Jump to content

Caught a Freezing Bug & It won't let go! Help!


Recommended Posts

Computer is a Compaq Presario C300 Laptop w/Xp Home SP3.

The problem is, about 1 minute after bootup the computer freezes. The mouse will still move the cursor, but nothing else will work. No Task Mgr, msconfig, regedit, etc. However, I've found that if rkill is started about the end of bootup, that after rkill finishes and reports, everything works as it should.

In addition, the rkill report sometimes has no process found to report, and when it does have a process to report, it could be a different file each time.

The original problem was that the machine froze up in the middle of something, I downloaded the latest Mbam ver and registered it. The first couple of times I ran it, all I could use was Safe Mode. Then I ran an old copy of rkill and was able to get Mbam started in regular mode. In safe mode it had found two problems, a trojan and something else that I didn't write down. In regular mode it also found two problems. I downloaded a fresh copy of rkill and have been using it, but still no results.

I've turned off a bunch of services (services.msc), stopped several things from starting (msconfig), but the problem with freezing shortly after bootup remains. I'm stumped!!

I notice that there is a reference to something called "www.spywareinfo.com" in one report, have no idea what it is or where it came from.

I have Malwarebytes Pro, MS Security Essentials and Windows firewall running. But the computer is my wifes and I'm not sure what was running last week when the attack occurred.

I'm about at my wits end and sure could use your help before I have to go some place else to eat and sleep! Thanks in advance

This is my first time ever posting and I hope I've done it right. If not, please let me know 'cause I'm desperate. Thanks again.

---------------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Katherine at 17:25:51 on 2011-10-28

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1527 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=presario&pf=laptop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: NoActiveDesktop = 01000000

uPolicies-explorer: NoRecentDocsNetHood = 01000000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-24 64160]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKslba635dd4;MpKslba635dd4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b655de4-1342-4367-8163-596c48644e49}\MpKslba635dd4.sys [2011-10-28 28752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-27 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-27 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SSPORT;SSPORT; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\utilities\lavasoft\ad-aware\aawservice.exe" --> c:\utilities\lavasoft\ad-aware\AAWService.exe [?]

.

=============== Created Last 30 ================

.

2011-10-28 21:14:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b655de4-1342-4367-8163-596c48644e49}\MpKslba635dd4.sys

2011-10-28 21:04:22 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b655de4-1342-4367-8163-596c48644e49}\offreg.dll

2011-10-28 19:24:43 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b655de4-1342-4367-8163-596c48644e49}\mpengine.dll

2011-10-27 15:10:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-27 15:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-27 14:31:16 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-27 14:31:16 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-27 14:30:52 -------- d-----w- c:\windows\SMINST

2011-10-27 14:30:27 -------- d-----w- c:\program files\Xvid

2011-10-27 14:30:23 -------- d-----w- c:\program files\NetWaiting

2011-10-27 14:30:23 -------- d-----w- c:\documents and settings\katherine\local settings\application data\BVRP Software

2011-10-27 02:36:04 -------- d-----w- c:\program files\NetWaiting(2)

.

==================== Find3M ====================

.

2011-10-28 16:30:04 133632 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 17:26:53.70 ===============

-------------------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/24/2010 1:51:11 PM

System Uptime: 10/28/2011 4:12:53 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 30C6

Processor: Intel® Celeron® M CPU 420 @ 1.60GHz | U1 | 1595/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 48 GiB total, 23.536 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 1.034 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP543: 9/13/2011 6:26:38 PM - Software Distribution Service 3.0

RP544: 9/14/2011 6:38:15 PM - System Checkpoint

RP545: 9/15/2011 8:57:45 AM - Software Distribution Service 3.0

RP546: 9/16/2011 12:55:53 PM - System Checkpoint

RP547: 9/17/2011 6:13:54 PM - System Checkpoint

RP548: 9/18/2011 8:04:41 PM - Software Distribution Service 3.0

RP549: 9/20/2011 8:48:55 AM - System Checkpoint

RP550: 9/21/2011 8:37:20 AM - Software Distribution Service 3.0

RP551: 9/22/2011 10:13:39 AM - System Checkpoint

RP552: 9/23/2011 10:12:57 AM - Software Distribution Service 3.0

RP553: 9/24/2011 10:23:20 AM - System Checkpoint

RP554: 9/25/2011 5:41:14 PM - System Checkpoint

RP555: 9/27/2011 8:22:18 AM - Software Distribution Service 3.0

RP556: 9/28/2011 12:24:42 PM - System Checkpoint

RP557: 9/29/2011 7:54:27 AM - Software Distribution Service 3.0

RP558: 9/30/2011 8:30:05 AM - System Checkpoint

RP559: 10/2/2011 4:45:42 PM - Software Distribution Service 3.0

RP560: 10/3/2011 6:14:40 PM - System Checkpoint

RP561: 10/4/2011 8:08:55 AM - Software Distribution Service 3.0

RP562: 10/5/2011 1:49:07 PM - System Checkpoint

RP563: 10/5/2011 3:20:26 PM - Software Distribution Service 3.0

RP564: 10/6/2011 4:49:14 PM - System Checkpoint

RP565: 10/7/2011 5:19:20 PM - System Checkpoint

RP566: 10/9/2011 11:38:29 AM - System Checkpoint

RP567: 10/10/2011 8:32:21 AM - Software Distribution Service 3.0

RP568: 10/11/2011 1:28:16 PM - System Checkpoint

RP569: 10/12/2011 3:52:44 PM - Software Distribution Service 3.0

RP570: 10/13/2011 3:58:58 PM - System Checkpoint

RP571: 10/14/2011 3:22:58 PM - Software Distribution Service 3.0

RP572: 10/16/2011 6:29:39 PM - Software Distribution Service 3.0

RP573: 10/17/2011 6:37:11 PM - System Checkpoint

RP574: 10/17/2011 8:06:39 PM - Software Distribution Service 3.0

RP575: 10/18/2011 8:28:24 PM - System Checkpoint

RP576: 10/19/2011 10:12:13 AM - Software Distribution Service 3.0

RP577: 10/20/2011 10:40:34 AM - System Checkpoint

RP578: 10/24/2011 10:32:07 AM - System Checkpoint

RP579: 10/25/2011 5:31:11 PM - Software Distribution Service 3.0

RP580: 10/26/2011 6:36:50 PM - Software Distribution Service 3.0

RP581: 10/26/2011 9:36:33 PM - Installed NetWaiting

RP582: 10/27/2011 9:30:08 AM - Restore Operation

RP583: 10/27/2011 11:29:18 AM - Software Distribution Service 3.0

RP584: 10/27/2011 9:12:31 PM - Software Distribution Service 3.0

RP585: 10/27/2011 9:37:50 PM - Software Distribution Service 3.0

RP586: 10/27/2011 9:50:19 PM - Software Distribution Service 3.0

RP587: 10/28/2011 2:24:39 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

A1Click Ultra PC Cleaner 1.01 (Registered Version)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.2.0

Compatibility Pack for the 2007 Office system

Conexant HD Audio

Coupon Printer for Windows

Destinations

DeviceManagementQFolder

EasyACCT Business System

FTDI USB Serial Converter Drivers

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB954550-v5)

HP DVD Play 2.3

HP Help and Support

HP Imaging Device Functions 6.0

HP Quick Launch Buttons 6.10 A1

HP Update

HP User Guides--System Recovery

HP User Guides 0037

HP Wireless Assistant 2.00 G2

HpSdpAppCoreApp

Intel® Graphics Media Accelerator Driver

iSEEK AnswerWorks English Runtime

J2SE Runtime Environment 5.0 Update 6

Macromedia Flash Player 8

Macromedia Shockwave Player

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office 2000 SR-1 Professional

Microsoft Security Client

Microsoft Security Essentials

Microsoft Works 7.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

RegVac Registry Cleaner 5.01 (Registered Version)

Samsung CLP-310 Series

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

SmartAudio

Sonic Audio Module

Sonic Copy Module

Sonic Data Module

Sonic Express Labeler

Sonic MyDVD Plus

Sonic Update Manager

Spybot - Search & Destroy

Synaptics Pointing Device Driver

TurboTax 2009 WinBizFedFormset

TurboTax 2009 WinBizReleaseEngine

TurboTax 2009 WinBizTaxSupport

TurboTax 2009 wrapper

TurboTax 2010 WinBizFedFormset

TurboTax 2010 WinBizReleaseEngine

TurboTax 2010 WinBizTaxSupport

TurboTax 2010 wrapper

TurboTax Business 2009

TurboTax Business 2010

TweakAll 3.0

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Wireless Home Network Setup

Xvid 1.1.2 final uninstall

Zipkey Zipcodes

.

==== Event Viewer Messages From Past Week ========

.

10/27/2011 9:33:20 PM, error: Service Control Manager [7022] - The Terminal Services service hung on starting.

10/27/2011 9:33:20 PM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.

10/27/2011 9:33:20 PM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: After starting, the service hung in a start-pending state.

10/27/2011 9:28:38 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.

10/27/2011 9:28:38 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Hey Chris, My apologies for the delay in responding.

Here is the DDS log, Attach log and Combofix log.

I've found that the machine will start if I run rkill during the last part of the boot cycle (and catch it just right). It then seems to run normally. If rkill is not run, the machine will stall for about 15 minutes and then seems to be okay unless I try to start a program during the 15 minutes.

Thanks again.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Katherine at 13:34:02 on 2011-11-02

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1382 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: NoRecentDocsNetHood = 01000000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C1AA289B-22A0-455C-BB21-62F7C3551314} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl339ab2a6;MpKsl339ab2a6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{375f8844-661f-41fc-bb49-209573dbdb56}\MpKsl339ab2a6.sys [2011-11-2 28752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-27 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-27 22216]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S2 SSPORT;SSPORT; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2011-11-02 18:27:58 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{375f8844-661f-41fc-bb49-209573dbdb56}\MpKsl339ab2a6.sys

2011-11-02 18:27:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{375f8844-661f-41fc-bb49-209573dbdb56}\offreg.dll

2011-11-02 18:27:51 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{375f8844-661f-41fc-bb49-209573dbdb56}\mpengine.dll

2011-11-02 18:03:23 -------- d-sha-r- C:\cmdcons

2011-11-02 18:00:48 98816 ----a-w- c:\windows\sed.exe

2011-11-02 18:00:48 518144 ----a-w- c:\windows\SWREG.exe

2011-11-02 18:00:48 256000 ----a-w- c:\windows\PEV.exe

2011-11-02 18:00:48 208896 ----a-w- c:\windows\MBR.exe

2011-10-27 15:10:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-27 15:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-27 14:31:16 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-27 14:31:16 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-27 14:30:52 -------- d-----w- c:\windows\SMINST

2011-10-27 14:30:27 -------- d-----w- c:\program files\Xvid

2011-10-27 14:30:23 -------- d-----w- c:\program files\NetWaiting

2011-10-27 14:30:23 -------- d-----w- c:\documents and settings\katherine\local settings\application data\BVRP Software

2011-10-27 02:36:04 -------- d-----w- c:\program files\NetWaiting(2)

.

==================== Find3M ====================

.

2011-10-28 16:30:04 133632 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 13:34:34.37 ===============

-------------------------------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 1/24/2010 1:51:11 PM

System Uptime: 11/2/2011 9:13:59 AM (4 hours ago)

.

Motherboard: Hewlett-Packard | | 30C6

Processor: Intel® Celeron® M CPU 420 @ 1.60GHz | U1 | 1596/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 48 GiB total, 24.895 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 1.034 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP552: 9/23/2011 10:12:57 AM - Software Distribution Service 3.0

RP553: 9/24/2011 10:23:20 AM - System Checkpoint

RP554: 9/25/2011 5:41:14 PM - System Checkpoint

RP555: 9/27/2011 8:22:18 AM - Software Distribution Service 3.0

RP556: 9/28/2011 12:24:42 PM - System Checkpoint

RP557: 9/29/2011 7:54:27 AM - Software Distribution Service 3.0

RP558: 9/30/2011 8:30:05 AM - System Checkpoint

RP559: 10/2/2011 4:45:42 PM - Software Distribution Service 3.0

RP560: 10/3/2011 6:14:40 PM - System Checkpoint

RP561: 10/4/2011 8:08:55 AM - Software Distribution Service 3.0

RP562: 10/5/2011 1:49:07 PM - System Checkpoint

RP563: 10/5/2011 3:20:26 PM - Software Distribution Service 3.0

RP564: 10/6/2011 4:49:14 PM - System Checkpoint

RP565: 10/7/2011 5:19:20 PM - System Checkpoint

RP566: 10/9/2011 11:38:29 AM - System Checkpoint

RP567: 10/10/2011 8:32:21 AM - Software Distribution Service 3.0

RP568: 10/11/2011 1:28:16 PM - System Checkpoint

RP569: 10/12/2011 3:52:44 PM - Software Distribution Service 3.0

RP570: 10/13/2011 3:58:58 PM - System Checkpoint

RP571: 10/14/2011 3:22:58 PM - Software Distribution Service 3.0

RP572: 10/16/2011 6:29:39 PM - Software Distribution Service 3.0

RP573: 10/17/2011 6:37:11 PM - System Checkpoint

RP574: 10/17/2011 8:06:39 PM - Software Distribution Service 3.0

RP575: 10/18/2011 8:28:24 PM - System Checkpoint

RP576: 10/19/2011 10:12:13 AM - Software Distribution Service 3.0

RP577: 10/20/2011 10:40:34 AM - System Checkpoint

RP578: 10/24/2011 10:32:07 AM - System Checkpoint

RP579: 10/25/2011 5:31:11 PM - Software Distribution Service 3.0

RP580: 10/26/2011 6:36:50 PM - Software Distribution Service 3.0

RP581: 10/26/2011 9:36:33 PM - Installed NetWaiting

RP582: 10/27/2011 9:30:08 AM - Restore Operation

RP583: 10/27/2011 11:29:18 AM - Software Distribution Service 3.0

RP584: 10/27/2011 9:12:31 PM - Software Distribution Service 3.0

RP585: 10/27/2011 9:37:50 PM - Software Distribution Service 3.0

RP586: 10/27/2011 9:50:19 PM - Software Distribution Service 3.0

RP587: 10/28/2011 2:24:39 PM - Software Distribution Service 3.0

RP588: 10/30/2011 10:42:07 AM - Software Distribution Service 3.0

RP589: 10/31/2011 10:22:31 AM - Removed Microsoft .NET Framework 3.0 Service Pack 2

RP590: 10/31/2011 10:24:15 AM - Removed Microsoft .NET Framework 2.0 Service Pack 2

RP591: 10/31/2011 11:10:38 AM - Removed Sonic Update Manager

RP592: 11/1/2011 7:56:24 AM - Mikes1

RP593: 11/2/2011 9:27:54 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

.

A1Click Ultra PC Cleaner 1.01 (Registered Version)

Adobe Flash Player 10 ActiveX

Adobe Reader 8.2.0

Compatibility Pack for the 2007 Office system

Conexant HD Audio

Coupon Printer for Windows

Destinations

DeviceManagementQFolder

EasyACCT Business System

FTDI USB Serial Converter Drivers

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB954550-v5)

HP DVD Play 2.3

HP Help and Support

HP Imaging Device Functions 6.0

HP Quick Launch Buttons 6.10 A1

HP Update

HP User Guides--System Recovery

HP User Guides 0037

HP Wireless Assistant 2.00 G2

HpSdpAppCoreApp

Intel® Graphics Media Accelerator Driver

iSEEK AnswerWorks English Runtime

J2SE Runtime Environment 5.0 Update 6

Macromedia Flash Player 8

Macromedia Shockwave Player

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office 2000 SR-1 Professional

Microsoft Security Client

Microsoft Security Essentials

Microsoft Works 7.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

RegVac Registry Cleaner 5.01 (Registered Version)

Samsung CLP-310 Series

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

SmartAudio

Sonic Audio Module

Sonic Copy Module

Sonic Data Module

Sonic Express Labeler

Sonic MyDVD Plus

Spybot - Search & Destroy

Synaptics Pointing Device Driver

TurboTax 2009 WinBizFedFormset

TurboTax 2009 WinBizReleaseEngine

TurboTax 2009 WinBizTaxSupport

TurboTax 2009 wrapper

TurboTax 2010 WinBizFedFormset

TurboTax 2010 WinBizReleaseEngine

TurboTax 2010 WinBizTaxSupport

TurboTax 2010 wrapper

TurboTax Business 2009

TurboTax Business 2010

TweakAll 3.0

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2616676)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Wireless Home Network Setup

Xvid 1.1.2 final uninstall

Zipkey Zipcodes

.

==== Event Viewer Messages From Past Week ========

.

11/1/2011 7:45:57 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.904.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/1/2011 7:18:28 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.904.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

10/31/2011 12:48:08 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.904.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

10/31/2011 10:23:09 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.

10/31/2011 10:17:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

10/31/2011 10:17:33 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.

10/31/2011 10:17:33 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

10/28/2011 10:07:06 AM, error: Service Control Manager [7022] - The Terminal Services service hung on starting.

10/28/2011 10:07:06 AM, error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.

10/28/2011 10:07:06 AM, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: After starting, the service hung in a start-pending state.

.

==== End Of File ===========================

-------------------------------------------------------------------------------------

ComboFix 11-11-02.03 - Katherine 11/02/2011 13:04:54.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1470 [GMT -5:00]

Running from: c:\documents and settings\Katherine\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Katherine\g2mdlhlpx.exe

c:\documents and settings\Katherine\My Documents\Zipkey32.INI

c:\windows\dasetup.log

c:\windows\help\tours\htmltour\unlock_playing.htm

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))

.

.

2011-11-02 14:28 . 2011-11-02 14:28 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE7D02D4-539F-49D0-826B-8768AB565E64}\MpKsl0acec83a.sys

2011-11-02 14:28 . 2011-11-02 14:28 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE7D02D4-539F-49D0-826B-8768AB565E64}\offreg.dll

2011-11-02 14:27 . 2011-10-07 01:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE7D02D4-539F-49D0-826B-8768AB565E64}\mpengine.dll

2011-10-29 01:38 . 2011-10-29 01:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-10-27 22:00 . 2011-10-27 22:00 -------- d-----w- c:\documents and settings\Temporary Internet Files\AntiPhishing

2011-10-27 15:10 . 2011-10-28 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-27 15:10 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-27 14:31 . 2011-10-27 14:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\windows\SMINST

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\program files\Xvid

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\program files\NetWaiting

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\documents and settings\Katherine\Local Settings\Application Data\BVRP Software

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 16:30 . 2006-10-19 03:47 133632 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-10-07 01:48 . 2011-01-22 15:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-26 16:41 . 2009-10-08 20:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-04 21:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-04 21:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-04 21:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-04 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-04 21:00 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2004-08-04 21:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 01000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-08-11 23:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Lavasoft Ad-Aware Service"=3 (0x3)

"ERSvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R1 MpKsl0acec83a;MpKsl0acec83a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE7D02D4-539F-49D0-826B-8768AB565E64}\MpKsl0acec83a.sys [11/2/2011 9:28 AM 28752]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/27/2011 10:10 AM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/27/2011 10:10 AM 22216]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 SSPORT;SSPORT; [x]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL0ACEC83A

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-02 13:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-11-02 13:10:06

ComboFix-quarantined-files.txt 2011-11-02 18:10

.

Pre-Run: 26,732,314,624 bytes free

Post-Run: 26,703,859,712 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - BA8FCE801CF76DF111140B7D4E594F5D

Link to post
Share on other sites

Hi Screen317,

I haven't been able to logon without getting an error message for a few days and thought I'd better ask if I had done something wrong. The message said I should read the help files to find the reason, so I did. About went blind, never did find out why the error msg. And now I find I can log on. Weird!!

Anyway, we're still having the same problem with her computer and are relying on you to help us. Thanks, Mike

Link to post
Share on other sites

Hi Chris, I thought you had abandoned me, so I haven't been checking the forum and I've been trying to fix the problem myself, with only limited success. Probably stirred things up badly for you, but after a week I couldn't just sit here and wait for salvation! I've turned off more services (with services.msc), stopped several things from starting (using msconfig), but the problem shortly after bootup remains. It appears to be some kind of memory intensive operation.

Anyway, I've loaded some new stuff like "Autoruns", using "event viewer" and "devmgmt.msc" trying to find the culprit. Things have loosened up a bit, but it still sporadically quits working for about 15 minutes right after booting.

You will probably want me to run all the reports again, just give me instructions. I won't do anything else to the machine until I hear from you.

The error message you are asking about is of no consequence, it's past now and as you can see, I have access. However, the original problem remains.

By the way, I'm not getting an email notification when you respond. I think I have it set properly in my profile but now that you've responded, I won't depend on that, I'll check this location daily.

Thanks, Mike

Link to post
Share on other sites

Hi,

Please write down the error message exactly as written and post it here.

Can you boot into Safe Mode (please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Hi Chris, I thought you had abandoned me, so I haven't been checking the forum and I've been trying to fix the problem myself, with only limited success. Probably stirred things up badly for you, but after a week I couldn't just sit here and wait for salvation! I've turned off more services (with services.msc), stopped several things from starting (using msconfig), but the problem shortly after bootup remains. It appears to be some kind of memory intensive operation.

Anyway, I've loaded some new stuff like "Autoruns", using "event viewer" and "devmgmt.msc" trying to find the culprit. Things have loosened up a bit, but it still sporadically quits working for about 15 minutes right after booting.

You will probably want me to run all the reports again, just give me instructions. I won't do anything else to the machine until I hear from you.

The error message you are asking about is of no consequence, it's past now and as you can see, I have access. However, the original problem remains.

By the way, I'm not getting an email notification when you respond. I think I have it set properly in my profile but now that you've responded, I won't depend on that, I'll check this location daily.

Thanks, Mike

P.S. I didn't know which way I'm supposed to respond, by using "Post" or "Reply", so I'm doing it both ways. Let me know which is correct.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,

My apologies for the delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Hi Screen317,

Here's the combofix report, followed by the DDs.txt report.

ComboFix 11-11-20.02 - Katherine 11/20/2011 21:56:56.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1521 [GMT -6:00]

Running from: c:\documents and settings\Katherine\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Katherine\My Documents\Zipkey32.INI

.

.

((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))

.

.

2011-11-21 03:05 . 2011-10-07 01:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4B6266C-574E-40D0-8339-EB887C17BCCC}\mpengine.dll

2011-11-10 17:08 . 2011-11-15 16:55 -------- d--h--w- c:\documents and settings\Temporary Internet Files\Content.MSO

2011-11-02 18:00 . 2000-08-31 00:00 98816 ----a-w- c:\windows\sedx.exe

2011-10-29 01:38 . 2011-10-29 01:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-10-27 22:00 . 2011-10-27 22:00 -------- d-----w- c:\documents and settings\Temporary Internet Files\AntiPhishing

2011-10-27 15:10 . 2011-10-28 19:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-27 15:10 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-27 14:31 . 2011-10-27 14:31 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\windows\SMINST

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\program files\Xvid

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\program files\NetWaiting

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\documents and settings\Katherine\Local Settings\Application Data\BVRP Software

2011-10-27 14:30 . 2011-10-27 14:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 16:30 . 2006-10-19 03:47 133632 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-10-07 01:48 . 2011-01-22 15:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-26 16:41 . 2009-10-08 20:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-04 21:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-04 21:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-04 21:00 1858944 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-02_18.07.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-05-10 13:33 . 2011-11-14 19:35 53100 c:\windows\system32\perfc009.dat

+ 2011-11-14 19:38 . 2001-08-30 10:30 13894 c:\windows\system32\dllcache\zonelibm.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 29760 c:\windows\system32\dllcache\znetm.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 41029 c:\windows\system32\dllcache\zcorem.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 36937 c:\windows\system32\dllcache\zclientm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 32339 c:\windows\system32\dllcache\uniansi.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42573 c:\windows\system32\dllcache\shvlzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 66113 c:\windows\system32\dllcache\shvl.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42574 c:\windows\system32\dllcache\rvsezm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 48706 c:\windows\system32\dllcache\rvse.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42573 c:\windows\system32\dllcache\hrtzzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 57409 c:\windows\system32\dllcache\hrtz.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42575 c:\windows\system32\dllcache\chkrzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 40515 c:\windows\system32\dllcache\chkr.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42577 c:\windows\system32\dllcache\bckgzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 82501 c:\windows\system32\dllcache\bckg.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 8261 c:\windows\system32\dllcache\zoneoc.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 4677 c:\windows\system32\dllcache\zeeverm.dll

+ 2006-05-10 13:33 . 2011-11-14 19:35 342750 c:\windows\system32\perfh009.dat

+ 2011-11-14 19:38 . 2001-08-30 10:30 113222 c:\windows\system32\dllcache\zoneclim.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 753236 c:\windows\system32\dllcache\rvseres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 217160 c:\windows\system32\dllcache\cmnclim.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 780885 c:\windows\system32\dllcache\chkrres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 2178131 c:\windows\system32\dllcache\shvlres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 1175635 c:\windows\system32\dllcache\hrtzres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 1039955 c:\windows\system32\dllcache\cmnresm.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 1817687 c:\windows\system32\dllcache\bckgres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 01000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Lavasoft Ad-Aware Service"=3 (0x3)

"ERSvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/27/2011 9:10 AM 22216]

R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/27/2011 9:10 AM 366152]

S4 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S4 MpKslbb486b8f;MpKslbb486b8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{375F8844-661F-41FC-BB49-209573DBDB56}\MpKslbb486b8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{375F8844-661F-41FC-BB49-209573DBDB56}\MpKslbb486b8f.sys [?]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-20 22:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-11-20 22:02:53

ComboFix-quarantined-files.txt 2011-11-21 04:02

ComboFix2.txt 2011-11-10 23:15

ComboFix3.txt 2011-11-02 18:10

.

Pre-Run: 26,711,515,136 bytes free

Post-Run: 26,692,624,384 bytes free

.

- - End Of File - - 6D057AE0A19088F4F0F9DC90B13E10A3

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Katherine at 22:12:24 on 2011-11-20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1489 [GMT -6:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: NoRecentDocsNetHood = 01000000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TCP: Interfaces\{C1AA289B-22A0-455C-BB21-62F7C3551314} : DhcpNameServer = 192.168.1.254

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-27 22216]

R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-27 366152]

S4 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S4 MpKslbb486b8f;MpKslbb486b8f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{375f8844-661f-41fc-bb49-209573dbdb56}\mpkslbb486b8f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{375f8844-661f-41fc-bb49-209573dbdb56}\MpKslbb486b8f.sys [?]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2011-11-21 03:56:06 98816 ----a-w- c:\windows\sed.exe

2011-11-21 03:56:06 518144 ----a-w- c:\windows\SWREG.exe

2011-11-21 03:56:06 256000 ----a-w- c:\windows\PEV.exe

2011-11-21 03:56:06 208896 ----a-w- c:\windows\MBR.exe

2011-11-21 03:05:13 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a4b6266c-574e-40d0-8339-eb887c17bccc}\mpengine.dll

2011-11-02 18:03:23 -------- d-sha-r- C:\cmdcons

2011-11-02 18:00:48 98816 ----a-w- c:\windows\sedx.exe

2011-10-27 15:10:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-27 15:10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-27 14:31:16 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-10-27 14:31:16 -------- d-----w- c:\windows\system32\wbem\Repository

2011-10-27 14:30:52 -------- d-----w- c:\windows\SMINST

2011-10-27 14:30:27 -------- d-----w- c:\program files\Xvid

2011-10-27 14:30:23 -------- d-----w- c:\program files\NetWaiting

2011-10-27 14:30:23 -------- d-----w- c:\documents and settings\katherine\local settings\application data\BVRP Software

2011-10-27 02:36:04 -------- d-----w- c:\program files\NetWaiting(2)

.

==================== Find3M ====================

.

2011-10-28 16:30:04 133632 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:12:51.74 ===============

Please let me know what you want me to do next. Thanks, Mike

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Here's the eset log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=40d6d2d245e0ee48b9fcb36e9b3ce57e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-29 12:35:46

# local_time=2011-11-28 06:35:46 (-0600, Central Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776869 42 87 0 26194877 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=76622

# found=0

# cleaned=0

# scan_time=4492

Link to post
Share on other sites

Here's your Security Check log:

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Microsoft Security Essentials

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

A1Click Ultra PC Cleaner 1.01 (Registered Version)

RegVac Registry Cleaner 5.01 (Registered Version)

Adobe Reader 8 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

``````````End of Log````````````

It still is difficult to get started at boot up. It works best if rkill is run as soon as the color returns to the icons on the desktop. rkill doesn't report finding anything now, but if it isn't run, very shortly the machine will "lockup". It might turn loose after awhile or it might not. When it does run, it erratically seems to just stop during use. Thanks for your help, please continue, Mike

Link to post
Share on other sites

  • Staff

Hi,

These programs are dangerous to run and I highly recommend their removal:

A1Click Ultra PC Cleaner 1.01 (Registered Version)

RegVac Registry Cleaner 5.01 (Registered Version)

"Registry cleaners" and "PC Cleaners" do very little good with the possibility of doing a lot of bad.

Let's work back and see if we missed any malware.

Grab a fresh copy of ComboFix, run it, and post its log.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Summarizing:

  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever)

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update if any available

Back to other tab and click Start Object Scan.

(It took 3 hours to scan my 47G)

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to
C:\KasperskyRescueDisk10.txt
.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites

Hi Chris,

Here's the Combofix log followed by the TDSSKiller log. I'm working on the Kaspersky Rescue disk stuff and I'll get it to you as soon as I understand enough about it to run it!! Thanks, Mike

ComboFix 11-12-06.01 - Katherine 12/07/2011 10:34:49.5.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1524 [GMT -6:00]

Running from: c:\documents and settings\Katherine\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\EventSystem.log

.

.

((((((((((((((((((((((((( Files Created from 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))))

.

.

2011-12-07 15:54 . 2011-12-07 15:54 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B78437-B13B-4B78-ABBA-4ED93A922A92}\offreg.dll

2011-11-29 01:14 . 2011-10-07 01:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6B78437-B13B-4B78-ABBA-4ED93A922A92}\mpengine.dll

2011-11-28 23:02 . 2011-11-28 23:02 -------- d-----w- c:\program files\ESET

2011-11-28 22:57 . 2011-11-28 22:57 -------- d-----w- c:\documents and settings\Temporary Internet Files\AntiPhishing

2011-11-10 17:08 . 2011-11-15 16:55 -------- d--h--w- c:\documents and settings\Temporary Internet Files\Content.MSO

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 16:30 . 2006-10-19 03:47 133632 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2011-10-07 01:48 . 2011-01-22 15:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-26 16:41 . 2009-10-08 20:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-04 21:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-04 21:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2004-08-04 21:00 599040 ----a-w- c:\windows\system32\crypt32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-02_18.07.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-05-10 13:33 . 2011-11-14 19:35 53100 c:\windows\system32\perfc009.dat

+ 2011-11-14 19:38 . 2001-08-30 10:30 13894 c:\windows\system32\dllcache\zonelibm.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 29760 c:\windows\system32\dllcache\znetm.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 41029 c:\windows\system32\dllcache\zcorem.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 36937 c:\windows\system32\dllcache\zclientm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 32339 c:\windows\system32\dllcache\uniansi.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42573 c:\windows\system32\dllcache\shvlzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 66113 c:\windows\system32\dllcache\shvl.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42574 c:\windows\system32\dllcache\rvsezm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 48706 c:\windows\system32\dllcache\rvse.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42573 c:\windows\system32\dllcache\hrtzzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 57409 c:\windows\system32\dllcache\hrtz.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42575 c:\windows\system32\dllcache\chkrzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 40515 c:\windows\system32\dllcache\chkr.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 42577 c:\windows\system32\dllcache\bckgzm.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 82501 c:\windows\system32\dllcache\bckg.dll

+ 2011-11-02 18:00 . 2000-08-31 00:00 98816 c:\windows\sedx.exe

+ 2011-11-14 19:38 . 2001-08-30 10:30 8261 c:\windows\system32\dllcache\zoneoc.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 4677 c:\windows\system32\dllcache\zeeverm.dll

+ 2006-05-10 13:33 . 2011-11-14 19:35 342750 c:\windows\system32\perfh009.dat

+ 2011-11-14 19:38 . 2001-08-30 10:30 113222 c:\windows\system32\dllcache\zoneclim.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 753236 c:\windows\system32\dllcache\rvseres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 217160 c:\windows\system32\dllcache\cmnclim.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 780885 c:\windows\system32\dllcache\chkrres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 2178131 c:\windows\system32\dllcache\shvlres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 1175635 c:\windows\system32\dllcache\hrtzres.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 1039955 c:\windows\system32\dllcache\cmnresm.dll

+ 2011-11-14 19:38 . 2001-08-30 10:30 1817687 c:\windows\system32\dllcache\bckgres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 01000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 14:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 22:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

2005-10-11 17:23 1187840 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]

2008-08-08 05:03 524288 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Lavasoft Ad-Aware Service"=3 (0x3)

"ERSvc"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/27/2011 9:10 AM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/27/2011 9:10 AM 22216]

S4 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S4 MpKslbb486b8f;MpKslbb486b8f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{375F8844-661F-41FC-BB49-209573DBDB56}\MpKslbb486b8f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{375F8844-661F-41FC-BB49-209573DBDB56}\MpKslbb486b8f.sys [?]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.1.254

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-07 10:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-12-07 10:41:20

ComboFix-quarantined-files.txt 2011-12-07 16:41

ComboFix2.txt 2011-11-27 02:51

ComboFix3.txt 2011-11-21 04:02

ComboFix4.txt 2011-11-10 23:15

ComboFix5.txt 2011-12-07 16:33

.

Pre-Run: 26,577,596,416 bytes free

Post-Run: 26,562,207,744 bytes free

.

- - End Of File - - 6DEC35359FA67A8551EF5CEC8F60130C

-----------------------------------------------------------------------------

10:50:36.0453 1480 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

10:50:36.0468 1480 ============================================================

10:50:36.0468 1480 Current date / time: 2011/12/07 10:50:36.0468

10:50:36.0468 1480 SystemInfo:

10:50:36.0468 1480

10:50:36.0468 1480 OS Version: 5.1.2600 ServicePack: 3.0

10:50:36.0468 1480 Product type: Workstation

10:50:36.0468 1480 ComputerName: KATHIE

10:50:36.0468 1480 UserName: Katherine

10:50:36.0468 1480 Windows directory: C:\WINDOWS

10:50:36.0468 1480 System windows directory: C:\WINDOWS

10:50:36.0468 1480 Processor architecture: Intel x86

10:50:36.0468 1480 Number of processors: 1

10:50:36.0468 1480 Page size: 0x1000

10:50:36.0468 1480 Boot type: Normal boot

10:50:36.0468 1480 ============================================================

10:50:36.0765 1480 Initialize success

10:51:27.0046 3944 ============================================================

10:51:27.0046 3944 Scan started

10:51:27.0046 3944 Mode: Manual;

10:51:27.0046 3944 ============================================================

10:51:27.0359 3944 Abiosdsk - ok

10:51:27.0406 3944 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

10:51:27.0406 3944 abp480n5 - ok

10:51:27.0437 3944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:51:27.0453 3944 ACPI - ok

10:51:27.0468 3944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

10:51:27.0468 3944 ACPIEC - ok

10:51:27.0500 3944 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

10:51:27.0515 3944 adpu160m - ok

10:51:27.0546 3944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:51:27.0546 3944 aec - ok

10:51:27.0609 3944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:51:27.0609 3944 AFD - ok

10:51:27.0640 3944 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

10:51:27.0640 3944 agp440 - ok

10:51:27.0656 3944 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

10:51:27.0656 3944 agpCPQ - ok

10:51:27.0687 3944 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

10:51:27.0687 3944 Aha154x - ok

10:51:27.0796 3944 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

10:51:27.0796 3944 aic78u2 - ok

10:51:27.0828 3944 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

10:51:27.0828 3944 aic78xx - ok

10:51:27.0875 3944 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

10:51:27.0875 3944 AliIde - ok

10:51:27.0906 3944 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

10:51:27.0906 3944 alim1541 - ok

10:51:27.0984 3944 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

10:51:27.0984 3944 amdagp - ok

10:51:28.0015 3944 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

10:51:28.0015 3944 amsint - ok

10:51:28.0046 3944 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

10:51:28.0046 3944 Arp1394 - ok

10:51:28.0078 3944 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

10:51:28.0078 3944 asc - ok

10:51:28.0093 3944 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

10:51:28.0093 3944 asc3350p - ok

10:51:28.0171 3944 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

10:51:28.0171 3944 asc3550 - ok

10:51:28.0296 3944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:51:28.0296 3944 AsyncMac - ok

10:51:28.0359 3944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:51:28.0359 3944 atapi - ok

10:51:28.0375 3944 Atdisk - ok

10:51:28.0437 3944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:51:28.0437 3944 Atmarpc - ok

10:51:28.0468 3944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:51:28.0468 3944 audstub - ok

10:51:28.0578 3944 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

10:51:28.0578 3944 BCM43XX - ok

10:51:28.0625 3944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:51:28.0625 3944 Beep - ok

10:51:28.0703 3944 catchme - ok

10:51:28.0828 3944 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

10:51:28.0828 3944 cbidf - ok

10:51:28.0843 3944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:51:28.0843 3944 cbidf2k - ok

10:51:28.0875 3944 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

10:51:28.0875 3944 cd20xrnt - ok

10:51:28.0890 3944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:51:28.0890 3944 Cdaudio - ok

10:51:28.0937 3944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:51:28.0937 3944 Cdfs - ok

10:51:28.0968 3944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:51:28.0968 3944 Cdrom - ok

10:51:28.0984 3944 Changer - ok

10:51:29.0015 3944 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

10:51:29.0015 3944 CmBatt - ok

10:51:29.0062 3944 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

10:51:29.0062 3944 CmdIde - ok

10:51:29.0078 3944 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

10:51:29.0093 3944 Compbatt - ok

10:51:29.0125 3944 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

10:51:29.0125 3944 Cpqarray - ok

10:51:29.0156 3944 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

10:51:29.0171 3944 dac2w2k - ok

10:51:29.0265 3944 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

10:51:29.0265 3944 dac960nt - ok

10:51:29.0296 3944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:51:29.0296 3944 Disk - ok

10:51:29.0359 3944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:51:29.0375 3944 dmboot - ok

10:51:29.0421 3944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:51:29.0421 3944 dmio - ok

10:51:29.0453 3944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:51:29.0453 3944 dmload - ok

10:51:29.0484 3944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:51:29.0484 3944 DMusic - ok

10:51:29.0531 3944 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

10:51:29.0531 3944 dpti2o - ok

10:51:29.0546 3944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:51:29.0546 3944 drmkaud - ok

10:51:29.0578 3944 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

10:51:29.0578 3944 eabfiltr - ok

10:51:29.0609 3944 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

10:51:29.0609 3944 eabusb - ok

10:51:29.0750 3944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:51:29.0750 3944 Fastfat - ok

10:51:29.0781 3944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:51:29.0781 3944 Fdc - ok

10:51:29.0812 3944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:51:29.0812 3944 Fips - ok

10:51:29.0843 3944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:51:29.0843 3944 Flpydisk - ok

10:51:29.0890 3944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:51:29.0890 3944 FltMgr - ok

10:51:29.0921 3944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:51:29.0921 3944 Fs_Rec - ok

10:51:29.0953 3944 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys

10:51:29.0953 3944 FTDIBUS - ok

10:51:29.0984 3944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:51:29.0984 3944 Ftdisk - ok

10:51:30.0031 3944 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys

10:51:30.0031 3944 FTSER2K - ok

10:51:30.0156 3944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:51:30.0156 3944 Gpc - ok

10:51:30.0187 3944 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

10:51:30.0187 3944 HBtnKey - ok

10:51:30.0265 3944 HdAudAddService (34af2366ae5ba06626b023c81369039e) C:\WINDOWS\system32\drivers\CHDAud.sys

10:51:30.0265 3944 HdAudAddService - ok

10:51:30.0312 3944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:51:30.0312 3944 HDAudBus - ok

10:51:30.0375 3944 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:51:30.0375 3944 HidUsb - ok

10:51:30.0406 3944 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

10:51:30.0406 3944 hpn - ok

10:51:30.0453 3944 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

10:51:30.0453 3944 HSFHWAZL - ok

10:51:30.0546 3944 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

10:51:30.0562 3944 HSF_DPV - ok

10:51:30.0687 3944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:51:30.0703 3944 HTTP - ok

10:51:30.0734 3944 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

10:51:30.0734 3944 i2omgmt - ok

10:51:30.0765 3944 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

10:51:30.0765 3944 i2omp - ok

10:51:30.0812 3944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:51:30.0812 3944 i8042prt - ok

10:51:30.0890 3944 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

10:51:30.0906 3944 ialm - ok

10:51:30.0968 3944 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

10:51:30.0968 3944 iaStor - ok

10:51:31.0000 3944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:51:31.0015 3944 Imapi - ok

10:51:31.0046 3944 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

10:51:31.0046 3944 ini910u - ok

10:51:31.0078 3944 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:51:31.0078 3944 IntelIde - ok

10:51:31.0203 3944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:51:31.0203 3944 intelppm - ok

10:51:31.0234 3944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:51:31.0234 3944 Ip6Fw - ok

10:51:31.0265 3944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:51:31.0265 3944 IpFilterDriver - ok

10:51:31.0281 3944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:51:31.0296 3944 IpInIp - ok

10:51:31.0328 3944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:51:31.0328 3944 IpNat - ok

10:51:31.0359 3944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:51:31.0359 3944 IPSec - ok

10:51:31.0390 3944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:51:31.0390 3944 IRENUM - ok

10:51:31.0406 3944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:51:31.0406 3944 isapnp - ok

10:51:31.0437 3944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:51:31.0437 3944 Kbdclass - ok

10:51:31.0453 3944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:51:31.0453 3944 kbdhid - ok

10:51:31.0500 3944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:51:31.0500 3944 kmixer - ok

10:51:31.0625 3944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:51:31.0625 3944 KSecDD - ok

10:51:31.0656 3944 Lbd - ok

10:51:31.0671 3944 lbrtfdc - ok

10:51:31.0718 3944 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

10:51:31.0718 3944 MBAMProtector - ok

10:51:31.0765 3944 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

10:51:31.0765 3944 mdmxsdk - ok

10:51:31.0796 3944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:51:31.0796 3944 mnmdd - ok

10:51:31.0828 3944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:51:31.0843 3944 Modem - ok

10:51:31.0890 3944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:51:31.0890 3944 Mouclass - ok

10:51:31.0937 3944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:51:31.0937 3944 mouhid - ok

10:51:31.0984 3944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:51:31.0984 3944 MountMgr - ok

10:51:32.0109 3944 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

10:51:32.0109 3944 MpFilter - ok

10:51:32.0203 3944 MpKslbb486b8f - ok

10:51:32.0250 3944 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

10:51:32.0250 3944 mraid35x - ok

10:51:32.0281 3944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:51:32.0281 3944 MRxDAV - ok

10:51:32.0343 3944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:51:32.0359 3944 MRxSmb - ok

10:51:32.0390 3944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:51:32.0390 3944 Msfs - ok

10:51:32.0421 3944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:51:32.0421 3944 MSKSSRV - ok

10:51:32.0562 3944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:51:32.0562 3944 MSPCLOCK - ok

10:51:32.0578 3944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:51:32.0578 3944 MSPQM - ok

10:51:32.0609 3944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:51:32.0609 3944 mssmbios - ok

10:51:32.0656 3944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:51:32.0656 3944 Mup - ok

10:51:32.0687 3944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:51:32.0703 3944 NDIS - ok

10:51:32.0734 3944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:51:32.0734 3944 NdisTapi - ok

10:51:32.0765 3944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:51:32.0765 3944 Ndisuio - ok

10:51:32.0796 3944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:51:32.0796 3944 NdisWan - ok

10:51:32.0843 3944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:51:32.0843 3944 NDProxy - ok

10:51:32.0968 3944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:51:32.0968 3944 NetBIOS - ok

10:51:33.0000 3944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:51:33.0000 3944 NetBT - ok

10:51:33.0046 3944 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

10:51:33.0046 3944 NIC1394 - ok

10:51:33.0093 3944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:51:33.0093 3944 Npfs - ok

10:51:33.0140 3944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:51:33.0140 3944 Ntfs - ok

10:51:33.0187 3944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:51:33.0187 3944 Null - ok

10:51:33.0218 3944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:51:33.0218 3944 NwlnkFlt - ok

10:51:33.0250 3944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:51:33.0250 3944 NwlnkFwd - ok

10:51:33.0265 3944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

10:51:33.0265 3944 ohci1394 - ok

10:51:33.0312 3944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

10:51:33.0312 3944 Parport - ok

10:51:33.0453 3944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:51:33.0453 3944 PartMgr - ok

10:51:33.0484 3944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:51:33.0484 3944 ParVdm - ok

10:51:33.0500 3944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:51:33.0515 3944 PCI - ok

10:51:33.0515 3944 PCIDump - ok

10:51:33.0546 3944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:51:33.0562 3944 PCIIde - ok

10:51:33.0593 3944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

10:51:33.0593 3944 Pcmcia - ok

10:51:33.0609 3944 PDCOMP - ok

10:51:33.0625 3944 PDFRAME - ok

10:51:33.0640 3944 PDRELI - ok

10:51:33.0656 3944 PDRFRAME - ok

10:51:33.0671 3944 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

10:51:33.0671 3944 perc2 - ok

10:51:33.0703 3944 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

10:51:33.0703 3944 perc2hib - ok

10:51:33.0750 3944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:51:33.0750 3944 PptpMiniport - ok

10:51:33.0796 3944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:51:33.0796 3944 PSched - ok

10:51:33.0828 3944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:51:33.0828 3944 Ptilink - ok

10:51:33.0968 3944 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:51:33.0968 3944 PxHelp20 - ok

10:51:34.0000 3944 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

10:51:34.0000 3944 ql1080 - ok

10:51:34.0015 3944 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

10:51:34.0015 3944 Ql10wnt - ok

10:51:34.0046 3944 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

10:51:34.0046 3944 ql12160 - ok

10:51:34.0078 3944 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

10:51:34.0078 3944 ql1240 - ok

10:51:34.0109 3944 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

10:51:34.0109 3944 ql1280 - ok

10:51:34.0140 3944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:51:34.0140 3944 RasAcd - ok

10:51:34.0187 3944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:51:34.0187 3944 Rasl2tp - ok

10:51:34.0218 3944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:51:34.0218 3944 RasPppoe - ok

10:51:34.0265 3944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:51:34.0265 3944 Raspti - ok

10:51:34.0406 3944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:51:34.0406 3944 Rdbss - ok

10:51:34.0437 3944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:51:34.0437 3944 RDPCDD - ok

10:51:34.0468 3944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:51:34.0468 3944 rdpdr - ok

10:51:34.0531 3944 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

10:51:34.0531 3944 RDPWD - ok

10:51:34.0562 3944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:51:34.0562 3944 redbook - ok

10:51:34.0625 3944 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

10:51:34.0625 3944 RTL8023xp - ok

10:51:34.0656 3944 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

10:51:34.0656 3944 rtl8139 - ok

10:51:34.0718 3944 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

10:51:34.0718 3944 sdbus - ok

10:51:34.0843 3944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:51:34.0843 3944 Secdrv - ok

10:51:34.0890 3944 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:51:34.0890 3944 Serenum - ok

10:51:34.0906 3944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

10:51:34.0906 3944 Serial - ok

10:51:34.0953 3944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

10:51:34.0953 3944 Sfloppy - ok

10:51:34.0968 3944 Simbad - ok

10:51:35.0000 3944 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

10:51:35.0000 3944 sisagp - ok

10:51:35.0046 3944 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

10:51:35.0046 3944 Sparrow - ok

10:51:35.0078 3944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:51:35.0078 3944 splitter - ok

10:51:35.0109 3944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:51:35.0109 3944 sr - ok

10:51:35.0171 3944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:51:35.0171 3944 Srv - ok

10:51:35.0296 3944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:51:35.0296 3944 swenum - ok

10:51:35.0328 3944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:51:35.0328 3944 swmidi - ok

10:51:35.0359 3944 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

10:51:35.0359 3944 symc810 - ok

10:51:35.0390 3944 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

10:51:35.0390 3944 symc8xx - ok

10:51:35.0406 3944 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

10:51:35.0406 3944 sym_hi - ok

10:51:35.0437 3944 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

10:51:35.0437 3944 sym_u3 - ok

10:51:35.0500 3944 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys

10:51:35.0500 3944 SynTP - ok

10:51:35.0531 3944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:51:35.0531 3944 sysaudio - ok

10:51:35.0609 3944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:51:35.0609 3944 Tcpip - ok

10:51:35.0640 3944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:51:35.0656 3944 TDPIPE - ok

10:51:35.0765 3944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:51:35.0765 3944 TDTCP - ok

10:51:35.0812 3944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:51:35.0812 3944 TermDD - ok

10:51:35.0875 3944 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

10:51:35.0875 3944 TosIde - ok

10:51:35.0921 3944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:51:35.0921 3944 Udfs - ok

10:51:35.0937 3944 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

10:51:35.0953 3944 ultra - ok

10:51:36.0000 3944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:51:36.0015 3944 Update - ok

10:51:36.0062 3944 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

10:51:36.0062 3944 usbaudio - ok

10:51:36.0109 3944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:51:36.0109 3944 usbccgp - ok

10:51:36.0125 3944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:51:36.0125 3944 usbehci - ok

10:51:36.0265 3944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:51:36.0265 3944 usbhub - ok

10:51:36.0312 3944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:51:36.0312 3944 usbprint - ok

10:51:36.0343 3944 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:51:36.0343 3944 USBSTOR - ok

10:51:36.0375 3944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:51:36.0375 3944 usbuhci - ok

10:51:36.0390 3944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:51:36.0390 3944 VgaSave - ok

10:51:36.0437 3944 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

10:51:36.0437 3944 viaagp - ok

10:51:36.0468 3944 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

10:51:36.0468 3944 ViaIde - ok

10:51:36.0500 3944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:51:36.0500 3944 VolSnap - ok

10:51:36.0531 3944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:51:36.0531 3944 Wanarp - ok

10:51:36.0546 3944 WDICA - ok

10:51:36.0578 3944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:51:36.0578 3944 wdmaud - ok

10:51:36.0750 3944 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

10:51:36.0750 3944 winachsf - ok

10:51:36.0812 3944 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

10:51:36.0812 3944 WmiAcpi - ok

10:51:36.0859 3944 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

10:51:36.0859 3944 WpdUsb - ok

10:51:36.0921 3944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:51:36.0921 3944 WudfPf - ok

10:51:36.0953 3944 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:51:36.0953 3944 WudfRd - ok

10:51:37.0000 3944 MBR (0x1B8) (5ae5a393505cffd37fe98c4a7922908d) \Device\Harddisk0\DR0

10:51:37.0000 3944 \Device\Harddisk0\DR0 - ok

10:51:37.0000 3944 Boot (0x1200) (b47c8d94901ee38b9b83a6969b77d1df) \Device\Harddisk0\DR0\Partition0

10:51:37.0000 3944 \Device\Harddisk0\DR0\Partition0 - ok

10:51:37.0046 3944 Boot (0x1200) (4add5a2910f838ec9749e06eb4b09b41) \Device\Harddisk0\DR0\Partition1

10:51:37.0046 3944 \Device\Harddisk0\DR0\Partition1 - ok

10:51:37.0046 3944 ============================================================

10:51:37.0046 3944 Scan finished

10:51:37.0046 3944 ============================================================

10:51:37.0062 2212 Detected object count: 0

10:51:37.0062 2212 Actual detected object count: 0

10:51:54.0046 3852 Deinitialize success

Link to post
Share on other sites

Hi Chris,

FIY the TDSSKiller.exe you had me run did not request a reboot when it finished. I don't know whether that means anything or not, just reporting to you.

I finally figured out the Kaspersky Rescue Disk 10 and the Burnaware program. I ran it, but the report it generated was empty. I followed your instructions and the ones in the program to save the report, but it failed to save it. So I ran it again with the same results. I don't know what it's doing with the report, but it sure as he-- isn't saving it to my HD!! However, the computer seems to be working nicely (I haven't tried it extensively) so maybe this will do it. I sure hope so! And thank you very much!

Now would you be able to take another look at my other computer, the one that had the Zentom System Guard virus? I posted it November 29 and you responded December 3 so maybe we could finish that one. I sure would appreciate it. Mike

Link to post
Share on other sites

Hi Screen317,

It seems that I jumped the gun. The computer is still behaving in the same manner as it has been. It still is difficult to get started at boot up. It works best if rkill is run as soon as the color returns to the icons on the desktop. rkill doesn't report finding anything, but if it isn't run, very shortly the machine will "lockup". It might turn loose after awhile or it might not. When the computer does run, it erratically seems to just stop during use.

From what I read on this forum (and others), it seems like this computer and our other one (that reported the Zentom System Guard virus and then reported the Zero.Access rootkit) have the same problem.

Could you please respond and continue helping me clean it?? I know you are doing this on a volunteer basis and I appreciate that. But if you don't have time to finish, it seems only reasonable that you would arrange to have a different helper assigned to this problem? After all, it's been over a month since you started this and your delays are getting longer between contacts and we would like to have the use of our computers.

If another "helper" (or anyone else) reads this and can suggest a course of action, would you please contact me?

Thanks, Mike

Link to post
Share on other sites

  • Staff

Hi,

I apologize for the extended delay.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

Here's the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-19 14:07:00

-----------------------------

14:07:00.250 OS Version: Windows 5.1.2600 Service Pack 3

14:07:00.250 Number of processors: 1 586 0xE08

14:07:00.265 ComputerName: KATHIE UserName:

14:07:00.484 Initialize success

14:07:49.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

14:07:49.953 Disk 0 Vendor: WDC_WD60 01.0 Size: 57241MB BusType: 3

14:07:49.968 Disk 0 MBR read successfully

14:07:49.968 Disk 0 MBR scan

14:07:49.968 Disk 0 unknown MBR code

14:07:49.968 Disk 0 scanning sectors +117226305

14:07:50.031 Disk 0 scanning C:\WINDOWS\system32\drivers

14:07:57.453 Service scanning

14:07:58.500 Modules scanning

14:08:04.875 Disk 0 trace - called modules:

14:08:04.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

14:08:04.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a61fab8]

14:08:04.890 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a5b2900]

14:08:04.890 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a61e030]

14:08:04.890 Scan finished successfully

14:09:33.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katherine\Desktop\MBR.dat"

14:09:33.781 The log file has been saved successfully to "C:\Documents and Settings\Katherine\Desktop\aswMBR.txt"

I guess I'm getting stupid in my old age, but I can't remember nor find instructions on how to "Attach" a file to this post!! How about you share this info with me? I have the zipped file ready to send and while I'm waiting for you, I'll keep looking and I'll run the other instructions you gave.

Thanks, Mike

Link to post
Share on other sites

Here's the MBRcheck log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 133):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D1000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF7358000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7347000 pci.sys

0xF7487000 isapnp.sys

0xF7497000 ohci1394.sys

0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF789B000 compbatt.sys

0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF798B000 intelide.sys

0xF798D000 viaide.sys

0xF798F000 aliide.sys

0xF7329000 pcmcia.sys

0xF74B7000 MountMgr.sys

0xF730A000 ftdisk.sys

0xF78A3000 ACPIEC.sys

0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xF770F000 PartMgr.sys

0xF74C7000 VolSnap.sys

0xF72F2000 atapi.sys

0xF721C000 iaStor.sys

0xF74D7000 disk.sys

0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF71FC000 fltmgr.sys

0xF71EA000 sr.sys

0xF7717000 PxHelp20.sys

0xF71D3000 KSecDD.sys

0xF71C0000 WudfPf.sys

0xF7133000 Ntfs.sys

0xF7106000 NDIS.sys

0xF74F7000 Serial.sys

0xF70EC000 Mup.sys

0xF7517000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF792F000 \SystemRoot\system32\DRIVERS\cpqbttn.sys

0xF7527000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF77F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7937000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xBA6B3000 \SystemRoot\system32\DRIVERS\ialmnt5.sys

0xBA69F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA677000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xBA523000 \SystemRoot\system32\DRIVERS\bcmwl5.sys

0xF77FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xBA4FF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF782F000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xBA4E5000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF795B000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF7537000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7867000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA4B0000 \SystemRoot\system32\DRIVERS\SynTP.sys

0xF7997000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7747000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7547000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF7557000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7567000 \SystemRoot\system32\DRIVERS\redbook.sys

0xBA465000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7B84000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7577000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF796F000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xBA44E000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7587000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7597000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF77D7000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xBA43D000 \SystemRoot\system32\DRIVERS\psched.sys

0xF75A7000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF780F000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF75B7000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys

0xBA3DF000 \SystemRoot\system32\DRIVERS\update.sys

0xF70B7000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF70AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF75C7000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF75E7000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xAA1B3000 \SystemRoot\system32\drivers\CHDAud.sys

0xAA18F000 \SystemRoot\system32\drivers\portcls.sys

0xF75F7000 \SystemRoot\system32\drivers\drmk.sys

0xAA15D000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xAA060000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xA9FB0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF7817000 \SystemRoot\System32\Drivers\Modem.SYS

0xBA31F000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xA9F61000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7A85000 \SystemRoot\System32\Drivers\Null.SYS

0xF79B9000 \SystemRoot\System32\Drivers\Beep.SYS

0xF777F000 \SystemRoot\System32\drivers\vga.sys

0xF79BD000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79C1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF778F000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF779F000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF7933000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA9F2E000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA9ED5000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA9EAD000 \SystemRoot\system32\DRIVERS\netbt.sys

0xA9E87000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF7657000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xA9E65000 \SystemRoot\System32\drivers\afd.sys

0xF7667000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF79C7000 \SystemRoot\system32\DRIVERS\eabfiltr.sys

0xA9E3A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA9DCA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF7677000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA488000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xA9FA0000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xA9D7E000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xA9CA8000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xF792B000 \SystemRoot\System32\drivers\Dxapi.sys

0xF775F000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7B23000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF021000 \SystemRoot\System32\ialmdnt5.dll

0xBF012000 \SystemRoot\System32\ialmrnt5.dll

0xBF043000 \SystemRoot\System32\ialmdev5.DLL

0xBF07E000 \SystemRoot\System32\ialmdd5.DLL

0xA9BCC000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0xA9A60000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA97F3000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA96EE000 \SystemRoot\system32\drivers\wdmaud.sys

0xA99A8000 \SystemRoot\system32\drivers\sysaudio.sys

0xA9550000 \SystemRoot\system32\DRIVERS\srv.sys

0xA9974000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xF7627000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA90FF000 \SystemRoot\System32\Drivers\HTTP.sys

0xA92A0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xA9188000 \??\C:\DOCUME~1\KATHER~1\LOCALS~1\Temp\aswMBR.sys

0xF772F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 26):

0 System Idle Process

4 System

728 C:\WINDOWS\system32\smss.exe

780 csrss.exe

804 C:\WINDOWS\system32\winlogon.exe

848 C:\WINDOWS\system32\services.exe

860 C:\WINDOWS\system32\lsass.exe

1004 C:\WINDOWS\system32\svchost.exe

1104 svchost.exe

1164 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

1200 C:\WINDOWS\system32\svchost.exe

1244 C:\WINDOWS\system32\svchost.exe

1404 svchost.exe

1440 svchost.exe

1760 C:\WINDOWS\explorer.exe

1952 C:\WINDOWS\system32\spoolsv.exe

164 svchost.exe

264 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

1144 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

1544 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

1580 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

1652 C:\Program Files\Microsoft Security Client\msseces.exe

1664 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

256 wmiprvse.exe

1076 C:\WINDOWS\system32\wscntfy.exe

2480 C:\Documents and Settings\Katherine\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`efd23200 (FAT32)

PhysicalDrive0 Model Number: WDCWD600BEVS-60LAT0, Rev: 01.06M01

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: D0919EC9044E217466E4B6B4F0D4E99E29BDE3F9

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 0

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

I selected 0 Default (Windows XP), and rebooted.

Link to post
Share on other sites

Hi,

Do the following:

Start -> Run

type diskmgmt.msc

Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.