~1\PixelMetrics

2011-04-01 19:58:45 -------- d-----w- c:\program files\Windows Media Adapter v615

2011-04-01 19:58:45 -------- d-----w- C:\PixelMetrics Logs

2011-04-01 19:58:41 -------- d-----w- c:\program files\CaptureWiz

2011-03-31 02:01:12 -------- d-----w- C:\TDSSKiller_Quarantine

2011-03-26 11:21:22 98816 ----a-w- c:\windows\sed.exe

2011-03-26 11:21:22 89088 ----a-w- c:\windows\MBR.exe

2011-03-26 11:21:22 256512 ----a-w- c:\windows\PEV.exe

2011-03-26 11:21:22 161792 ----a-w- c:\windows\SWREG.exe

2011-03-26 11:20:18 2406 ----a-w- C:\FixitRegBackup.reg

2011-03-20 15:24:22 17544 ----a-w- c:\windows\system32\drivers\RkPavproc4.sys

2011-03-20 15:15:35 17544 ----a-w- c:\windows\system32\drivers\RkPavproc3.sys

2011-03-20 12:01:28 -------- d-----w- c:\documents and settings\home\SecurityScans

2011-03-20 11:50:58 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2

2011-03-20 11:27:38 58368 ----a-w- c:\windows\system32\spoolsv.exe

2011-03-19 20:29:30 -------- d-----w- c:\docume~1\home\applic~1\SUPERAntiSpyware.com

2011-03-19 01:14:47 17544 ----a-w- c:\windows\system32\drivers\RkPavproc2.sys

2011-03-16 02:05:19 1310720 ----a-w- c:\windows\system32\CNC340C.dll

2011-03-16 02:05:19 110592 ----a-w- c:\windows\system32\CNC340I.dll

2011-03-16 02:05:18 307200 ----a-w- c:\windows\system32\CNC340L.dll

2011-03-16 02:05:18 102400 ----a-w- c:\windows\system32\CNC340U.dll

2011-03-16 02:02:24 -------- d-----w- c:\docume~1\home\applic~1\Canon Easy-WebPrint EX

2011-03-16 01:55:52 179200 ----a-w- c:\windows\system32\CNMIUA5.DLL

2011-03-14 20:06:36 17544 ----a-w- c:\windows\system32\drivers\RkPavproc1.sys

2011-03-14 13:14:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-03-14 13:14:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-03-14 13:14:03 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-03-14 13:14:03 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-03-14 13:14:03 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-03-14 13:14:03 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-03-14 13:14:03 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-03-14 13:14:03 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-03-14 12:58:11 89192 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2011-03-14 12:58:11 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2011-03-14 12:58:11 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2011-03-10 00:50:32 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJScan

2011-03-10 00:50:07 -------- d-----w- c:\documents and settings\home\.ehdc

2011-03-09 03:31:49 -------- d--h--w- c:\docume~1\alluse~1\applic~1\CanonIJEGV

2011-03-09 03:07:51 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-03-09 02:56:58 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA5.DLL

2011-03-09 02:56:57 276992 ----a-w- c:\windows\system32\CNMLMA5.DLL

2011-03-09 02:56:57 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA5.DLL

2011-03-09 02:55:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-03-09 02:55:51 -------- d-----w- c:\windows\system32\STRING

2011-03-09 02:55:50 354816 ----a-w- c:\windows\system32\CNMNPPM.DLL

2011-03-09 02:55:49 -------- d-----w- c:\windows\system32\CHM

2011-03-09 02:53:10 -------- d-----w- c:\program files\Canon

.

==================== Find3M ====================

.

2011-02-22 23:51:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2011-02-21 11:17:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-21 11:17:22 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-28 15:50:58 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll

2011-01-28 15:50:58 17712 ----a-w- c:\windows\system32\nitrolocalui.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-23 21:19:29 180224 ----a-w- c:\windows\system32\WinVd32.sys

2011-01-23 21:19:26 7680 ----a-w- c:\windows\system32\WinFLsrv.exe

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 21:19:03.71 ===============

I never received a Combofix.txt file.

Thanks again for helping me to resolve this persistent problem.

VirusTotal - Free Online Virus, Malware and URL Scanner.pdf

Error Messages 4-4-11.pdf

Attach 4-4-11.zip

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi,

I completed the actions you requested. Also ran MBRCheck one more time...still get a report Unknown MBR code. Do I need to delete it with the options available in MBRCheck.exe?

I have no firewall or anti-virus programs running. Can I re-install? I was using PCTools Firewall Plus and MSE. Would you have any other recommendations or should I just go ahead and use these ones again?

Can't say anything about how the computer is running...I have been on it only to read your notes to me, comply with your recommendations, and turn it off until your next post. Do I need to remove any programs, files that were installed during this lengthy removal process?

The log/txt files follow:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=3d06f3fc8a4bf44799820891614b94a0

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-04-08 01:25:08

# local_time=2011-04-07 09:25:08 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=124603

# found=0

# cleaned=0

# scan_time=5835

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

PC Tools Firewall Plus 7.0

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 24

Adobe Flash Player 10.2.152.32

````````````````````````````````

Process Check:

objlist.exe by Laurent

PC Tools Firewall Plus FWService.exe

``````````End of Log````````````

Awaiting further instructions and recommendations. Thank you....

post-48996-0-04022300-1302227295.jpg

Link to post
Share on other sites

  • Staff

Hi,

Unknown doesn't mean infected in this case. Many OEM MBRs (by Dell/HP/etc.) are legitimate but not default, so they're tagged as "unknown."

Yes feel free to reinstall your protection software. I use MSE in conjunction with the PRO version of MBAM (a lifetime license for what I consider the best protection available today). Since you're using XP, do reinstall your firewall.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Use your computer normally for a bit and let me know how it's behaving. :)

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.