Jump to content

Virus Stops Malwarebytes after a few seconds


Recommended Posts

Hi guy(s). I have encountered a problem while running Malwarebytes. It stops after 15-20 seconds and I cannot rerun it, also the Malwarebytes icon gets replaced with a different icon. Here is what I get when I try to run it again. "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." (Note: I am the administrator on this PC)

I believe that the virus also prevents my CA Anti-virus program from running, when I try to scan my computer for a virus manually I also get the same access error message.

I found the following in the task manager process window: 2852952144:2942825301.exe. I believe that this is the virus but I cannot kill it. It is a child of a svchost. I have tried taskkill from the command line, it says it killed it, but it remains in the task manager process window. I have also noticed that this process is also running while in safe mode.

The operating system is Windows XP SP3.

It would be very kind if someone could help me. I thank you in advance.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thank you very much for your help.

I ran tdsskiller and here is the log:

15:07:44.0625 3228 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

15:07:46.0625 3228 ============================================================

15:07:46.0625 3228 Current date / time: 2011/10/29 15:07:46.0625

15:07:46.0625 3228 SystemInfo:

15:07:46.0625 3228

15:07:46.0625 3228 OS Version: 5.1.2600 ServicePack: 3.0

15:07:46.0625 3228 Product type: Workstation

15:07:46.0625 3228 ComputerName: JWALMY

15:07:46.0625 3228 UserName: John Almy

15:07:46.0625 3228 Windows directory: C:\WINDOWS

15:07:46.0625 3228 System windows directory: C:\WINDOWS

15:07:46.0625 3228 Processor architecture: Intel x86

15:07:46.0625 3228 Number of processors: 2

15:07:46.0625 3228 Page size: 0x1000

15:07:46.0625 3228 Boot type: Normal boot

15:07:46.0625 3228 ============================================================

15:07:48.0828 3228 Initialize success

15:08:22.0765 2420 ============================================================

15:08:22.0765 2420 Scan started

15:08:22.0765 2420 Mode: Manual;

15:08:22.0765 2420 ============================================================

15:08:26.0500 2420 50980caa (6e1af4d48052cb75827db9a02a141c33) C:\WINDOWS\2852952144:2942825301.exe

15:08:29.0078 2420 Suspicious file (Hidden): C:\WINDOWS\2852952144:2942825301.exe. md5: 6e1af4d48052cb75827db9a02a141c33

15:08:29.0078 2420 50980caa ( Rootkit.Win32.PMax.gen ) - infected

15:08:29.0078 2420 50980caa - detected Rootkit.Win32.PMax.gen (0)

15:08:29.0171 2420 Abiosdsk - ok

15:08:29.0281 2420 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

15:08:29.0296 2420 abp480n5 - ok

15:08:29.0390 2420 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:08:29.0406 2420 ACPI - ok

15:08:29.0515 2420 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:08:29.0531 2420 ACPIEC - ok

15:08:29.0562 2420 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

15:08:29.0578 2420 adpu160m - ok

15:08:29.0640 2420 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

15:08:29.0640 2420 aeaudio - ok

15:08:29.0687 2420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:08:29.0703 2420 aec - ok

15:08:29.0734 2420 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys

15:08:29.0750 2420 Afc - ok

15:08:29.0812 2420 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

15:08:29.0843 2420 AFD - ok

15:08:29.0906 2420 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

15:08:29.0921 2420 AFS2K - ok

15:08:29.0968 2420 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys

15:08:29.0984 2420 agp440 - ok

15:08:30.0031 2420 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

15:08:30.0046 2420 agpCPQ - ok

15:08:30.0093 2420 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

15:08:30.0109 2420 Aha154x - ok

15:08:30.0171 2420 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

15:08:30.0187 2420 aic78u2 - ok

15:08:30.0250 2420 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

15:08:30.0265 2420 aic78xx - ok

15:08:30.0343 2420 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

15:08:30.0343 2420 AliIde - ok

15:08:30.0421 2420 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

15:08:30.0437 2420 alim1541 - ok

15:08:30.0500 2420 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

15:08:30.0515 2420 amdagp - ok

15:08:30.0578 2420 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

15:08:30.0578 2420 amsint - ok

15:08:30.0656 2420 AnyDVD (919e64781860b56effa6a9f6444414ac) C:\WINDOWS\system32\Drivers\AnyDVD.sys

15:08:30.0671 2420 AnyDVD - ok

15:08:30.0734 2420 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

15:08:30.0750 2420 asc - ok

15:08:30.0812 2420 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

15:08:30.0828 2420 asc3350p - ok

15:08:30.0890 2420 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

15:08:30.0906 2420 asc3550 - ok

15:08:31.0000 2420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:08:31.0015 2420 AsyncMac - ok

15:08:31.0046 2420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:08:31.0062 2420 atapi - ok

15:08:31.0093 2420 Atdisk - ok

15:08:31.0187 2420 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:08:31.0250 2420 ati2mtag - ok

15:08:31.0343 2420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:08:31.0359 2420 Atmarpc - ok

15:08:31.0437 2420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:08:31.0453 2420 audstub - ok

15:08:31.0515 2420 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys

15:08:31.0515 2420 awlegacy - ok

15:08:31.0562 2420 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys

15:08:31.0562 2420 AW_HOST - ok

15:08:31.0609 2420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:08:31.0609 2420 Beep - ok

15:08:31.0656 2420 bvrp_pci - ok

15:08:31.0718 2420 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

15:08:31.0718 2420 cbidf - ok

15:08:31.0765 2420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:08:31.0765 2420 cbidf2k - ok

15:08:31.0828 2420 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

15:08:31.0843 2420 cd20xrnt - ok

15:08:31.0890 2420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:08:31.0906 2420 Cdaudio - ok

15:08:31.0953 2420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:08:31.0984 2420 Cdfs - ok

15:08:32.0031 2420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:08:32.0031 2420 Cdrom - ok

15:08:32.0062 2420 Changer - ok

15:08:32.0125 2420 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

15:08:32.0140 2420 CmdIde - ok

15:08:32.0218 2420 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

15:08:32.0234 2420 Cpqarray - ok

15:08:32.0312 2420 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

15:08:32.0328 2420 CVirtA - ok

15:08:32.0390 2420 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

15:08:32.0406 2420 CVPNDRVA - ok

15:08:32.0468 2420 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

15:08:32.0500 2420 dac2w2k - ok

15:08:32.0562 2420 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

15:08:32.0578 2420 dac960nt - ok

15:08:32.0640 2420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:08:32.0656 2420 Disk - ok

15:08:32.0734 2420 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:08:32.0796 2420 dmboot - ok

15:08:32.0875 2420 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:08:32.0890 2420 dmio - ok

15:08:32.0953 2420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:08:32.0968 2420 dmload - ok

15:08:33.0015 2420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:08:33.0031 2420 DMusic - ok

15:08:33.0093 2420 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

15:08:33.0109 2420 DNE - ok

15:08:33.0171 2420 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

15:08:33.0187 2420 dpti2o - ok

15:08:33.0296 2420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:08:33.0312 2420 drmkaud - ok

15:08:33.0375 2420 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys

15:08:33.0390 2420 drvmcdb - ok

15:08:33.0421 2420 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys

15:08:33.0437 2420 drvnddm - ok

15:08:33.0500 2420 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys

15:08:33.0500 2420 dsNcAdpt - ok

15:08:33.0656 2420 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

15:08:33.0671 2420 DSproct - ok

15:08:33.0750 2420 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

15:08:33.0765 2420 dsunidrv - ok

15:08:33.0828 2420 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:08:33.0843 2420 E100B - ok

15:08:33.0906 2420 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

15:08:33.0921 2420 EL90XBC - ok

15:08:33.0984 2420 ElbyCDIO (aaa8999a169e39fb8b48ae49cd6ac30a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

15:08:34.0000 2420 ElbyCDIO - ok

15:08:34.0046 2420 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys

15:08:34.0062 2420 ElbyDelay - ok

15:08:34.0140 2420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:08:34.0140 2420 Fastfat - ok

15:08:34.0250 2420 FastPara (8ba0981546b7a78e4730bbaa2127b10f) C:\WINDOWS\system32\drivers\FastPara.sys

15:08:34.0265 2420 FastPara - ok

15:08:34.0328 2420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:08:34.0343 2420 Fdc - ok

15:08:34.0390 2420 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:08:34.0406 2420 Fips - ok

15:08:34.0468 2420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:08:34.0468 2420 Flpydisk - ok

15:08:34.0546 2420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:08:34.0562 2420 FltMgr - ok

15:08:34.0640 2420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:08:34.0656 2420 Fs_Rec - ok

15:08:34.0703 2420 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys

15:08:34.0718 2420 FTDIBUS - ok

15:08:34.0781 2420 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:08:34.0796 2420 Ftdisk - ok

15:08:34.0890 2420 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys

15:08:34.0906 2420 FTSER2K - ok

15:08:34.0968 2420 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

15:08:34.0984 2420 GEARAspiWDM - ok

15:08:35.0046 2420 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys

15:08:35.0062 2420 Gernuwa - ok

15:08:35.0140 2420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:08:35.0171 2420 Gpc - ok

15:08:35.0296 2420 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:08:35.0312 2420 HidUsb - ok

15:08:35.0359 2420 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

15:08:35.0375 2420 hpn - ok

15:08:35.0437 2420 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

15:08:35.0453 2420 HSFHWBS2 - ok

15:08:35.0531 2420 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

15:08:35.0609 2420 HSF_DP - ok

15:08:35.0671 2420 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:08:35.0687 2420 HTTP - ok

15:08:35.0765 2420 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

15:08:35.0765 2420 i2omgmt - ok

15:08:35.0828 2420 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

15:08:35.0843 2420 i2omp - ok

15:08:35.0906 2420 i8042prt (249cba3bfb55c00e704b72513e193013) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:08:35.0906 2420 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 249cba3bfb55c00e704b72513e193013, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30

15:08:35.0921 2420 i8042prt ( Rootkit.Win32.ZAccess.j ) - infected

15:08:35.0921 2420 i8042prt - detected Rootkit.Win32.ZAccess.j (0)

15:08:36.0000 2420 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

15:08:36.0015 2420 i81x - ok

15:08:36.0093 2420 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

15:08:36.0109 2420 iAimFP0 - ok

15:08:36.0171 2420 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

15:08:36.0187 2420 iAimFP1 - ok

15:08:36.0265 2420 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

15:08:36.0281 2420 iAimFP2 - ok

15:08:36.0359 2420 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

15:08:36.0375 2420 iAimFP3 - ok

15:08:36.0437 2420 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

15:08:36.0453 2420 iAimFP4 - ok

15:08:36.0500 2420 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

15:08:36.0515 2420 iAimTV0 - ok

15:08:36.0578 2420 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

15:08:36.0593 2420 iAimTV1 - ok

15:08:36.0640 2420 iAimTV2 - ok

15:08:36.0687 2420 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

15:08:36.0703 2420 iAimTV3 - ok

15:08:36.0734 2420 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

15:08:36.0765 2420 iAimTV4 - ok

15:08:36.0843 2420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:08:36.0843 2420 Imapi - ok

15:08:36.0921 2420 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

15:08:36.0937 2420 ini910u - ok

15:08:37.0015 2420 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

15:08:37.0015 2420 IntelIde - ok

15:08:37.0078 2420 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:08:37.0093 2420 intelppm - ok

15:08:37.0156 2420 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:08:37.0171 2420 ip6fw - ok

15:08:37.0250 2420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:08:37.0250 2420 IpFilterDriver - ok

15:08:37.0343 2420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:08:37.0359 2420 IpInIp - ok

15:08:37.0421 2420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:08:37.0437 2420 IpNat - ok

15:08:37.0484 2420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:08:37.0500 2420 IPSec - ok

15:08:37.0546 2420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:08:37.0562 2420 IRENUM - ok

15:08:37.0625 2420 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:08:37.0640 2420 isapnp - ok

15:08:37.0687 2420 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:08:37.0687 2420 Kbdclass - ok

15:08:37.0734 2420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:08:37.0750 2420 kmixer - ok

15:08:37.0796 2420 KmxAgent (f4ffca2de8290de6118583bf74962243) C:\WINDOWS\system32\DRIVERS\kmxagent.sys

15:08:37.0812 2420 KmxAgent - ok

15:08:37.0859 2420 KmxCF (9cb6ae1a28c0a5b70afc208f068bc24f) C:\WINDOWS\system32\DRIVERS\KmxCF.sys

15:08:37.0875 2420 KmxCF - ok

15:08:37.0937 2420 KmxCfg (df0de1110162e761a7f60c392ad177dd) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys

15:08:37.0953 2420 KmxCfg - ok

15:08:37.0984 2420 KmxFile (28c7643d33ed066622e93260f818adfd) C:\WINDOWS\system32\DRIVERS\KmxFile.sys

15:08:38.0000 2420 KmxFile - ok

15:08:38.0046 2420 KmxFw (6db409366cb3325a67a01308ce23ae1a) C:\WINDOWS\system32\DRIVERS\kmxfw.sys

15:08:38.0062 2420 KmxFw - ok

15:08:38.0109 2420 KmxSbx (2df089f8594ae18d5c1a1bfbdd967eab) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys

15:08:38.0125 2420 KmxSbx - ok

15:08:38.0218 2420 KmxStart (f68a8118c1e26967533cc06206154784) C:\WINDOWS\system32\DRIVERS\kmxstart.sys

15:08:38.0234 2420 KmxStart - ok

15:08:38.0328 2420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:08:38.0375 2420 KSecDD - ok

15:08:38.0453 2420 lbrtfdc - ok

15:08:38.0562 2420 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

15:08:38.0578 2420 mdmxsdk - ok

15:08:38.0687 2420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:08:38.0687 2420 mnmdd - ok

15:08:38.0796 2420 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:08:38.0812 2420 Modem - ok

15:08:38.0843 2420 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

15:08:38.0859 2420 MODEMCSA - ok

15:08:38.0890 2420 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:08:38.0906 2420 Mouclass - ok

15:08:38.0968 2420 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:08:38.0984 2420 mouhid - ok

15:08:39.0015 2420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:08:39.0031 2420 MountMgr - ok

15:08:39.0109 2420 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

15:08:39.0125 2420 mraid35x - ok

15:08:39.0171 2420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:08:39.0218 2420 MRxDAV - ok

15:08:39.0343 2420 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:08:39.0375 2420 MRxSmb - ok

15:08:39.0453 2420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:08:39.0468 2420 Msfs - ok

15:08:39.0531 2420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:08:39.0546 2420 MSKSSRV - ok

15:08:39.0609 2420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:08:39.0625 2420 MSPCLOCK - ok

15:08:39.0687 2420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:08:39.0703 2420 MSPQM - ok

15:08:39.0765 2420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:08:39.0765 2420 mssmbios - ok

15:08:39.0843 2420 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:08:39.0875 2420 Mup - ok

15:08:39.0921 2420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:08:39.0937 2420 NDIS - ok

15:08:40.0000 2420 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:08:40.0015 2420 NdisTapi - ok

15:08:40.0046 2420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:08:40.0062 2420 Ndisuio - ok

15:08:40.0109 2420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:08:40.0125 2420 NdisWan - ok

15:08:40.0171 2420 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:08:40.0187 2420 NDProxy - ok

15:08:40.0265 2420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:08:40.0281 2420 NetBIOS - ok

15:08:40.0359 2420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:08:40.0375 2420 NetBT - ok

15:08:40.0437 2420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:08:40.0453 2420 Npfs - ok

15:08:40.0515 2420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:08:40.0593 2420 Ntfs - ok

15:08:40.0671 2420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:08:40.0671 2420 Null - ok

15:08:40.0890 2420 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:08:41.0093 2420 nv - ok

15:08:41.0156 2420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:08:41.0171 2420 NwlnkFlt - ok

15:08:41.0234 2420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:08:41.0234 2420 NwlnkFwd - ok

15:08:41.0312 2420 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

15:08:41.0328 2420 omci - ok

15:08:41.0406 2420 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

15:08:41.0421 2420 P3 - ok

15:08:41.0468 2420 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:08:41.0484 2420 Parport - ok

15:08:41.0531 2420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:08:41.0562 2420 PartMgr - ok

15:08:41.0609 2420 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:08:41.0625 2420 ParVdm - ok

15:08:41.0671 2420 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:08:41.0703 2420 PCI - ok

15:08:41.0734 2420 PCIDump - ok

15:08:41.0796 2420 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:08:41.0828 2420 PCIIde - ok

15:08:41.0890 2420 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:08:41.0921 2420 Pcmcia - ok

15:08:41.0984 2420 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys

15:08:42.0000 2420 Pcouffin - ok

15:08:42.0046 2420 PDCOMP - ok

15:08:42.0078 2420 PDFRAME - ok

15:08:42.0109 2420 PDRELI - ok

15:08:42.0140 2420 PDRFRAME - ok

15:08:42.0187 2420 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

15:08:42.0203 2420 perc2 - ok

15:08:42.0312 2420 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

15:08:42.0312 2420 perc2hib - ok

15:08:42.0421 2420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:08:42.0437 2420 PptpMiniport - ok

15:08:42.0468 2420 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:08:42.0484 2420 Processor - ok

15:08:42.0531 2420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:08:42.0546 2420 PSched - ok

15:08:42.0609 2420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:08:42.0609 2420 Ptilink - ok

15:08:42.0671 2420 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

15:08:42.0687 2420 PxHelp20 - ok

15:08:42.0734 2420 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

15:08:42.0750 2420 ql1080 - ok

15:08:42.0796 2420 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

15:08:42.0812 2420 Ql10wnt - ok

15:08:42.0890 2420 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

15:08:42.0906 2420 ql12160 - ok

15:08:42.0953 2420 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

15:08:42.0984 2420 ql1240 - ok

15:08:43.0031 2420 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

15:08:43.0046 2420 ql1280 - ok

15:08:43.0078 2420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:08:43.0093 2420 RasAcd - ok

15:08:43.0156 2420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:08:43.0171 2420 Rasl2tp - ok

15:08:43.0250 2420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:08:43.0265 2420 RasPppoe - ok

15:08:43.0328 2420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:08:43.0328 2420 Raspti - ok

15:08:43.0375 2420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:08:43.0390 2420 Rdbss - ok

15:08:43.0421 2420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:08:43.0437 2420 RDPCDD - ok

15:08:43.0484 2420 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:08:43.0515 2420 rdpdr - ok

15:08:43.0640 2420 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

15:08:43.0687 2420 RDPWD - ok

15:08:43.0734 2420 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:08:43.0750 2420 redbook - ok

15:08:43.0843 2420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:08:43.0859 2420 Secdrv - ok

15:08:43.0921 2420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:08:43.0937 2420 serenum - ok

15:08:43.0968 2420 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:08:44.0000 2420 Serial - ok

15:08:44.0046 2420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:08:44.0062 2420 Sfloppy - ok

15:08:44.0109 2420 Simbad - ok

15:08:44.0171 2420 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

15:08:44.0187 2420 sisagp - ok

15:08:44.0312 2420 smwdm (39f9595d2f6f7eb93f45a466789a6f49) C:\WINDOWS\system32\drivers\smwdm.sys

15:08:44.0437 2420 smwdm - ok

15:08:44.0546 2420 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

15:08:44.0562 2420 SONYPVU1 - ok

15:08:44.0640 2420 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

15:08:44.0656 2420 Sparrow - ok

15:08:44.0703 2420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:08:44.0718 2420 splitter - ok

15:08:44.0796 2420 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:08:44.0843 2420 sr - ok

15:08:44.0906 2420 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:08:44.0953 2420 Srv - ok

15:08:45.0015 2420 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys

15:08:45.0046 2420 sscdbhk5 - ok

15:08:45.0125 2420 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys

15:08:45.0171 2420 ssrtln - ok

15:08:45.0281 2420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:08:45.0296 2420 swenum - ok

15:08:45.0375 2420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:08:45.0375 2420 swmidi - ok

15:08:45.0453 2420 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

15:08:45.0468 2420 symc810 - ok

15:08:45.0531 2420 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

15:08:45.0546 2420 symc8xx - ok

15:08:45.0671 2420 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

15:08:45.0687 2420 SymEvent - ok

15:08:45.0750 2420 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

15:08:45.0765 2420 sym_hi - ok

15:08:45.0828 2420 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

15:08:45.0843 2420 sym_u3 - ok

15:08:45.0906 2420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:08:45.0921 2420 sysaudio - ok

15:08:46.0015 2420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:08:46.0031 2420 Tcpip - ok

15:08:46.0093 2420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:08:46.0109 2420 TDPIPE - ok

15:08:46.0187 2420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:08:46.0203 2420 TDTCP - ok

15:08:46.0265 2420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:08:46.0281 2420 TermDD - ok

15:08:46.0421 2420 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys

15:08:46.0437 2420 tfsnboio - ok

15:08:46.0500 2420 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys

15:08:46.0515 2420 tfsncofs - ok

15:08:46.0578 2420 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys

15:08:46.0593 2420 tfsndrct - ok

15:08:46.0671 2420 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys

15:08:46.0671 2420 tfsndres - ok

15:08:46.0750 2420 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys

15:08:46.0765 2420 tfsnifs - ok

15:08:46.0828 2420 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys

15:08:46.0843 2420 tfsnopio - ok

15:08:46.0890 2420 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys

15:08:46.0921 2420 tfsnpool - ok

15:08:46.0953 2420 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys

15:08:46.0968 2420 tfsnudf - ok

15:08:47.0015 2420 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys

15:08:47.0015 2420 tfsnudfa - ok

15:08:47.0093 2420 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

15:08:47.0109 2420 TosIde - ok

15:08:47.0187 2420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:08:47.0203 2420 Udfs - ok

15:08:47.0281 2420 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

15:08:47.0296 2420 ultra - ok

15:08:47.0421 2420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:08:47.0453 2420 Update - ok

15:08:47.0515 2420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:08:47.0531 2420 usbccgp - ok

15:08:47.0593 2420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:08:47.0609 2420 usbehci - ok

15:08:47.0656 2420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:08:47.0671 2420 usbhub - ok

15:08:47.0718 2420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:08:47.0734 2420 usbprint - ok

15:08:47.0781 2420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:08:47.0796 2420 usbscan - ok

15:08:47.0828 2420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:08:47.0843 2420 USBSTOR - ok

15:08:47.0890 2420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:08:47.0906 2420 usbuhci - ok

15:08:47.0953 2420 VET-FILT (daadb622164e93376b31598c053a9e87) C:\WINDOWS\system32\drivers\VET-FILT.sys

15:08:47.0968 2420 VET-FILT - ok

15:08:48.0015 2420 VET-REC (66747d67066e29b24363d5537b93d294) C:\WINDOWS\system32\drivers\VET-REC.sys

15:08:48.0031 2420 VET-REC - ok

15:08:48.0093 2420 VETEBOOT (c079f80582c31728029f3efcdfeaf221) C:\WINDOWS\system32\drivers\VETEBOOT.sys

15:08:48.0125 2420 VETEBOOT - ok

15:08:48.0203 2420 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys

15:08:48.0218 2420 VETEFILE - ok

15:08:48.0296 2420 VETFDDNT (10545ed2f206c922eb02e522b1a3fa75) C:\WINDOWS\system32\drivers\VETFDDNT.sys

15:08:48.0328 2420 VETFDDNT - ok

15:08:48.0375 2420 VETMONNT (77ef6a724334313b808fb6fe36b57be6) C:\WINDOWS\system32\drivers\VETMONNT.sys

15:08:48.0390 2420 VETMONNT - ok

15:08:48.0453 2420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:08:48.0468 2420 VgaSave - ok

15:08:48.0562 2420 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

15:08:48.0578 2420 viaagp - ok

15:08:48.0671 2420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

15:08:48.0687 2420 ViaIde - ok

15:08:48.0750 2420 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:08:48.0765 2420 VolSnap - ok

15:08:48.0843 2420 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

15:08:48.0890 2420 vsdatant - ok

15:08:48.0937 2420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:08:48.0953 2420 Wanarp - ok

15:08:49.0015 2420 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

15:08:49.0031 2420 wanatw - ok

15:08:49.0078 2420 WDICA - ok

15:08:49.0125 2420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:08:49.0156 2420 wdmaud - ok

15:08:49.0296 2420 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

15:08:49.0375 2420 winachsf - ok

15:08:49.0500 2420 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:08:49.0531 2420 WpdUsb - ok

15:08:49.0609 2420 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:08:49.0609 2420 WS2IFSL - ok

15:08:49.0671 2420 WSUSBDMAN (109fa8757d46cb7c4d510c6c451e594d) C:\WINDOWS\system32\DRIVERS\WSUSBDMAN.sys

15:08:49.0687 2420 WSUSBDMAN - ok

15:08:49.0765 2420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:08:49.0781 2420 WudfPf - ok

15:08:49.0828 2420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:08:49.0843 2420 WudfRd - ok

15:08:49.0921 2420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:08:50.0062 2420 \Device\Harddisk0\DR0 - ok

15:08:50.0078 2420 Boot (0x1200) (2b932fa50b8f5d09d0834a8dc1e55341) \Device\Harddisk0\DR0\Partition0

15:08:50.0078 2420 \Device\Harddisk0\DR0\Partition0 - ok

15:08:50.0078 2420 ============================================================

15:08:50.0078 2420 Scan finished

15:08:50.0078 2420 ============================================================

15:08:50.0109 0268 Detected object count: 2

15:08:50.0109 0268 Actual detected object count: 2

15:09:49.0484 0268 HKLM\SYSTEM\ControlSet001\services\50980caa - will be deleted on reboot

15:09:49.0484 0268 HKLM\SYSTEM\ControlSet003\services\50980caa - will be deleted on reboot

15:09:49.0484 0268 C:\WINDOWS\2852952144:2942825301.exe - will be deleted on reboot

15:09:49.0484 0268 50980caa ( Rootkit.Win32.PMax.gen ) - User select action: Delete

15:09:52.0250 0268 Backup copy found, using it..

15:09:52.0265 0268 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot

15:09:52.0265 0268 i8042prt ( Rootkit.Win32.ZAccess.j ) - User select action: Cure

15:10:06.0187 2768 Deinitialize success

After reboot I ran mbam.exe and here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8042

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/29/2011 3:50:44 PM

mbam-log-2011-10-29 (15-50-26).txt

Scan type: Quick scan

Objects scanned: 294667

Time elapsed: 27 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> No action taken.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\jackie almy\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> No action taken.

c:\documents and settings\john almy\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.

I did not know if I should click the button to remove these items, so I exited and stoped here. I have not yet run combofix. I didn't want to procede until I heard back from you on whether I should remove these items or not.

Thank you again.

Link to post
Share on other sites

Did you see my instructions for running ComboFix??

Yes, I saw your instructions for running ComboFix but I did not run it yet because I had a question for you which I put in my previous post. I did not know if I should click the button to remove the infected items detected by mbam, so I exited and stoped there. I have not yet run combofix. I didn't want to procede until I heard back from you on whether I should remove those items or not.

Link to post
Share on other sites

****SEE ERROR MESSAGE BELOW I RECEIVED WHEN RUNING COMBOFIX*****

ComboFix cannot run when CA Anti-Virus is installed.

It would be dangerous to continue.

Please uninstall CA Anti-Virus or use another tool

I did follow the instructions to disable CA Personal FireWall and set CA Anti-Virus in a 999 minute snooze per instuctions. Is there another tool? Should I uninstall CA Secutiy Center? Does my infection look bad?

My Latest mbam log where I did reply to remove the files as you suggested:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8120

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/8/2011 6:37:34 PM

mbam-log-2011-11-08 (18-37-34).txt

Scan type: Quick scan

Objects scanned: 295580

Time elapsed: 30 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\jackie almy\start menu\Programs\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.

c:\documents and settings\john almy\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

Thank you for your help and patience.

Link to post
Share on other sites

Hello,

I uninstalled CA internet security suite and got the following message when running combofix:

Version_11_11_08.02

Current date is 2011-11-16 ComboFix has expired

Click 'Yes' to run in Reduced Functionality mode

Click 'No' to exit

I chose no and exited.

When CA was uninstalled I got the security shield with message "Your computer might be at risk":

No firewall is turned on

Antivirus software might not be installed

Not sure how you want me to handle this plus in addition I now have Local Area Connection error:

"this connection has limited or no connectivity. You might not be able to access the Internet or some network resources. for more information, click this message."

I thought I would download a newer version of combofix but the internet connection doesn't work now.

So...I tried to enable the windows firewall and got message "Could not start windows firewall/internet connection sharing (ICS) service on local computer.

Error 10047: an address incompatible with the requested protocol was used.

Do you know how to fix internet connection? What would you like me to do now?

Should I reinstall CA firewall to see it that fixes the internet connection?

Also if i try to repair the internet connection i get message "Windows could not finish repairing the problem because the following action cannot be completed:

Renew IP address

Link to post
Share on other sites

Hello,

Here is the ComboFix log the run produced:

ComboFix 11-11-27.02 - John Almy 11/27/2011 13:59:00.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1911 [GMT -5:00]

Running from: c:\documents and settings\John Almy\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\addons\SDKAddonVer.dll

c:\documents and settings\All Users\Application Data\Microsoft\corecon\1.0\SDKFilesVer.dll

c:\documents and settings\John Almy\Application Data\Adobe\plugs

c:\documents and settings\John Almy\Application Data\Adobe\shed

c:\documents and settings\John Almy\WINDOWS

c:\documents and settings\Nicholas Almy\My Documents\~WRL1265.tmp

c:\documents and settings\Nicholas Almy\My Documents\~WRL1969.tmp

C:\Thumbs.db

c:\windows\$NtUninstallKB41933$

c:\windows\$NtUninstallKB41933$\1177792147

c:\windows\$NtUninstallKB41933$\1352141994\@

c:\windows\$NtUninstallKB41933$\1352141994\bckfg.tmp

c:\windows\$NtUninstallKB41933$\1352141994\cfg.ini

c:\windows\$NtUninstallKB41933$\1352141994\Desktop.ini

c:\windows\$NtUninstallKB41933$\1352141994\keywords

c:\windows\$NtUninstallKB41933$\1352141994\kwrd.dll

c:\windows\$NtUninstallKB41933$\1352141994\L\asobptkf

c:\windows\$NtUninstallKB41933$\1352141994\U\00000001.@

c:\windows\$NtUninstallKB41933$\1352141994\U\00000002.@

c:\windows\$NtUninstallKB41933$\1352141994\U\80000000.@

c:\windows\$NtUninstallKB41933$\1352141994\U\80000032.@

c:\windows\dasetup.log

c:\windows\system32\html

c:\windows\system32\html\calendar.html

c:\windows\system32\html\calendarbottom.html

c:\windows\system32\html\calendartop.html

c:\windows\system32\html\crystalexportdialog.htm

c:\windows\system32\html\crystalprinthost.html

c:\windows\system32\images

c:\windows\system32\images\toolbar\calendar.gif

c:\windows\system32\images\toolbar\crlogo.gif

c:\windows\system32\images\toolbar\export.gif

c:\windows\system32\images\toolbar\export_over.gif

c:\windows\system32\images\toolbar\exportd.gif

c:\windows\system32\images\toolbar\First.gif

c:\windows\system32\images\toolbar\first_over.gif

c:\windows\system32\images\toolbar\Firstd.gif

c:\windows\system32\images\toolbar\gotopage.gif

c:\windows\system32\images\toolbar\gotopage_over.gif

c:\windows\system32\images\toolbar\gotopaged.gif

c:\windows\system32\images\toolbar\grouptree.gif

c:\windows\system32\images\toolbar\grouptree_over.gif

c:\windows\system32\images\toolbar\grouptreed.gif

c:\windows\system32\images\toolbar\grouptreepressed.gif

c:\windows\system32\images\toolbar\Last.gif

c:\windows\system32\images\toolbar\last_over.gif

c:\windows\system32\images\toolbar\Lastd.gif

c:\windows\system32\images\toolbar\Next.gif

c:\windows\system32\images\toolbar\next_over.gif

c:\windows\system32\images\toolbar\Nextd.gif

c:\windows\system32\images\toolbar\Prev.gif

c:\windows\system32\images\toolbar\prev_over.gif

c:\windows\system32\images\toolbar\Prevd.gif

c:\windows\system32\images\toolbar\print.gif

c:\windows\system32\images\toolbar\print_over.gif

c:\windows\system32\images\toolbar\printd.gif

c:\windows\system32\images\toolbar\Refresh.gif

c:\windows\system32\images\toolbar\refresh_over.gif

c:\windows\system32\images\toolbar\refreshd.gif

c:\windows\system32\images\toolbar\Search.gif

c:\windows\system32\images\toolbar\search_over.gif

c:\windows\system32\images\toolbar\searchd.gif

c:\windows\system32\images\toolbar\up.gif

c:\windows\system32\images\toolbar\up_over.gif

c:\windows\system32\images\toolbar\upd.gif

c:\windows\system32\images\tree\begindots.gif

c:\windows\system32\images\tree\beginminus.gif

c:\windows\system32\images\tree\beginplus.gif

c:\windows\system32\images\tree\blank.gif

c:\windows\system32\images\tree\blankdots.gif

c:\windows\system32\images\tree\dots.gif

c:\windows\system32\images\tree\lastdots.gif

c:\windows\system32\images\tree\lastminus.gif

c:\windows\system32\images\tree\lastplus.gif

c:\windows\system32\images\tree\Magnify.gif

c:\windows\system32\images\tree\minus.gif

c:\windows\system32\images\tree\minusbox.gif

c:\windows\system32\images\tree\plus.gif

c:\windows\system32\images\tree\plusbox.gif

c:\windows\system32\images\tree\singleminus.gif

c:\windows\system32\images\tree\singleplus.gif

c:\windows\TSOC.LOG

.

.

((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))

.

.

2011-10-29 19:19 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-29 19:10 . 2002-08-29 11:00 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-14 23:06 . 2011-05-15 22:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12 . 2004-04-03 03:32 599040 ----a-w- c:\windows\system32\crypt32.dll

2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2004-12-10 1597440]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-26 49968]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]

.

c:\documents and settings\John Almy\Start Menu\Programs\Startup\

AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]

PowerReg Scheduler V3.exe [2005-3-2 225280]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-4-2 36953]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-4-2 24576]

Microsoft Office.lnk - c:\microsoft office\Office\OSA9.EXE [2000-1-21 65588]

VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2009-1-29 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2003-10-31 15:01 8704 ------w- c:\windows\SYSTEM32\PCANotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest wsauth

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\pcAnywhere\\awhost32.exe"=

"c:\\pcAnywhere\\awrem32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\AOL Instant Messenger\\AIM\\aim.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Netscape\\Netscape\\Netscp.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Documents and Settings\\Kristen Almy\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\iTunes\\iTunes.exe"=

"c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

.

R2 FastPara;FastPara;c:\windows\SYSTEM32\DRIVERS\fastpara.sys [4/18/2004 4:54 PM 35008]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [11/26/2010 11:55 PM 398176]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/27/2007 4:14 PM 24652]

R2 wsnm;VMware View Client Service;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2/10/2010 11:54 AM 151552]

R3 Pcouffin;Low level access layer for CD devices;c:\windows\SYSTEM32\DRIVERS\Pcouffin.sys [4/20/2004 11:29 PM 33376]

R3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\SYSTEM32\DRIVERS\WSUSBDMAN.sys [2/10/2010 11:48 AM 26928]

S2 EPCRMON;EPCRMON;c:\program files\epson\epcrmon\epcrsvc.exe [6/21/2008 4:44 PM 173360]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

S3 PPCtlPriv;PPCtlPriv;"c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" --> c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

.

2011-11-17 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-04-03 17:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 192.168.1.1

DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://epson.synovate.com/epson/setup.ocx

FF - ProfilePath - c:\documents and settings\John Almy\Application Data\Mozilla\Firefox\Profiles\v4xqr8wv.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

SafeBoot-17317341.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-27 14:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(952)

c:\windows\system32\wsauth.dll

.

- - - - - - - > 'lsass.exe'(1008)

c:\windows\system32\wsauth.dll

.

- - - - - - - > 'explorer.exe'(2136)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\progra~1\COMMON~1\AOL\ACS\acsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\EPSON\epcrmon\epcrmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\windows\wanmpsvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\AIM6\aolsoftware.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\Seagate\AutoBackup\MemeoBackup.exe

.

**************************************************************************

.

Completion time: 2011-11-27 14:32:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-27 19:31

.

Pre-Run: 6,175,805,440 bytes free

Post-Run: 7,874,277,376 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - CEB934A55429301BA4CE0B1B1210E998

Let me know what you would like me to do next. Again, thank you.

Link to post
Share on other sites

Hello again,

After looking over instructions again, I see I forgot to post DDS.txt file so here it is:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by John Almy at 14:46:12 on 2011-11-27

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1765 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\EPSON\epcrmon\epcrmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\America Online 9.0\aoltray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.rr.com/

uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\hypernet\hypernet\PBHelper.dll

BHO: IEProxyHelperObj Class: {43df16fd-d9ed-4c9e-b14a-f3236a12c649} - c:\musicnow\IEProxyHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"

uRun: [Weather] c:\progra~1\aws\weathe~1\Weather.exe 1

uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

StartupFolder: c:\docume~1\johnal~1\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe

StartupFolder: c:\documents and settings\john almy\start menu\programs\startup\PowerReg Scheduler V3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\aol instant messenger\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://epson.synovate.com/epson/setup.ocx

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {DBDC1CDA-B64B-49F7-9535-6317AA416E51} - hxxps://bingvdi.binghamton.edu/downloads/VMware-viewclient.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{253E9ECE-61A0-43AF-818E-3C8478E52E67} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: PCANotify - PCANotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\john almy\application data\mozilla\firefox\profiles\v4xqr8wv.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984]

R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901]

R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [2004-4-18 35008]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-26 398176]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-9-27 24652]

R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

R2 wsnm;VMware View Client Service;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2010-2-10 151552]

R3 WSUSBDMAN;VMware View Virtual Client USB Manager;c:\windows\system32\drivers\WSUSBDMAN.sys [2010-2-10 26928]

S2 EPCRMON;EPCRMON;c:\program files\epson\epcrmon\epcrsvc.exe [2008-6-21 173360]

S3 awhost32;pcAnywhere Host Service;c:\pcanywhere\awhost32.exe [2003-5-29 106496]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 PPCtlPriv;PPCtlPriv;"c:\program files\ca\ca internet security suite\ca anti-spyware\ppctlpriv.exe" --> c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [?]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

.

=============== Created Last 30 ================

.

2011-11-27 18:44:44 -------- d-sha-r- C:\cmdcons

2011-11-27 18:40:17 98816 ----a-w- c:\windows\sed.exe

2011-11-27 18:40:17 518144 ----a-w- c:\windows\SWREG.exe

2011-11-27 18:40:17 256000 ----a-w- c:\windows\PEV.exe

2011-11-27 18:40:17 208896 ----a-w- c:\windows\MBR.exe

2011-10-29 19:19:37 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

==================== Find3M ====================

.

2011-10-29 19:10:57 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-14 23:06:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 14:46:27.09 ===============

Again, Thank You.

Link to post
Share on other sites

  • Staff

Hi,

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hello,

I have uninstalled "ViewPoint Manager" & "ViewPoint Media Player" per your instructions. I tried to uninstall "ViewPoint toolbar" but nothing happened, (I tried this twice).

I ran the temp file cleaner and a reboot was required which I allowed.

I ran ESET Online Scanner and here is the log.txt file:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f876af8520cfe54cb7f62cc4817170da

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-04 10:59:57

# local_time=2011-12-04 05:59:57 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=4864 16777215 100 0 1629901 1629901 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=262147

# found=40

# cleaned=40

# scan_time=8455

C:\AOL Instant Messenger\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0538914.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0538927.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0538942.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0538957.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0538973.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0538989.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0539004.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540004.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540025.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540041.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540057.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540074.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540089.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0540109.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0541109.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1093\A0541127.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0541169.exe Win32/Sirefef.CZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0541205.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0541220.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0541236.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0542236.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0543236.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0543571.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0544571.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545571.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545589.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545609.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545626.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545735.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545752.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545769.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545787.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545794.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545813.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545845.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545864.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545885.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1094\A0545908.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1097\A0546788.EXE Win32/Adware.WBug.A application (deleted - quarantined) 00000000000000000000000000000000 C

I then ran the Security Check and here is checkup.txt:

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java Web Start

Java 6 Update 20

Java 2 Runtime Environment, SE v1.4.2

Java 2 Runtime Environment, SE v1.4.1_02

Java version out of date!

Adobe Flash Player ( 10.0.32.18) Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox ((3.0.19)) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

America Online 9.0 aoltray.exe

``````````End of Log````````````

Should I now install CA Security Suite 2010? I currently still have the FireWall off and no antivirus program (Pre-Conditions for ComboFix).

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Java Web Start

Java™ 6 Update 20

Java 2 Runtime Environment, SE v1.4.2

Java 2 Runtime Environment, SE v1.4.1_02

Adobe Flash Player ( 10.0.32.18)

Adobe Reader 9

Mozilla Firefox (3.0.19)

Restart your computer.

Get the latest version of Java, Adobe Reader, Adobe Flash Player, and FIrefox.

I wouldn't recommend CA Security Suite. I recommend any of the following free antivirus programs (use only one):

Microsoft Security Essentials (what I use)

AntiVir

avast!.

However if you'd already paid for CA then I guess you should use it.

Link to post
Share on other sites

Hello,

I have done the following so far:

1) Ran TFC and it did do the reboot.

2) Ran the ComboFix /uninstall

3) Deleted SecurityCheck.

4) Removed ESET Online Scanner v3

5) Rebooted computer for clean startup

6) Installed CA Secutiy Suite 2010 Plus

7) Ran FULL SCAN after updating AntiVirus signatures

Program reported Heur/Trojan.C!VTJdCC low threat level and no action was taken

Program reported Win32/HackTool.ZAAA! as suspicious with high threat level and it was quarantined.

I will update Java, Adobe Reader, Adobe Flash Player and Firefox later but I wanted to get the CA Full Scan report to you.

Should I tell CA Security Suite to delete the quarantined file or just leave it quarantined for now? Should I delete the Heur/Trojan.C!VTJdCC? Unfortunately with this version of CA, I haven't found a way to display the actual file location of what it thinks it found. Finally, I am using this CA product because my internet provider RoadRunner provides it for free as part of their service :rolleyes:

Link to post
Share on other sites

  • Staff

Program reported Heur/Trojan.C!VTJdCC low threat level and no action was taken

Program reported Win32/HackTool.ZAAA! as suspicious with high threat level and it was quarantined.

Sure remove them, but it really doesn't help much if I can't see where something was removed. Ask RoadRunner or CA and see if there's any way to find that out.
Link to post
Share on other sites

Hello,

Program reported Heur/Trojan.C!VTJdCC low threat level and no action was taken

Location of file: C:\AOL Instant Messenger\AIM\Sysfiles\viewpoint.exe

Program reported Win32/HackTool.ZAAA! as suspicious with high threat level and it was quarantined.

Location of file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz

The file location is revealed when you hover the mouse cursor over the virus name. I also forgot to mention that I had to uninstall malwarebytes because CA install required it to be gone. Thanking you again for your help!

Link to post
Share on other sites

  • 2 weeks later...

Hello,

I finally got to uninstall the following:

Java Web Start

Java™ 6 Update 20

Java 2 Runtime Environment, SE v1.4.2

Java 2 Runtime Environment, SE v1.4.1_02

Adobe Flash Player ( 10.0.32.18)

Adobe Reader 9

Mozilla Firefox (3.0.19)

I then installed the latest versions using the links that you provided.

The system seems to boot faster and things seem to be running better than before. I wish Malwarebytes was compatible with CA but it seems CA complains and had me remove it during the install. I know I like CA's older version of the Firewall but I have to get use to this new version to see if I like it. I like that CA would ask me before allowing application to talk outside of the machine.

I also enabled the Microsoft updates and let them install (a little over 40 of them).

Thanks for your advice and help!

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.