im stuck

vc1260 · July 14, 2011

im trying to follow the steps on "im infected- what do i do now?" post. i ran the malwarebytes' quick scan and got nothing, then the avira antivir got a trojan TR/Crypt.XPACK.Gen5 that seems to re appear every time i restart my computer. i downloaded defogger, click on disable your CD Emulation drivers, click yes, the finished! appears but no reboot machine message appears. then i downloaded dds and i have no idea how to disable script blockers. below are the reports from avira and malwarebytes. and i also keep getting a "successfully blocked access to a potentially malicious website" thingie. below is a log for that too. thank you for your time.

Avira AntiVir Personal

Report file date: Thursday, July 14, 2011 14:00

Scanning for 2973811 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : D2HWT5H1

Version information:

BUILD.DAT : 10.2.0.696 35934 Bytes 6/29/2011 17:32:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/14/2011 17:56:49

AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/14/2011 17:56:49

LUKE.DLL : 10.3.0.5 45416 Bytes 7/14/2011 17:56:53

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/14/2011 17:56:55

AVREG.DLL : 10.3.0.9 88833 Bytes 7/14/2011 17:56:55

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56

VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:36:57

VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22

VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 02:41:14

VBASE006.VDF : 7.11.10.252 2048 Bytes 7/7/2011 02:41:15

VBASE007.VDF : 7.11.10.253 2048 Bytes 7/7/2011 02:41:15

VBASE008.VDF : 7.11.10.254 2048 Bytes 7/7/2011 02:41:15

VBASE009.VDF : 7.11.10.255 2048 Bytes 7/7/2011 02:41:15

VBASE010.VDF : 7.11.11.0 2048 Bytes 7/7/2011 02:41:15

VBASE011.VDF : 7.11.11.1 2048 Bytes 7/7/2011 02:41:15

VBASE012.VDF : 7.11.11.2 2048 Bytes 7/7/2011 02:41:16

VBASE013.VDF : 7.11.11.75 688128 Bytes 7/12/2011 02:41:23

VBASE014.VDF : 7.11.11.104 978944 Bytes 7/13/2011 17:56:48

VBASE015.VDF : 7.11.11.137 655360 Bytes 7/14/2011 17:56:48

VBASE016.VDF : 7.11.11.138 2048 Bytes 7/14/2011 17:56:48

VBASE017.VDF : 7.11.11.139 2048 Bytes 7/14/2011 17:56:48

VBASE018.VDF : 7.11.11.140 2048 Bytes 7/14/2011 17:56:48

VBASE019.VDF : 7.11.11.141 2048 Bytes 7/14/2011 17:56:48

VBASE020.VDF : 7.11.11.142 2048 Bytes 7/14/2011 17:56:48

VBASE021.VDF : 7.11.11.143 2048 Bytes 7/14/2011 17:56:48

VBASE022.VDF : 7.11.11.144 2048 Bytes 7/14/2011 17:56:48

VBASE023.VDF : 7.11.11.145 2048 Bytes 7/14/2011 17:56:48

VBASE024.VDF : 7.11.11.146 2048 Bytes 7/14/2011 17:56:48

VBASE025.VDF : 7.11.11.147 2048 Bytes 7/14/2011 17:56:48

VBASE026.VDF : 7.11.11.148 2048 Bytes 7/14/2011 17:56:48

VBASE027.VDF : 7.11.11.149 2048 Bytes 7/14/2011 17:56:48

VBASE028.VDF : 7.11.11.150 2048 Bytes 7/14/2011 17:56:48

VBASE029.VDF : 7.11.11.151 2048 Bytes 7/14/2011 17:56:48

VBASE030.VDF : 7.11.11.152 2048 Bytes 7/14/2011 17:56:48

VBASE031.VDF : 7.11.11.156 8704 Bytes 7/14/2011 17:56:48

Engineversion : 8.2.6.12

AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28

AESCRIPT.DLL : 8.1.3.71 1618299 Bytes 7/14/2011 17:56:48

AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27

AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 04:54:00

AERDL.DLL : 8.1.9.13 639349 Bytes 7/14/2011 17:56:48

AEPACK.DLL : 8.2.9.5 676214 Bytes 7/14/2011 17:56:48

AEOFFICE.DLL : 8.1.2.11 201083 Bytes 7/14/2011 17:56:48

AEHEUR.DLL : 8.1.2.142 3613048 Bytes 7/14/2011 17:56:48

AEHELP.DLL : 8.1.17.4 246135 Bytes 7/14/2011 17:56:48

AEGEN.DLL : 8.1.5.6 401780 Bytes 6/16/2011 04:54:00

AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14

AECORE.DLL : 8.1.22.4 196983 Bytes 7/14/2011 17:56:48

AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14

AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36

AVPREF.DLL : 10.0.3.2 44904 Bytes 7/14/2011 17:56:49

AVREP.DLL : 10.0.0.10 174120 Bytes 7/14/2011 17:56:55

AVARKT.DLL : 10.0.26.1 255336 Bytes 7/14/2011 17:56:49

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/14/2011 17:56:49

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36

NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/14/2011 17:56:48

RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/14/2011 17:56:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: Thursday, July 14, 2011 14:00

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '31' Module(s) have been scanned

Scan process 'wuauclt.exe' - '47' Module(s) have been scanned

Scan process 'avgnt.exe' - '47' Module(s) have been scanned

Scan process 'avscan.exe' - '72' Module(s) have been scanned

Scan process 'avshadow.exe' - '32' Module(s) have been scanned

Scan process 'avcenter.exe' - '59' Module(s) have been scanned

Scan process 'avguard.exe' - '58' Module(s) have been scanned

Scan process 'sched.exe' - '47' Module(s) have been scanned

Scan process 'iTunes.exe' - '68' Module(s) have been scanned

Scan process 'msdtc.exe' - '43' Module(s) have been scanned

Scan process 'dllhost.exe' - '63' Module(s) have been scanned

Scan process 'dllhost.exe' - '48' Module(s) have been scanned

Scan process 'vssvc.exe' - '51' Module(s) have been scanned

Scan process 'rpcnet.exe' - '32' Module(s) have been scanned

Scan process 'wuauclt.exe' - '40' Module(s) have been scanned

Scan process 'alg.exe' - '36' Module(s) have been scanned

Scan process 'iPodService.exe' - '33' Module(s) have been scanned

Scan process 'Pen_Tablet.exe' - '35' Module(s) have been scanned

Scan process 'Pen_TabletUser.exe' - '21' Module(s) have been scanned

Scan process 'Pen_Tablet.exe' - '27' Module(s) have been scanned

Scan process 'svchost.exe' - '38' Module(s) have been scanned

Scan process 'SeaPort.exe' - '48' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned

Scan process 'myAgtSvc.Exe' - '58' Module(s) have been scanned

Scan process 'mbamservice.exe' - '44' Module(s) have been scanned

Scan process 'jqs.exe' - '34' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '34' Module(s) have been scanned

Scan process 'SSScheduler.exe' - '28' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '25' Module(s) have been scanned

Scan process 'mbamgui.exe' - '26' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '43' Module(s) have been scanned

Scan process 'AdobeARM.exe' - '37' Module(s) have been scanned

Scan process 'stsystra.exe' - '34' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '27' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '32' Module(s) have been scanned

Scan process 'rundll32.exe' - '27' Module(s) have been scanned

Scan process 'PDVDDXSrv.exe' - '36' Module(s) have been scanned

Scan process 'myAgtTry.Exe' - '44' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'Explorer.EXE' - '82' Module(s) have been scanned

Scan process 'SCardSvr.exe' - '26' Module(s) have been scanned

Scan process 'spoolsv.exe' - '55' Module(s) have been scanned

Scan process 'svchost.exe' - '41' Module(s) have been scanned

Scan process 'svchost.exe' - '35' Module(s) have been scanned

Scan process 'svchost.exe' - '198' Module(s) have been scanned

Scan process 'svchost.exe' - '43' Module(s) have been scanned

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'lsass.exe' - '59' Module(s) have been scanned

Scan process 'services.exe' - '39' Module(s) have been scanned

Scan process 'winlogon.exe' - '64' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '1192' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134\A0149706.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen5 Trojan

Beginning disinfection:

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP134\A0149706.dll

[DETECTION] Is the TR/Crypt.XPACK.Gen5 Trojan

[NOTE] The file was moved to the quarantine directory under the name '4cddee9b.qua'.

End of the scan: Thursday, July 14, 2011 15:56

Used time: 1:55:00 Hour(s)

The scan has been done completely.

15892 Scanned directories

481911 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

481910 Files not concerned

4685 Archives were scanned

0 Warnings

1 Notes

465593 Objects were scanned with rootkit scan

0 Hidden objects were found

-----------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7139

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/14/2011 4:43:12 PM

mbam-log-2011-07-14 (16-43-12).txt

Scan type: Quick scan

Objects scanned: 203106

Time elapsed: 9 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------------------------

13:47:08 (null) MESSAGE Protection started successfully

13:48:00 New MESSAGE IP Protection started successfully

13:48:10 New MESSAGE Scheduled update executed successfully

13:48:10 New MESSAGE IP Protection stopped

13:48:13 New MESSAGE Database updated successfully

13:48:15 New MESSAGE IP Protection started successfully

13:48:55 New IP-BLOCK 193.218.156.42 (Type: outgoing)

13:48:58 New IP-BLOCK 193.218.156.42 (Type: outgoing)

13:56:23 New IP-BLOCK 67.29.139.153 (Type: outgoing)

13:56:26 New IP-BLOCK 67.29.139.153 (Type: outgoing)

13:56:31 New IP-BLOCK 67.29.139.153 (Type: outgoing)

13:57:34 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:57:37 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:57:43 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:57:56 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:57:59 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:05 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:19 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:22 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:28 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:48 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:51 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:52 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:58:54 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:58:55 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:59:00 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:59:01 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:59:13 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:59:18 New IP-BLOCK 67.29.139.153 (Type: outgoing)

13:59:18 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:59:21 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:59:22 New IP-BLOCK 208.73.210.29 (Type: outgoing)

13:59:24 New IP-BLOCK 67.29.139.153 (Type: outgoing)

13:59:27 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:59:53 New IP-BLOCK 80.87.199.15 (Type: outgoing)

13:59:56 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:00:02 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:00:23 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:00:24 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:00:26 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:00:27 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:00:32 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:00:33 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:00:42 New IP-BLOCK 67.29.139.153 (Type: outgoing)

14:00:45 New IP-BLOCK 67.29.139.153 (Type: outgoing)

14:00:47 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:00:51 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:00:51 New IP-BLOCK 67.29.139.153 (Type: outgoing)

14:00:54 New IP-BLOCK 67.29.139.153 (Type: outgoing)

14:00:57 New IP-BLOCK 67.29.139.153 (Type: outgoing)

14:01:00 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:01:03 New IP-BLOCK 67.29.139.153 (Type: outgoing)

14:01:13 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:16 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:20 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:01:20 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:23 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:01:23 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:29 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:01:29 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:41 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:44 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:48 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:01:50 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:01:51 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:01:57 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:02:19 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:02:22 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:02:28 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:02:49 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:02:52 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:02:58 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:03:18 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:03:21 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:03:27 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:03:50 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:03:53 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:03:59 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:04:19 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:04:22 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:04:28 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:04:52 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:04:55 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:05:01 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:05:18 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:05:21 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:05:27 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:05:49 New IP-BLOCK 80.87.199.15 (Type: outgoing)

14:16:02 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:05 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:11 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:23 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:26 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:32 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:32 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:16:35 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:16:36 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:38 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:41 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:16:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:48 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:51 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:16:53 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:16:56 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:16:58 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:17:02 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:09 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:17:12 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:17:19 New IP-BLOCK 208.73.210.29 (Type: outgoing)

14:17:24 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:27 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:30 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:17:33 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:17:33 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:39 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:17:46 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:49 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:51 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:17:54 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:17:55 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:17:58 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:18:00 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:04 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:18:14 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:16 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:18:16 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:19 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:18:23 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:25 New IP-BLOCK 208.87.32.75 (Type: outgoing)

14:18:30 New IP-BLOCK 78.140.152.61 (Type: outgoing)

14:18:33 New IP-BLOCK 78.140.152.61 (Type: outgoing)

14:18:35 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:38 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:39 New IP-BLOCK 78.140.152.61 (Type: outgoing)

14:18:42 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:45 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:18:51 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:19:04 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:19:07 New IP-BLOCK 69.6.27.100 (Type: outgoing)

14:19:13 New IP-BLOCK 69.6.27.100 (Type: outgoing)

16:00:36 (null) MESSAGE Protection started successfully

16:01:07 New MESSAGE IP Protection started successfully

16:03:05 New IP-BLOCK 193.218.156.42 (Type: outgoing)

16:03:08 New IP-BLOCK 193.218.156.42 (Type: outgoing)

16:03:14 New IP-BLOCK 193.218.156.42 (Type: outgoing)

16:03:26 New IP-BLOCK 188.229.90.137 (Type: outgoing)

16:03:29 New IP-BLOCK 188.229.90.137 (Type: outgoing)

16:03:35 New IP-BLOCK 188.229.90.137 (Type: outgoing)

16:10:15 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:10:18 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:10:24 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:10:36 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:10:39 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:10:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:10:57 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:00 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:06 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:18 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:21 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:22 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:25 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:28 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:31 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:37 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:44 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:47 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:49 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:52 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:53 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:11:58 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:06 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:09 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:15 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:27 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:30 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:36 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:39 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:12:57 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:13:00 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:13:06 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:13:10 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:13 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:19 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:31 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:34 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:37 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:13:40 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:40 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:13:46 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:13:54 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:57 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:13:58 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:01 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:03 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:14:07 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:11 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:14:14 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:14:15 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:18 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:20 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:14:24 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:33 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:14:36 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:39 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:42 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:14:46 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:49 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:14:55 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:15:07 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:15:10 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:15:16 New IP-BLOCK 82.98.86.163 (Type: outgoing)

16:27:46 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:27:49 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:27:55 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:07 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:10 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:16 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:21 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:24 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:30 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:42 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:50 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:52 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:28:53 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:28:55 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:28:59 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:29:01 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:11 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:29:13 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:14 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:29:16 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:20 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:29:22 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:32 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:35 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:41 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:54 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:29:57 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:03 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:06 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:12 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:27 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:29 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:30:30 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:32 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:30:36 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:30:38 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:30:50 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:30:53 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:30:58 New IP-BLOCK 195.3.145.105 (Type: outgoing)

16:30:59 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:01 New IP-BLOCK 195.3.145.105 (Type: outgoing)

16:31:07 New IP-BLOCK 195.3.145.105 (Type: outgoing)

16:31:09 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:12 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:18 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:23 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:26 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:32 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:44 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:47 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:53 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:31:55 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:31:58 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:04 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:16 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:19 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:24 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:32:25 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:27 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:32:33 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:32:36 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:39 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:45 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:32:47 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:32:50 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:32:56 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:32:58 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:01 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:04 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:07 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:12 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:13 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:15 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:21 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:26 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:29 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:34 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:36 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:37 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:43 New IP-BLOCK 208.87.32.75 (Type: outgoing)

16:33:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:33:48 New IP-BLOCK 91.213.29.63 (Type: outgoing)

16:33:51 New IP-BLOCK 91.213.29.63 (Type: outgoing)

16:33:57 New IP-BLOCK 91.213.29.63 (Type: outgoing)

16:34:01 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:34:04 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:34:10 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:34:33 New IP-BLOCK 94.100.30.165 (Type: outgoing)

16:44:09 New IP-BLOCK 188.229.90.136 (Type: outgoing)

16:44:12 New IP-BLOCK 188.229.90.136 (Type: outgoing)

16:44:18 New IP-BLOCK 188.229.90.136 (Type: outgoing)

16:44:30 New IP-BLOCK 193.218.156.42 (Type: outgoing)

16:44:33 New IP-BLOCK 193.218.156.42 (Type: outgoing)

16:44:39 New IP-BLOCK 193.218.156.42 (Type: outgoing)

16:44:43 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:44:46 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:44:52 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:45:18 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:45:21 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:45:27 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:45:43 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:46 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:45:52 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:04 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:07 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:14 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:24 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:27 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:33 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:40 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:43 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:45 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:48 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:49 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:54 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:46:57 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:01 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:03 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:04 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:10 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:10 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:13 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:15 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:18 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:19 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:24 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:25 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:26 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:28 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:29 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:34 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:35 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:43 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:46 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:47 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:49 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:50 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:52 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:55 New IP-BLOCK 67.29.139.153 (Type: outgoing)

16:47:56 New IP-BLOCK 208.73.210.29 (Type: outgoing)

16:47:59 New IP-BLOCK 208.73.210.29 (Type: outgoing)

Elise · July 15, 2011

Hi and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
[*]Double click on the DDS icon, allow it to run.
[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.
[*]Notepad will open with the results.
[*]Follow the instructions that pop up for posting the results.
[*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

vc1260 · July 15, 2011

below is the log from dds. thank you!

DDS (Ver_2011-07-14.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by New at 12:40:42 on 2011-07-15

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1445 [GMT -4:00]

.

AV: Total Protection Service *Enabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rpcnet.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://my.collinscollege.edu

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html

uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com

mSearch Bar = hxxp://www.google.com/ie

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe

mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\agent\myAgtTry.Exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.5.1.191.dll

mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

IFEO: Your Image File Name Here without a path - ntsd -d

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\new\application data\mozilla\firefox\profiles\74buvyun.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-12-10 218112]

R0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-12-10 48140]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-12-10 204800]

R0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-12-10 19200]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-12 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-12 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-12 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-7-12 66616]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-24 54760]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-8 366640]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-2-28 140864]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-9-30 1373480]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-8 22712]

S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys --> c:\windows\system32\drivers\vmscsi.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 McShield;McShield;c:\program files\mcafee\managed virusscan\vscan\McShield.exe [2008-2-28 144960]

S3 MfeAVFK;McAfee Inc.;c:\windows\system32\drivers\MfeAVFK.sys [2008-2-28 72296]

S3 MfeBOPK;McAfee Inc.;c:\windows\system32\drivers\MfeBOPK.sys [2008-2-28 34184]

S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-2-28 170408]

.

=============== Created Last 30 ================

.

2011-07-14 20:00:08 -------- d-sh--w- c:\documents and settings\new\IETldCache

2011-07-14 18:06:00 -------- d-----w- c:\windows\ie8updates

2011-07-14 18:05:18 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2011-07-14 18:05:16 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-07-14 18:05:15 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2011-07-14 18:05:15 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2011-07-14 18:05:14 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2011-07-14 18:05:13 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2011-07-14 18:05:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2011-07-14 17:57:57 -------- dc-h--w- c:\windows\ie8

2011-07-14 17:50:39 294912 ------w- c:\windows\system32\dllcache\msctf.dll

2011-07-13 06:42:53 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-07-13 02:50:00 -------- d-----w- c:\documents and settings\new\application data\Avira

2011-07-13 02:38:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-13 02:38:40 -------- d-----w- c:\program files\Avira

2011-07-13 02:38:40 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-07-13 02:25:48 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2011-07-13 02:25:48 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2011-07-13 02:25:47 -------- d-----w- c:\program files\SpywareBlaster

2011-07-13 00:41:01 -------- d-----w- c:\documents and settings\new\application data\Malwarebytes

2011-07-13 00:08:23 -------- d-----w- c:\documents and settings\new\local settings\application data\Mozilla

2011-07-13 00:07:12 -------- d-----w- c:\documents and settings\new\application data\WTablet

2011-07-12 22:06:02 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-07-12 22:06:01 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-12 22:03:10 -------- d-----w- c:\program files\iTunes

2011-07-12 22:03:10 -------- d-----w- c:\program files\iPod

2011-07-12 21:57:43 -------- d-----w- c:\windows\system32\KB905474

2011-07-12 02:32:17 -------- d-----w- c:\windows\system32\NtmsData

2011-07-12 02:22:55 -------- d-----w- c:\program files\McAfee Security Scan(2)

2011-07-11 00:04:34 -------- d-----w- c:\documents and settings\all users\application data\RegInOut

2011-07-09 15:42:14 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2011-07-09 15:36:30 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-07-09 15:34:33 -------- d-----w- c:\program files\AVG

2011-07-09 15:34:05 -------- d-----w- c:\program files\WhiteSmoke_Bar

2011-07-09 15:26:27 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-07-09 05:15:04 0 ----a-w- c:\windows\Yjocihepal.bin

.

==================== Find3M ====================

.

2011-07-15 16:31:51 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-07-15 16:31:47 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-07-14 17:49:11 58288 ------w- c:\windows\system32\rpcnet.exe

2011-07-14 17:47:16 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-06-02 00:13:22 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A60E4D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a6147d0]; MOV EAX, [0x8a61484c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A57D958]

3 CLASSPNP[0xBA0C905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A61C6F0]

\Driver\atapi[0x8A61C920] -> IRP_MJ_CREATE -> 0x8A60E4D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A60E31B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 12:41:42.78 ===============

Elise · July 15, 2011

Hi again, unfortunately you have a nasty rootkit on board.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avira or McAfee.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

vc1260 · July 16, 2011

below is the log:

2011/07/15 21:09:49.0656 2788 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/15 21:09:49.0671 2788 ================================================================================

2011/07/15 21:09:49.0671 2788 SystemInfo:

2011/07/15 21:09:49.0671 2788

2011/07/15 21:09:49.0671 2788 OS Version: 5.1.2600 ServicePack: 2.0

2011/07/15 21:09:49.0671 2788 Product type: Workstation

2011/07/15 21:09:49.0671 2788 ComputerName: D2HWT5H1

2011/07/15 21:09:49.0671 2788 UserName: New

2011/07/15 21:09:49.0671 2788 Windows directory: C:\WINDOWS

2011/07/15 21:09:49.0671 2788 System windows directory: C:\WINDOWS

2011/07/15 21:09:49.0671 2788 Processor architecture: Intel x86

2011/07/15 21:09:49.0671 2788 Number of processors: 2

2011/07/15 21:09:49.0671 2788 Page size: 0x1000

2011/07/15 21:09:49.0671 2788 Boot type: Normal boot

2011/07/15 21:09:49.0671 2788 ================================================================================

2011/07/15 21:09:51.0125 2788 Initialize success

2011/07/15 21:12:24.0187 1500 ================================================================================

2011/07/15 21:12:24.0187 1500 Scan started

2011/07/15 21:12:24.0187 1500 Mode: Manual;

2011/07/15 21:12:24.0187 1500 ================================================================================

2011/07/15 21:12:24.0640 1500 a320raid (28615e07c5b8803841a038418406b98e) C:\WINDOWS\system32\DRIVERS\a320raid.sys

2011/07/15 21:12:24.0750 1500 aac (74365ea0c390d9af5d2ee720c65be2a9) C:\WINDOWS\system32\DRIVERS\aac.sys

2011/07/15 21:12:24.0781 1500 aarich (b7dbe200b5395fe2937ea2b69e413dad) C:\WINDOWS\system32\DRIVERS\aarich.sys

2011/07/15 21:12:24.0968 1500 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/15 21:12:25.0015 1500 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/15 21:12:25.0062 1500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/15 21:12:25.0140 1500 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/15 21:12:25.0265 1500 adpu320 (e4e13ce4c85c7e45a643ba54b8c8b16b) C:\WINDOWS\system32\drivers\adpu320.sys

2011/07/15 21:12:25.0406 1500 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/07/15 21:12:25.0468 1500 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/07/15 21:12:25.0546 1500 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/15 21:12:25.0609 1500 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/15 21:12:25.0671 1500 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/15 21:12:25.0703 1500 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/15 21:12:25.0765 1500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/15 21:12:25.0875 1500 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/15 21:12:25.0968 1500 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/15 21:12:26.0031 1500 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/15 21:12:26.0125 1500 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/15 21:12:26.0203 1500 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/15 21:12:26.0234 1500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/15 21:12:26.0281 1500 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/15 21:12:26.0312 1500 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/15 21:12:26.0343 1500 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/15 21:12:26.0421 1500 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/15 21:12:26.0531 1500 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/15 21:12:26.0578 1500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/15 21:12:26.0734 1500 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/15 21:12:26.0812 1500 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/07/15 21:12:26.0843 1500 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/07/15 21:12:26.0921 1500 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/15 21:12:27.0031 1500 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2011/07/15 21:12:27.0125 1500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/15 21:12:27.0187 1500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/15 21:12:27.0218 1500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/15 21:12:27.0265 1500 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/15 21:12:27.0312 1500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/15 21:12:27.0343 1500 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/15 21:12:27.0406 1500 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/15 21:12:27.0453 1500 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/07/15 21:12:27.0562 1500 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/15 21:12:27.0609 1500 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/15 21:12:27.0671 1500 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/15 21:12:27.0765 1500 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/15 21:12:27.0812 1500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/15 21:12:27.0859 1500 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/15 21:12:27.0937 1500 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/15 21:12:28.0015 1500 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS

2011/07/15 21:12:28.0031 1500 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS

2011/07/15 21:12:28.0093 1500 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/07/15 21:12:28.0140 1500 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS

2011/07/15 21:12:28.0203 1500 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS

2011/07/15 21:12:28.0234 1500 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS

2011/07/15 21:12:28.0265 1500 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS

2011/07/15 21:12:28.0328 1500 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/07/15 21:12:28.0343 1500 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS

2011/07/15 21:12:28.0375 1500 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS

2011/07/15 21:12:28.0500 1500 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/15 21:12:28.0578 1500 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/15 21:12:28.0671 1500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/15 21:12:28.0796 1500 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/15 21:12:28.0859 1500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/15 21:12:28.0875 1500 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/15 21:12:28.0937 1500 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/07/15 21:12:29.0015 1500 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/07/15 21:12:29.0093 1500 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/15 21:12:29.0218 1500 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/15 21:12:29.0281 1500 fasttx2k (b62ba9f5e991d64c28dd75121aa38c81) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2011/07/15 21:12:29.0390 1500 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/15 21:12:29.0484 1500 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/15 21:12:29.0515 1500 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/15 21:12:29.0546 1500 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/15 21:12:29.0640 1500 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/07/15 21:12:29.0671 1500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/15 21:12:29.0703 1500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/15 21:12:29.0781 1500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/15 21:12:29.0796 1500 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/15 21:12:29.0906 1500 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

2011/07/15 21:12:30.0000 1500 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/15 21:12:30.0078 1500 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/15 21:12:30.0171 1500 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/15 21:12:30.0265 1500 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/07/15 21:12:30.0359 1500 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/07/15 21:12:30.0484 1500 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/15 21:12:30.0515 1500 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/15 21:12:30.0562 1500 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/15 21:12:30.0640 1500 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/15 21:12:30.0718 1500 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys

2011/07/15 21:12:30.0937 1500 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/15 21:12:31.0046 1500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/15 21:12:31.0093 1500 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/15 21:12:31.0156 1500 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/15 21:12:31.0187 1500 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/15 21:12:31.0250 1500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/15 21:12:31.0265 1500 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/15 21:12:31.0359 1500 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/15 21:12:31.0421 1500 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/15 21:12:31.0468 1500 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/15 21:12:31.0531 1500 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/15 21:12:31.0562 1500 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/15 21:12:31.0640 1500 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/15 21:12:31.0703 1500 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/15 21:12:31.0765 1500 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/15 21:12:31.0921 1500 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/07/15 21:12:32.0031 1500 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/15 21:12:32.0093 1500 megasas (62fa55518f5164a982aac2d165ab1f13) C:\WINDOWS\system32\drivers\megasas.sys

2011/07/15 21:12:32.0187 1500 MfeAVFK (172938cc0f4a772adcfce7b0bf3e0b12) C:\WINDOWS\system32\drivers\MfeAVFK.sys

2011/07/15 21:12:32.0296 1500 MfeBOPK (4e20be4196dde74ea1468bb0f8863d79) C:\WINDOWS\system32\drivers\MfeBOPK.sys

2011/07/15 21:12:32.0328 1500 mfehidk (ee05b34dd0d19547b76537b4c6f808d4) C:\WINDOWS\system32\drivers\mfehidk.sys

2011/07/15 21:12:32.0406 1500 mfetdik (ce2834beb1c3c4db3eba4be2cb9c692f) C:\WINDOWS\system32\drivers\mfetdik.sys

2011/07/15 21:12:32.0437 1500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/15 21:12:32.0500 1500 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/15 21:12:32.0562 1500 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/15 21:12:32.0593 1500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/15 21:12:32.0625 1500 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/15 21:12:32.0703 1500 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/15 21:12:32.0812 1500 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/15 21:12:32.0890 1500 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/15 21:12:32.0984 1500 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/15 21:12:33.0046 1500 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/15 21:12:33.0109 1500 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/15 21:12:33.0140 1500 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/15 21:12:33.0187 1500 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/15 21:12:33.0218 1500 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/15 21:12:33.0312 1500 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/15 21:12:33.0390 1500 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/15 21:12:33.0421 1500 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/15 21:12:33.0453 1500 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/15 21:12:33.0484 1500 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/15 21:12:33.0515 1500 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/15 21:12:33.0562 1500 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/15 21:12:33.0750 1500 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2011/07/15 21:12:34.0046 1500 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/15 21:12:34.0109 1500 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/15 21:12:34.0156 1500 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/15 21:12:34.0250 1500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/15 21:12:34.0609 1500 nv (3096b634646dadf3af4d5c5b6a941a14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/15 21:12:35.0234 1500 nvatabus (6b37162e91a7005baa753cb611acea2d) C:\WINDOWS\system32\drivers\nvatabus.sys

2011/07/15 21:12:35.0281 1500 nvraid (3f98f15fca7420396bd2b1aa205c7247) C:\WINDOWS\system32\drivers\nvraid.sys

2011/07/15 21:12:35.0359 1500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/15 21:12:35.0375 1500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/15 21:12:35.0453 1500 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/15 21:12:35.0578 1500 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/15 21:12:35.0609 1500 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/15 21:12:35.0703 1500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/15 21:12:35.0765 1500 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/15 21:12:35.0906 1500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/15 21:12:35.0968 1500 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/15 21:12:36.0140 1500 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/15 21:12:36.0250 1500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/15 21:12:36.0312 1500 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/15 21:12:36.0359 1500 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/15 21:12:36.0406 1500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/15 21:12:36.0468 1500 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/15 21:12:36.0562 1500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/15 21:12:36.0671 1500 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/15 21:12:36.0703 1500 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/15 21:12:36.0765 1500 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/15 21:12:36.0843 1500 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/15 21:12:36.0937 1500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/15 21:12:36.0968 1500 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/15 21:12:37.0000 1500 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/15 21:12:37.0078 1500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/15 21:12:37.0156 1500 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/15 21:12:37.0203 1500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/15 21:12:37.0234 1500 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/15 21:12:37.0312 1500 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/15 21:12:37.0375 1500 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/15 21:12:37.0484 1500 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2011/07/15 21:12:37.0546 1500 rimsptsk (03d6740e41e86476ef7d1e52ca0b947d) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2011/07/15 21:12:37.0593 1500 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2011/07/15 21:12:37.0734 1500 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/07/15 21:12:37.0843 1500 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/15 21:12:37.0953 1500 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/15 21:12:38.0031 1500 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/15 21:12:38.0171 1500 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

2011/07/15 21:12:38.0187 1500 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

2011/07/15 21:12:38.0218 1500 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/15 21:12:38.0359 1500 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/15 21:12:38.0406 1500 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/15 21:12:38.0484 1500 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/15 21:12:38.0546 1500 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/15 21:12:38.0640 1500 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/15 21:12:38.0750 1500 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/07/15 21:12:38.0875 1500 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2011/07/15 21:12:38.0953 1500 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/15 21:12:38.0984 1500 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/15 21:12:39.0046 1500 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/15 21:12:39.0125 1500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/15 21:12:39.0250 1500 Symmpi (a42f863305943869ba00a613c8ee8c7e) C:\WINDOWS\system32\drivers\symmpi.sys

2011/07/15 21:12:39.0312 1500 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/15 21:12:39.0343 1500 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/15 21:12:39.0406 1500 SynTP (dc1e7ee0a6494cd79d624bd8d5da8bfb) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/15 21:12:39.0593 1500 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/15 21:12:39.0718 1500 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/15 21:12:39.0796 1500 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/15 21:12:39.0812 1500 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/15 21:12:39.0875 1500 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/15 21:12:39.0953 1500 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/15 21:12:40.0015 1500 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/15 21:12:40.0078 1500 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/15 21:12:40.0140 1500 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/15 21:12:40.0250 1500 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/15 21:12:40.0421 1500 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/15 21:12:40.0453 1500 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/15 21:12:40.0531 1500 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/15 21:12:40.0625 1500 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/15 21:12:40.0734 1500 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/15 21:12:40.0781 1500 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/15 21:12:40.0843 1500 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/07/15 21:12:40.0921 1500 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/15 21:12:40.0953 1500 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/15 21:12:41.0046 1500 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/15 21:12:41.0125 1500 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys

2011/07/15 21:12:41.0187 1500 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

2011/07/15 21:12:41.0234 1500 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys

2011/07/15 21:12:41.0312 1500 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/15 21:12:41.0421 1500 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/15 21:12:41.0484 1500 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/07/15 21:12:41.0718 1500 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/07/15 21:12:41.0796 1500 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0

2011/07/15 21:12:41.0812 1500 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/15 21:12:41.0828 1500 Boot (0x1200) (86f097738300248a0c1a5649b5111c06) \Device\Harddisk0\DR0\Partition0

2011/07/15 21:12:41.0828 1500 ================================================================================

2011/07/15 21:12:41.0828 1500 Scan finished

2011/07/15 21:12:41.0828 1500 ================================================================================

2011/07/15 21:12:41.0843 1012 Detected object count: 1

2011/07/15 21:12:41.0843 1012 Actual detected object count: 1

2011/07/15 21:13:20.0500 1012 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/15 21:13:20.0500 1012 \Device\Harddisk0\DR0 - ok

2011/07/15 21:13:20.0500 1012 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/15 21:13:30.0703 4032 Deinitialize success

Elise · July 16, 2011

That did the trick with the rootkit. Now lets see what else is hiding there.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

vc1260 · July 16, 2011

hello, below is the log you asked for.

ComboFix 11-07-15.03 - New 07/16/2011 11:39:57.1.2 - x86

Running from: c:\documents and settings\New\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

.

((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))

.

2011-07-14 20:11 . 2011-07-14 20:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-07-14 20:01 . 2011-07-14 20:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-07-14 18:05 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2011-07-14 18:05 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-07-14 18:05 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2011-07-14 18:05 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2011-07-14 18:05 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2011-07-14 18:05 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2011-07-14 18:05 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2011-07-14 17:57 . 2011-07-14 18:04 -------- dc-h--w- c:\windows\ie8

2011-07-14 17:50 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll

2011-07-13 06:42 . 2011-07-13 06:42 -------- d--h--w- c:\windows\system32\GroupPolicy

2011-07-13 02:38 . 2011-07-14 17:56 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-13 02:38 . 2011-07-14 17:56 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-13 02:38 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2011-07-13 02:38 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2011-07-13 02:38 . 2011-07-13 02:38 -------- d-----w- c:\program files\Avira

2011-07-13 02:38 . 2011-07-13 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-07-13 02:26 . 2011-07-13 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP

2011-07-13 02:25 . 2010-01-10 23:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2011-07-13 02:25 . 2010-01-10 23:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2011-07-13 02:25 . 2011-07-13 02:27 -------- d-----w- c:\program files\SpywareBlaster

2011-07-12 23:44 . 2011-07-12 23:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-07-12 23:41 . 2011-07-14 20:14 -------- d-----w- c:\documents and settings\New

2011-07-12 23:38 . 2011-07-12 23:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX

2011-07-12 22:06 . 2011-07-12 22:06 -------- d-----w- c:\windows\system32\wbem\Repository

2011-07-12 22:03 . 2011-07-13 00:11 -------- d-----w- c:\program files\iTunes

2011-07-12 22:03 . 2011-07-13 00:11 -------- d-----w- c:\program files\iPod

2011-07-12 21:57 . 2011-07-12 21:57 -------- d-----w- c:\windows\system32\KB905474

2011-07-12 21:06 . 2011-07-12 21:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-07-12 02:32 . 2011-07-14 21:29 -------- d-----w- c:\windows\system32\NtmsData

2011-07-12 02:22 . 2011-07-12 21:58 -------- d-----w- c:\program files\McAfee Security Scan(2)

2011-07-11 00:04 . 2011-07-11 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\RegInOut

2011-07-10 23:45 . 2011-07-10 23:46 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-07-09 17:15 . 2011-07-12 22:01 -------- d-----w- c:\documents and settings\LocalService\UserData

2011-07-09 16:15 . 2011-07-10 23:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-07-09 15:42 . 2011-07-09 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-07-09 15:36 . 2011-07-12 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-07-09 15:34 . 2011-07-12 22:01 -------- d-----w- c:\program files\AVG

2011-07-09 15:34 . 2011-07-12 22:01 -------- d-----w- c:\program files\WhiteSmoke_Bar

2011-07-09 15:31 . 2011-07-09 15:31 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2011-07-09 15:26 . 2011-07-12 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-07-09 05:15 . 2011-07-11 17:04 0 ----a-w- c:\windows\Yjocihepal.bin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-16 15:27 . 2008-09-16 17:13 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-07-16 15:27 . 2008-02-28 13:49 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-07-14 17:49 . 2006-03-01 21:37 58288 ------w- c:\windows\system32\rpcnet.exe

2011-07-14 17:47 . 2008-09-16 17:13 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-06-02 00:13 . 2011-06-02 00:13 398760 ----a-r- c:\windows\system32\cpnprt2.cid

2011-05-29 13:11 . 2010-08-08 08:08 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2010-08-08 08:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 468544]

"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe" [2007-05-18 190016]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8495104]

"nwiz"="nwiz.exe" [2007-12-14 1626112]

"NVHotkey"="nvHotkey.dll" [2007-12-14 86016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1024000]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-06 405504]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=

"c:\\Program Files\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\JavaSoft\\JRE\\1.3.1_04\\bin\\javaw.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]

S0 a320raid;a320raid;c:\windows\System32\DRIVERS\a320raid.sys [2005-02-18 218112]

S0 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\System32\DRIVERS\aac.sys [2004-04-07 48140]

S0 aarich;aarich;c:\windows\system32\DRIVERS\aarich.sys [2005-05-18 204800]

S0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2007-09-07 19200]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2007-03-06 140864]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]

.

Contents of the 'Scheduled Tasks' folder

.

2010-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

.

2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:52]

.

2011-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 01:52]

.

------- Supplementary Scan -------

.

uStart Page = https://my.collinscollege.edu

mSearch Bar = hxxp://www.google.com/ie

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\New\Application Data\Mozilla\Firefox\Profiles\74buvyun.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-MVS - c:\program files\McAfee\Managed VirusScan\Agent\myinx

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-16 11:43

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

c:\windows\system32\autochk(10).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(11).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(13).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(3).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(4).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(5).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(6).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(7).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(8).exe:BAK 22528 bytes executable

c:\windows\system32\autochk(9).exe:BAK 22528 bytes executable

.

scan completed successfully

hidden files: 10

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]

"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

.

Completion time: 2011-07-16 11:44:47

ComboFix-quarantined-files.txt 2011-07-16 15:44

.

Pre-Run: 54,665,666,560 bytes free

Post-Run: 54,876,471,296 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 53ECD9551556E63A3464C2FFB3BEAFC3

Elise · July 16, 2011

Hi, how are things running at this point?

vc1260 · July 16, 2011

hello,

everything seems fine now. thank you so much for taking time out of your schedule to help people like me.

Elise · July 17, 2011

I'm glad to hear that!

Can you please rerun DDS and post me attach.txt?

vc1260 · July 17, 2011

DDS (Ver_2011-07-14.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/8/2008 2:51:48 PM

System Uptime: 7/17/2011 11:53:33 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0JM680

Processor: Intel Pentium III Xeon processor | Microprocessor | 2094/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 49.098 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® Wireless WiFi Link 4965AGN

Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11208086&REV_61\4&AB208E&0&00E1

Manufacturer: Intel Corporation

Name: Intel® Wireless WiFi Link 4965AGN

PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_11208086&REV_61\4&AB208E&0&00E1

Service: NETw4x32

.

==== System Restore Points ===================

.

RP98: 4/21/2011 4:39:14 PM - System Checkpoint

RP99: 4/24/2011 11:08:37 AM - Installed Windows XP -- Software Updates KB952011.

RP100: 4/26/2011 2:04:10 PM - System Checkpoint

RP101: 5/1/2011 2:57:51 PM - System Checkpoint

RP102: 5/3/2011 9:32:37 PM - System Checkpoint

RP103: 5/5/2011 5:02:28 PM - System Checkpoint

RP104: 5/7/2011 9:54:27 AM - System Checkpoint

RP105: 5/8/2011 11:55:04 PM - System Checkpoint

RP106: 5/10/2011 5:47:16 AM - System Checkpoint

RP107: 5/11/2011 5:49:42 AM - System Checkpoint

RP108: 5/12/2011 6:40:24 PM - System Checkpoint

RP109: 5/13/2011 6:45:21 PM - System Checkpoint

RP110: 5/15/2011 12:09:59 PM - System Checkpoint

RP111: 5/16/2011 8:06:39 PM - System Checkpoint

RP112: 5/17/2011 9:03:08 PM - System Checkpoint

RP113: 5/18/2011 9:26:23 PM - System Checkpoint

RP114: 5/22/2011 9:13:46 AM - System Checkpoint

RP115: 5/23/2011 10:22:08 PM - System Checkpoint

RP116: 5/31/2011 1:26:30 PM - System Checkpoint

RP117: 6/2/2011 11:41:59 AM - Removed Apple Application Support

RP118: 6/2/2011 11:49:20 AM - Removed Apple Mobile Device Support

RP119: 6/7/2011 12:56:32 PM - System Checkpoint

RP120: 6/9/2011 4:29:13 PM - System Checkpoint

RP121: 6/11/2011 11:09:34 AM - System Checkpoint

RP122: 6/22/2011 12:26:29 PM - Software Distribution Service 3.0

RP123: 6/23/2011 10:50:06 AM - Software Distribution Service 3.0

RP124: 6/28/2011 11:14:41 AM - System Checkpoint

RP125: 6/29/2011 5:03:04 PM - System Checkpoint

RP126: 7/1/2011 5:43:42 PM - System Checkpoint

RP127: 7/3/2011 1:55:53 PM - System Checkpoint

RP128: 7/4/2011 3:59:06 PM - Installed 98615 Thin-Profilel Keyboard

RP129: 7/5/2011 5:30:00 PM - System Checkpoint

RP130: 7/6/2011 5:57:26 PM - System Checkpoint

RP131: 7/8/2011 4:11:16 PM - System Checkpoint

RP132: 7/10/2011 7:24:39 PM - Removed AVG 2011

RP133: 7/10/2011 7:26:33 PM - Removed AVG 2011

RP134: 7/11/2011 10:21:28 PM - Restore Operation

RP135: 7/11/2011 10:28:59 PM - Software Distribution Service 3.0

RP136: 7/11/2011 10:30:25 PM - Installed Windows XP WgaNotify.

RP137: 7/12/2011 12:08:43 AM - Software Distribution Service 3.0

RP138: 7/12/2011 5:57:17 PM - Restore Operation

RP139: 7/14/2011 1:49:16 PM - Software Distribution Service 3.0

RP140: 7/16/2011 7:43:45 PM - new jul 2011

RP141: 7/16/2011 9:01:34 PM - Software Distribution Service 3.0

RP142: 7/16/2011 9:02:53 PM - Software Distribution Service 3.0

RP143: 7/16/2011 9:11:35 PM - Software Distribution Service 3.0

RP144: 7/16/2011 10:24:15 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Add or Remove Adobe Creative Suite 3 Production Premium

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe After Effects CS3 Template Projects & Footage

Adobe After Effects CS3 Third Party Content

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Audition 3.0

Adobe Audition Loopology Content

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Production Premium

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Encore CS3

Adobe Encore CS3 Codecs

Adobe Encore CS3 Library

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash CS3 Video Encoder

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Glyphlet Creation Tool CS3

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe OnLocation CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Premiere Pro CS3 Third Party Content

Adobe Reader 8.2.4

Adobe Setup

Adobe Shockwave Player

Adobe Soundbooth CS3

Adobe Soundbooth CS3 Codecs

Adobe Soundbooth CS3 Scores

Adobe Stock Photos CS3

Adobe Type Support

Adobe Ultra CS3

Adobe Ultra CS3 - MSL Legacy Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AGEIA PhysX v7.03.21

AHV content for Acrobat and Flash

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Avira AntiVir Personal - Free Antivirus

Bonjour

Conexant HDA D330 MDC V.92 Modem

Dell Touchpad

DivX Codec

DivX Converter

DivX Player

DivX Web Player

EA Download Manager

Empire Earth III

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

iTunes

Java 2 Runtime Environment Standard Edition v1.3.1_04

Java Auto Updater

Java 6 Update 20

Junk Mail filter update

LTYT MP3 Converter 1.1

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft WSE 3.0 Runtime

MobileMe Control Panel

Mozilla Firefox (3.6.18)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

NVIDIA Drivers

OpenOffice.org 3.2

PDF Settings

Pen Tablet

Picasa 3

PowerDVD

QuickTime

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler 3

Roxio Update Manager

Safari

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB982381)

Segoe UI

Sonic CinePlayer Decoder Pack

SpywareBlaster 4.4

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Create a Pattern Tool

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows XP Service Pack 3

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/14/2011 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

7/13/2011 2:14:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vmscsi

7/12/2011 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

7/12/2011 10:54:44 PM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.

7/12/2011 10:52:47 PM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.

7/12/2011 10:36:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .

7/12/2011 10:36:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\New\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .

7/12/2011 10:36:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

7/11/2011 8:01:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/11/2011 7:03:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

7/11/2011 5:58:05 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

7/11/2011 2:14:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm vmscsi

7/11/2011 10:46:43 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

7/11/2011 10:29:31 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

7/11/2011 1:04:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vmscsi

7/11/2011 1:04:32 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.

7/10/2011 6:56:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a320raid aac aarich adpu160m adpu320 aic78u2 aic78xx cercsr6 fasttx2k iaStor IntelIde megasas nvatabus nvraid Symmpi vmscsi

7/10/2011 6:52:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/10/2011 6:50:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

7/10/2011 6:43:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm vmscsi

7/10/2011 5:27:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/10/2011 4:16:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

7/10/2011 2:47:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vmscsi

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/10/2011 2:47:58 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Elise · July 17, 2011

Hi again,

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

Download the latest version of Adobe Reader Version X. and save it to your desktop.
Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
Click the download button at the bottom.
If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
Then from your desktop double-click on Adobe Reader to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the "Adobe Setup - Welcome" window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Download the latest version of Java Runtime Environment (JRE) Version 6.
Look for "JDK 6 Update 26 (JDK or JRE).
Click the "Download JRE" button at the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe
[*]Save it to your desktop
[*]Close any programs you may have running - especially your web browser.
[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
[*]Reboot your computer once all Java components are removed.
[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

vc1260 · July 18, 2011

below is the eset scan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP138\A0151910.exe Win32/Toolbar.Zugo application deleted - quarantined

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP139\A0159200.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined

Elise · July 18, 2011

That looks excellent, it only found something in system restore, which will be reset after the steps below.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
- Delete DDS

Please read these advices, in order to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

vc1260 · July 19, 2011

everything seems fine now. you may close the topic. thank you so much again!

Elise · July 19, 2011

You are most welcome!

I will request this topic to be closed.

LDTate · July 19, 2011

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

im stuck

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information