Jump to content

Recommended Posts

Hello,

I was hit by a System32 error and Automatic Updates seem to be permanently disabled. I restarted my computer, and to my surprise, a fake virus scanner opened up. I used the task manager to close it down, but then I noticed my start menu was not available and all of my desktop icons were gone. I used Safe Mode to run Malwarebytes; I got those back, but they're all hidden (I set them to be revealed).

I've run Malwarebytes & my anti-virus several times without catching anything. Before I made an account, I tried reading through the forum to see if I could try to fix the problem, but it seems to be more than I can handle. I also used TDSSKiller, I'll add that log at the end.

I was wondering, could you help me out?

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by Troy at 9:43:04 on 2011-11-15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.673 [GMT -8:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\kbdhu32.exe

C:\WINDOWS\system32\atitvo3232.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\ABIT\uGuru\uGuru.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

{0ebe59cf-c617-41ab-a800-b965e7d40af6}

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "e:\malwarebytes' anti-malware\mbam.com.exe" /runcleanupscript

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{D8BC529C-851C-4F21-967A-B53C11F42C3D} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\troy\application data\mozilla\firefox\profiles\kvwpyct8.default\

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2009-7-14 14848]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]

R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864]

R2 Symantec AntiVirus32;Symantec AntiVirus ;c:\windows\system32\kbdhu32.exe [2011-7-13 813568]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110502.002\naveng.sys [2011-5-17 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110502.002\navex15.sys [2011-5-17 1393144]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-10 16512]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]

S4 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-10-19 19:49:36 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00:50 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys

2004-08-04 12:00:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12:01 413696 --sh--w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12:01 343040 --sh--w- c:\windows\system32\msvcrt.dll

2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

============= FINISH: 9:49:00.23 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 7/14/2009 9:56:03 AM

System Uptime: 11/15/2011 8:27:20 AM (1 hours ago)

.

Motherboard: http://www.abit.com.tw/ | | AW8-MAX(Intel i955-ICH7)

Processor: Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2848/203mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 186 GiB total, 9.572 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: RAID Controller

Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_31321095&REV_01\4&1B41B794&0&00E0

Manufacturer:

Name: RAID Controller

PNP Device ID: PCI\VEN_1095&DEV_3132&SUBSYS_31321095&REV_01\4&1B41B794&0&00E0

Service:

.

==== System Restore Points ===================

.

RP364: 11/2/2011 5:35:17 PM - System Checkpoint

RP365: 11/4/2011 12:44:20 AM - System Checkpoint

RP366: 11/5/2011 11:50:29 PM - System Checkpoint

RP367: 11/14/2011 12:38:51 AM - Restore Operation

RP368: 11/15/2011 8:19:37 AM - Installed HiJackThis

RP369: 11/15/2011 9:23:43 AM - Removed Steam

.

==== Installed Programs ======================

.

4Musics FLAC to MP3 Converter 4.0

ABIT uGuru

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

Adobe SVG Viewer 3.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Decoder

ATI Display Driver

ATI HYDRAVISION

ATI Multimedia Center

ATI Multimedia Center 9.01

ATI Remote Wonder 2

ATI Remote Wonder 2.5

AutoUpdate

Bonjour

CCleaner

Character Builder

Cisco Connect

Combined Community Codec Pack 2008-09-21 16:18

Compatibility Pack for the 2007 Office system

DAO

DivX

DivX Player

Google Chrome

Google Update Helper

Guild Wars

High Definition Audio Driver Package - KB888111

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet

HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers

HP Photo Printing Software

hp psc 2200 series

iTunes

Java 6 Update 15

League of Legends

LiveUpdate 2.0 (Symantec Corporation)

Logitech Desktop Messenger

Logitech QuickCam

Logitech QuickCam Driver Package

Logitech Updater

Malwarebytes' Anti-Malware

Manga Studio Debut 4.0

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 6.1

Microsoft IntelliType Pro 6.1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Word 2002

Microsoft Works 2002 Setup Launcher

Microsoft Works 6.0

Mozilla Firefox 8.0 (x86 en-US)

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Mudlet (remove only)

Nero BurnLite 10

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

NETGEAR WG111v3 wireless USB 2.0 adapter

Pando Media Booster

PrintingPress

QuickTime

Ragnarok Online

Ragnarok Sakray

RangeMax Wireless-N USB Adapter WN111v2

Readiris 7.5

RealPlayer

Realtek High Definition Audio Driver

Rosetta Stone DEMO 2.1.5.1S

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype web features

Skype™ 4.1

SuperNZB v3.2.1

Symantec AntiVirus

TeamSpeak 3 Client

Trillian

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB978506)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WN111v2

Works Suite OS Pack

Works Synchronization

Yahoo! Messenger

YouTube Downloader 2.7.4

.

==== Event Viewer Messages From Past Week ========

.

11/15/2011 9:24:43 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/15/2011 8:15:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

11/14/2011 10:07:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

11/13/2011 6:48:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm ohci1394 SAVRT SYMTDI

11/13/2011 3:05:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVRT SYMTDI

11/13/2011 2:49:25 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/13/2011 11:00:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/13/2011 1:05:01 PM, error: Service Control Manager [7023] - The Network Connections service terminated with the following error: Not enough storage is available to process this command.

11/12/2011 2:18:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SYMTDI Tcpip

11/12/2011 2:18:17 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2011 2:18:17 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2011 2:18:17 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2011 2:18:17 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2011 2:18:17 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2011 2:18:17 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/12/2011 2:17:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/12/2011 2:17:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

08:24:45.0218 2052 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

08:24:45.0812 2052 ============================================================

08:24:45.0812 2052 Current date / time: 2011/11/15 08:24:45.0812

08:24:45.0812 2052 SystemInfo:

08:24:45.0812 2052

08:24:45.0812 2052 OS Version: 5.1.2600 ServicePack: 3.0

08:24:45.0812 2052 Product type: Workstation

08:24:45.0812 2052 ComputerName: SLEIPNIR

08:24:45.0828 2052 UserName: Troy

08:24:45.0828 2052 Windows directory: C:\WINDOWS

08:24:45.0828 2052 System windows directory: C:\WINDOWS

08:24:45.0828 2052 Processor architecture: Intel x86

08:24:45.0828 2052 Number of processors: 2

08:24:45.0828 2052 Page size: 0x1000

08:24:45.0828 2052 Boot type: Normal boot

08:24:45.0828 2052 ============================================================

08:24:49.0359 2052 Initialize success

08:25:07.0140 3748 ============================================================

08:25:07.0140 3748 Scan started

08:25:07.0140 3748 Mode: Manual;

08:25:07.0140 3748 ============================================================

08:25:12.0828 3748 Abiosdsk - ok

08:25:12.0890 3748 abp480n5 - ok

08:25:13.0015 3748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:25:13.0015 3748 ACPI - ok

08:25:13.0062 3748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:25:13.0062 3748 ACPIEC - ok

08:25:13.0078 3748 adpu160m - ok

08:25:13.0125 3748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:25:13.0125 3748 aec - ok

08:25:13.0171 3748 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

08:25:13.0171 3748 AegisP - ok

08:25:13.0218 3748 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

08:25:13.0218 3748 AFD - ok

08:25:13.0265 3748 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

08:25:13.0265 3748 AFS2K - ok

08:25:13.0281 3748 Aha154x - ok

08:25:13.0296 3748 aic78u2 - ok

08:25:13.0343 3748 aic78xx - ok

08:25:13.0375 3748 AliIde - ok

08:25:13.0390 3748 amsint - ok

08:25:13.0468 3748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:25:13.0468 3748 Arp1394 - ok

08:25:13.0500 3748 asc - ok

08:25:13.0515 3748 asc3350p - ok

08:25:13.0562 3748 asc3550 - ok

08:25:13.0609 3748 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys

08:25:13.0625 3748 ASPI - ok

08:25:13.0687 3748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:25:13.0687 3748 AsyncMac - ok

08:25:13.0718 3748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:25:13.0718 3748 atapi - ok

08:25:13.0734 3748 Atdisk - ok

08:25:13.0796 3748 ATI Remote Wonder II (1c5473c7214a63c3012d5544779d07a3) C:\WINDOWS\system32\drivers\ATIRWVD.SYS

08:25:13.0796 3748 ATI Remote Wonder II - ok

08:25:14.0234 3748 ati2mtag (03eaf48fa040a00c6c5f2b8cc11182f1) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

08:25:14.0265 3748 ati2mtag - ok

08:25:14.0312 3748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:25:14.0312 3748 Atmarpc - ok

08:25:14.0359 3748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:25:14.0359 3748 audstub - ok

08:25:14.0421 3748 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

08:25:14.0421 3748 b57w2k - ok

08:25:14.0468 3748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:25:14.0468 3748 Beep - ok

08:25:14.0515 3748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:25:14.0531 3748 cbidf2k - ok

08:25:14.0562 3748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:25:14.0562 3748 CCDECODE - ok

08:25:14.0593 3748 cd20xrnt - ok

08:25:14.0625 3748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:25:14.0625 3748 Cdaudio - ok

08:25:14.0656 3748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:25:14.0656 3748 Cdfs - ok

08:25:14.0671 3748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:25:14.0671 3748 Cdrom - ok

08:25:14.0687 3748 Changer - ok

08:25:14.0718 3748 CmdIde - ok

08:25:14.0734 3748 Cpqarray - ok

08:25:14.0750 3748 dac2w2k - ok

08:25:14.0765 3748 dac960nt - ok

08:25:14.0796 3748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:25:14.0796 3748 Disk - ok

08:25:15.0015 3748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:25:15.0062 3748 dmboot - ok

08:25:15.0093 3748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:25:15.0109 3748 dmio - ok

08:25:15.0140 3748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:25:15.0140 3748 dmload - ok

08:25:15.0187 3748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:25:15.0187 3748 DMusic - ok

08:25:15.0234 3748 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS

08:25:15.0250 3748 DNINDIS5 - ok

08:25:15.0281 3748 dpti2o - ok

08:25:15.0296 3748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:25:15.0296 3748 drmkaud - ok

08:25:15.0343 3748 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

08:25:15.0343 3748 EAPPkt - ok

08:25:15.0406 3748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:25:15.0421 3748 Fastfat - ok

08:25:15.0453 3748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:25:15.0453 3748 Fdc - ok

08:25:15.0468 3748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:25:15.0484 3748 Fips - ok

08:25:15.0531 3748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

08:25:15.0546 3748 Flpydisk - ok

08:25:15.0562 3748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:25:15.0578 3748 FltMgr - ok

08:25:15.0609 3748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:25:15.0609 3748 Fs_Rec - ok

08:25:15.0625 3748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:25:15.0640 3748 Ftdisk - ok

08:25:15.0703 3748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:25:15.0703 3748 GEARAspiWDM - ok

08:25:15.0734 3748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:25:15.0734 3748 Gpc - ok

08:25:15.0781 3748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:25:15.0781 3748 HDAudBus - ok

08:25:15.0812 3748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:25:15.0812 3748 hidusb - ok

08:25:15.0921 3748 hpn - ok

08:25:15.0968 3748 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

08:25:15.0968 3748 HPZid412 - ok

08:25:16.0015 3748 HPZipr12 (8b34661cd899e9274395d5f9ceef725e) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

08:25:16.0015 3748 HPZipr12 - ok

08:25:16.0046 3748 HPZius12 (8c5b5566bbc78d6aedad44e92dbd878e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

08:25:16.0046 3748 HPZius12 - ok

08:25:16.0093 3748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:25:16.0093 3748 HTTP - ok

08:25:16.0125 3748 i2omgmt - ok

08:25:16.0140 3748 i2omp - ok

08:25:16.0187 3748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:25:16.0187 3748 i8042prt - ok

08:25:16.0218 3748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:25:16.0218 3748 Imapi - ok

08:25:16.0234 3748 ini910u - ok

08:25:16.0359 3748 IntcAzAudAddService (afe9d8b5370f8364fff9c6f3e8843b5c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

08:25:16.0515 3748 IntcAzAudAddService - ok

08:25:16.0531 3748 IntelIde - ok

08:25:16.0578 3748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:25:16.0578 3748 intelppm - ok

08:25:16.0609 3748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:25:16.0609 3748 Ip6Fw - ok

08:25:16.0640 3748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:25:16.0656 3748 IpFilterDriver - ok

08:25:16.0687 3748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:25:16.0687 3748 IpInIp - ok

08:25:16.0718 3748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:25:16.0718 3748 IpNat - ok

08:25:16.0750 3748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:25:16.0750 3748 IPSec - ok

08:25:16.0781 3748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:25:16.0781 3748 IRENUM - ok

08:25:16.0828 3748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:25:16.0828 3748 isapnp - ok

08:25:16.0937 3748 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys

08:25:16.0937 3748 JSWSCIMD - ok

08:25:16.0953 3748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:25:16.0953 3748 Kbdclass - ok

08:25:17.0031 3748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:25:17.0031 3748 kmixer - ok

08:25:17.0109 3748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:25:17.0125 3748 KSecDD - ok

08:25:17.0156 3748 lbrtfdc - ok

08:25:17.0187 3748 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

08:25:17.0203 3748 LVPr2Mon - ok

08:25:17.0265 3748 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

08:25:17.0281 3748 LVRS - ok

08:25:17.0328 3748 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

08:25:17.0328 3748 LVUSBSta - ok

08:25:17.0390 3748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:25:17.0390 3748 mnmdd - ok

08:25:17.0468 3748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:25:17.0484 3748 Modem - ok

08:25:17.0500 3748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:25:17.0500 3748 Mouclass - ok

08:25:17.0562 3748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:25:17.0562 3748 mouhid - ok

08:25:17.0593 3748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:25:17.0609 3748 MountMgr - ok

08:25:17.0609 3748 mraid35x - ok

08:25:17.0640 3748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:25:17.0640 3748 MRxDAV - ok

08:25:17.0703 3748 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:25:17.0703 3748 MRxSmb - ok

08:25:17.0750 3748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:25:17.0781 3748 Msfs - ok

08:25:17.0828 3748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:25:17.0828 3748 MSKSSRV - ok

08:25:18.0359 3748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:25:18.0359 3748 MSPCLOCK - ok

08:25:18.0593 3748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:25:18.0593 3748 MSPQM - ok

08:25:18.0640 3748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:25:18.0640 3748 mssmbios - ok

08:25:18.0671 3748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

08:25:18.0671 3748 MSTEE - ok

08:25:18.0687 3748 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

08:25:18.0703 3748 Mup - ok

08:25:18.0734 3748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:25:18.0734 3748 NABTSFEC - ok

08:25:19.0203 3748 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110502.002\naveng.sys

08:25:19.0296 3748 NAVENG - ok

08:25:19.0359 3748 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110502.002\navex15.sys

08:25:19.0421 3748 NAVEX15 - ok

08:25:19.0546 3748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:25:19.0593 3748 NDIS - ok

08:25:19.0625 3748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:25:19.0625 3748 NdisIP - ok

08:25:19.0671 3748 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:25:19.0671 3748 NdisTapi - ok

08:25:19.0718 3748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:25:19.0718 3748 Ndisuio - ok

08:25:19.0750 3748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:25:19.0750 3748 NdisWan - ok

08:25:19.0796 3748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:25:19.0812 3748 NDProxy - ok

08:25:19.0906 3748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:25:19.0906 3748 NetBIOS - ok

08:25:20.0093 3748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:25:20.0093 3748 NetBT - ok

08:25:20.0140 3748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:25:20.0140 3748 NIC1394 - ok

08:25:20.0171 3748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:25:20.0187 3748 Npfs - ok

08:25:20.0218 3748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:25:20.0265 3748 Ntfs - ok

08:25:20.0312 3748 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

08:25:20.0312 3748 NuidFltr - ok

08:25:20.0359 3748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:25:20.0359 3748 Null - ok

08:25:20.0796 3748 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:25:25.0640 3748 nv - ok

08:25:25.0796 3748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:25:25.0796 3748 NwlnkFlt - ok

08:25:25.0890 3748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:25:25.0890 3748 NwlnkFwd - ok

08:25:25.0921 3748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:25:25.0921 3748 ohci1394 - ok

08:25:26.0609 3748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

08:25:26.0625 3748 Parport - ok

08:25:26.0640 3748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:25:26.0656 3748 PartMgr - ok

08:25:26.0718 3748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:25:26.0718 3748 ParVdm - ok

08:25:26.0734 3748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:25:26.0734 3748 PCI - ok

08:25:26.0765 3748 PCIDump - ok

08:25:26.0828 3748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:25:26.0828 3748 PCIIde - ok

08:25:26.0890 3748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:25:26.0921 3748 Pcmcia - ok

08:25:26.0937 3748 PDCOMP - ok

08:25:27.0406 3748 PDFRAME - ok

08:25:27.0421 3748 PDRELI - ok

08:25:27.0437 3748 PDRFRAME - ok

08:25:27.0484 3748 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\WINDOWS\system32\DRIVERS\lv302af.sys

08:25:27.0500 3748 pepifilter - ok

08:25:27.0500 3748 perc2 - ok

08:25:27.0515 3748 perc2hib - ok

08:25:27.0656 3748 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

08:25:27.0718 3748 PID_PEPI - ok

08:25:27.0781 3748 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys

08:25:27.0781 3748 Point32 - ok

08:25:27.0859 3748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:25:27.0875 3748 PptpMiniport - ok

08:25:27.0890 3748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:25:27.0890 3748 PSched - ok

08:25:27.0921 3748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:25:27.0921 3748 Ptilink - ok

08:25:28.0281 3748 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:25:28.0281 3748 PxHelp20 - ok

08:25:28.0500 3748 ql1080 - ok

08:25:28.0515 3748 Ql10wnt - ok

08:25:28.0531 3748 ql12160 - ok

08:25:28.0546 3748 ql1240 - ok

08:25:28.0562 3748 ql1280 - ok

08:25:28.0593 3748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:25:28.0593 3748 RasAcd - ok

08:25:28.0625 3748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:25:28.0625 3748 Rasl2tp - ok

08:25:28.0640 3748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:25:28.0640 3748 RasPppoe - ok

08:25:28.0656 3748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:25:28.0656 3748 Raspti - ok

08:25:28.0687 3748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:25:28.0687 3748 Rdbss - ok

08:25:28.0703 3748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:25:28.0703 3748 RDPCDD - ok

08:25:28.0750 3748 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

08:25:28.0781 3748 RDPWD - ok

08:25:28.0796 3748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:25:28.0796 3748 redbook - ok

08:25:28.0890 3748 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys

08:25:28.0890 3748 RTL8187B - ok

08:25:29.0453 3748 SAVRT (c8023be4dda22a52cd2f60d9cb9b3985) C:\Program Files\Symantec AntiVirus\savrt.sys

08:25:30.0390 3748 SAVRT - ok

08:25:30.0406 3748 SAVRTPEL (30547fd7692dc799a0b397b2b918a158) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

08:25:30.0421 3748 SAVRTPEL - ok

08:25:30.0562 3748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:25:30.0562 3748 Secdrv - ok

08:25:30.0609 3748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

08:25:30.0625 3748 Serial - ok

08:25:30.0640 3748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:25:30.0656 3748 Sfloppy - ok

08:25:30.0671 3748 Simbad - ok

08:25:30.0703 3748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:25:30.0703 3748 SLIP - ok

08:25:30.0734 3748 Sparrow - ok

08:25:30.0750 3748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:25:30.0750 3748 splitter - ok

08:25:30.0781 3748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:25:30.0796 3748 sr - ok

08:25:30.0843 3748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:25:30.0843 3748 Srv - ok

08:25:30.0906 3748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:25:30.0906 3748 streamip - ok

08:25:30.0937 3748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:25:30.0937 3748 swenum - ok

08:25:31.0500 3748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:25:31.0500 3748 swmidi - ok

08:25:31.0531 3748 symc810 - ok

08:25:31.0562 3748 symc8xx - ok

08:25:31.0640 3748 SymEvent (42123611a49c33536ab29bdd852a9f5e) C:\Program Files\Symantec\SYMEVENT.SYS

08:25:31.0671 3748 SymEvent - ok

08:25:31.0703 3748 SYMREDRV (145eaae477f5b56f2621956150a143b0) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

08:25:31.0703 3748 SYMREDRV - ok

08:25:31.0750 3748 SYMTDI (926efafc087d356bba50bdf6e640bc13) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

08:25:31.0765 3748 SYMTDI - ok

08:25:31.0781 3748 sym_hi - ok

08:25:31.0812 3748 sym_u3 - ok

08:25:31.0843 3748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:25:31.0843 3748 sysaudio - ok

08:25:32.0312 3748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:25:32.0468 3748 Tcpip - ok

08:25:32.0500 3748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:25:32.0515 3748 TDPIPE - ok

08:25:32.0562 3748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:25:32.0593 3748 TDTCP - ok

08:25:32.0671 3748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:25:32.0671 3748 TermDD - ok

08:25:32.0703 3748 TosIde - ok

08:25:32.0734 3748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:25:32.0750 3748 Udfs - ok

08:25:32.0781 3748 UGURU (d93be98f52bb384ece2cd0d580e368cd) C:\WINDOWS\system32\drivers\uGuru.sys

08:25:32.0796 3748 UGURU - ok

08:25:32.0796 3748 ultra - ok

08:25:32.0843 3748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:25:32.0859 3748 Update - ok

08:25:32.0890 3748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

08:25:32.0906 3748 usbaudio - ok

08:25:33.0406 3748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:25:33.0406 3748 usbccgp - ok

08:25:33.0796 3748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:25:33.0796 3748 usbehci - ok

08:25:33.0921 3748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:25:33.0921 3748 usbhub - ok

08:25:33.0937 3748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:25:33.0937 3748 usbprint - ok

08:25:35.0109 3748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:25:35.0109 3748 usbscan - ok

08:25:36.0109 3748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:25:36.0109 3748 USBSTOR - ok

08:25:37.0703 3748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:25:37.0703 3748 usbuhci - ok

08:25:38.0218 3748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:25:38.0296 3748 VgaSave - ok

08:25:38.0984 3748 ViaIde - ok

08:25:39.0468 3748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:25:39.0468 3748 VolSnap - ok

08:25:39.0562 3748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:25:39.0562 3748 Wanarp - ok

08:25:39.0656 3748 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

08:25:39.0671 3748 Wdf01000 - ok

08:25:39.0750 3748 WDICA - ok

08:25:39.0781 3748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:25:39.0781 3748 wdmaud - ok

08:25:39.0921 3748 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys

08:25:39.0921 3748 WN111v2 - ok

08:25:39.0984 3748 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys

08:25:39.0984 3748 WSIMD - ok

08:25:40.0015 3748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:25:40.0015 3748 WSTCODEC - ok

08:25:40.0062 3748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:25:40.0062 3748 WudfPf - ok

08:25:40.0906 3748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:25:41.0171 3748 WudfRd - ok

08:25:41.0296 3748 MBR (0x1B8) (b0b17de2470979f6aa7d36e451109b01) \Device\Harddisk0\DR0

08:25:41.0562 3748 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

08:25:41.0562 3748 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

08:25:41.0640 3748 Boot (0x1200) (a3d77b6bb5f6082f727b6825d96bbc0c) \Device\Harddisk0\DR0\Partition0

08:25:41.0781 3748 \Device\Harddisk0\DR0\Partition0 - ok

08:25:41.0781 3748 ============================================================

08:25:41.0781 3748 Scan finished

08:25:41.0781 3748 ============================================================

08:25:41.0796 0832 Detected object count: 1

08:25:41.0796 0832 Actual detected object count: 1

08:25:59.0375 0832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

08:25:59.0406 0832 \Device\Harddisk0\DR0 - ok

08:25:59.0406 0832 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

08:26:08.0296 1184 Deinitialize success

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Ah, hello LDTate;

my most recent scan was on the 14th, it was up to date then. Recently I haven't been able to complete a full system scan due to the scan taking too long (in excess of 4 hours then it no longer responds in the normal boot up). The scans in safe mode in the admin account have come up empty with my anti-virus & Malwarebytes as well. I hope the information I give you will help.

First the computer did not have icons or a start menu. Soon after with the deletion of Rootkit.Boot.Pihar.b due to TDSSKiller, the computer has some functionality. For some reason all of the icons have been set to hidden (with the exception of the Recycle Bin & Share to Web), there are no Start Menu programs or files, the computer has been running slowly (especially when Ping.exe shows up), Malwarebytes only works when I run it off a thumb drive, and I hear the System Error beep on my speakers from time to time.

Here's my most recent scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8064

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

11/14/2011 7:45:42 PM

mbam-log-2011-11-14 (19-45-42).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 300820

Time elapsed: 1 hour(s), 9 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Next:

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ah, excellent! My icons are back. I used Combofix, and it seems to have done a lot.

Unfortunately, I can no longer connect to the internet (I'm using a friends computer), nor can I activate my Firewall (ICS), and IPconfig says my Media State is Disconnected (when I have not changed anything). I've restarted my computer a few times (also in safe mode w/networking), and I've reset my router & modem while my computer still shows that my Local Area Connetction is unplugged (when it is).

Is there anything you can advise me to do?

Here's my Combofix log:

ComboFix 11-11-19.04 - Troy 11/19/2011 22:35:42.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1453 [GMT -8:00]

Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\install.rdf

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\chrome.manifest

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\chrome\xulcache.jar

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\defaults\preferences\xulcache.js

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{0ae09f70-10b2-40d4-be4c-512e0c034fda}\install.rdf

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\chrome.manifest

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\chrome\xulcache.jar

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\defaults\preferences\xulcache.js

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{7076d6d3-8f39-4ab4-867d-3b7c7111c0f4}\install.rdf

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\chrome.manifest

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\chrome\xulcache.jar

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\defaults\preferences\xulcache.js

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{ef239543-62ff-4a70-b06c-4de4dd3ced01}\install.rdf

c:\documents and settings\Troy\Application Data\PriceGong

c:\documents and settings\Troy\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\j.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Troy\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Troy\jfhzekuzyh.tmp

c:\documents and settings\Troy\Start Menu\Programs\System Restore

c:\documents and settings\Troy\Start Menu\Programs\System Restore\System Restore.lnk

c:\documents and settings\Troy\Start Menu\Programs\System Restore\Uninstall System Restore.lnk

c:\windows\$NtUninstallKB33298$\1973614512\@

c:\windows\$NtUninstallKB33298$\1973614512\bckfg.tmp

c:\windows\$NtUninstallKB33298$\1973614512\cfg.ini

c:\windows\$NtUninstallKB33298$\1973614512\Desktop.ini

c:\windows\$NtUninstallKB33298$\1973614512\keywords

c:\windows\$NtUninstallKB33298$\1973614512\kwrd.dll

c:\windows\$NtUninstallKB33298$\1973614512\L\adrufgqa

c:\windows\$NtUninstallKB33298$\1973614512\lsflt7.ver

c:\windows\$NtUninstallKB33298$\1973614512\U\00000001.@

c:\windows\$NtUninstallKB33298$\1973614512\U\00000002.@

c:\windows\$NtUninstallKB33298$\1973614512\U\00000004.@

c:\windows\$NtUninstallKB33298$\1973614512\U\80000000.@

c:\windows\$NtUninstallKB33298$\1973614512\U\80000004.@

c:\windows\$NtUninstallKB33298$\1973614512\U\80000032.@

c:\windows\$NtUninstallKB33298$\672062764

c:\windows\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\system32\0.11075451163264638.exe

c:\windows\system32\0.35936403580830933.exe

c:\windows\system32\0.3793830740564099.exe

c:\windows\system32\0.5714543821806114.exe

c:\windows\system32\0.6398063118700711.exe

c:\windows\system32\0.7206006847782568.exe

c:\windows\system32\0.7765916915477572.exe

c:\windows\system32\atitvo3232.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\$NtUninstallKB33298$ . . . . Failed to delete

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_COMSYSAPP

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))

.

.

2011-11-15 16:19 . 2011-11-15 16:19 388096 ----a-r- c:\documents and settings\Troy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-15 16:19 . 2011-11-15 16:19 -------- d-----w- c:\program files\Trend Micro

2011-11-13 19:02 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 20:05 . 2011-11-12 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 19:49 . 2011-05-17 23:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2010-02-15 18:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 00:52 . 2011-09-08 04:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 343040 --sh--w- c:\windows\system32\msvcrt.dll

2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 84992 --sh--w- c:\windows\system32\olepro32.dll

2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-04-11 17:10 65536 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

2004-06-16 05:17 69705 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]

2004-08-27 06:51 200704 ----a-w- c:\program files\ATI Multimedia\RemCtrl\ATIRW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-07-18 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2004-02-29 23:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-11-22 01:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 23:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 23:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]

2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-04-28 11:05 14372352 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-09-08 06:43 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

2004-03-12 22:18 124128 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

2009-07-14 22:10 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"NAUpdate"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8370:TCP"= 8370:TCP:League of Legends Launcher

"8370:UDP"= 8370:UDP:League of Legends Launcher

"8371:TCP"= 8371:TCP:League of Legends Launcher

"8371:UDP"= 8371:UDP:League of Legends Launcher

"6917:TCP"= 6917:TCP:League of Legends Launcher

"6917:UDP"= 6917:UDP:League of Legends Launcher

"8372:TCP"= 8372:TCP:League of Legends Launcher

"8372:UDP"= 8372:UDP:League of Legends Launcher

"8373:TCP"= 8373:TCP:League of Legends Launcher

"8373:UDP"= 8373:UDP:League of Legends Launcher

"8374:TCP"= 8374:TCP:League of Legends Launcher

"8374:UDP"= 8374:UDP:League of Legends Launcher

"8375:TCP"= 8375:TCP:League of Legends Launcher

"8375:UDP"= 8375:UDP:League of Legends Launcher

"6896:TCP"= 6896:TCP:League of Legends Launcher

"6896:UDP"= 6896:UDP:League of Legends Launcher

"8376:TCP"= 8376:TCP:League of Legends Launcher

"8376:UDP"= 8376:UDP:League of Legends Launcher

"8377:TCP"= 8377:TCP:League of Legends Launcher

"8377:UDP"= 8377:UDP:League of Legends Launcher

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6983:TCP"= 6983:TCP:League of Legends Launcher

"6983:UDP"= 6983:UDP:League of Legends Launcher

"57770:TCP"= 57770:TCP:Pando Media Booster

"57770:UDP"= 57770:UDP:Pando Media Booster

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

.

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [7/14/2009 9:09 AM 14848]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]

R2 Symantec AntiVirus32;Symantec AntiVirus ;c:\windows\system32\kbdhu32.exe [7/13/2011 11:11 PM 813568]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/10/2010 11:53 PM 16512]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 2:18 PM 169192]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]

S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 11:07 AM 503080]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2010-09-10 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF274316288.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 08:46]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-20 c:\windows\Tasks\User_Feed_Synchronization-{E637A6E5-851D-4874-A14E-EED25584ACED}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0EBE59CF-C617-41AB-A800-B965E7D40AF6} - c:\windows\system32\atitvo3232.dll

Toolbar-Locked - (no file)

HKLM-Run-Malwarebytes' Anti-Malware (reboot) - e:\malwarebytes' anti-malware\mbam.com.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-19 23:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1504)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(7272)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\acs.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\atitvo3232.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-19 23:11:47 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-20 07:11

.

Pre-Run: 9,321,099,264 bytes free

Post-Run: 10,870,743,040 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 3A399A77EACAEF94540A1CA3B0F12124

Link to post
Share on other sites

Ah, seems like I've been hit by a strong one. I ran it twice more to see what comes up.

Log 1:

ComboFix 11-11-19.04 - Troy 11/23/2011 15:35:21.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1400 [GMT -8:00]

Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3tbsm33.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\install.rdf

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\chrome.manifest

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\chrome\xulcache.jar

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\defaults\preferences\xulcache.js

c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\extensions\{9ae415ab-40c3-43da-9abf-c7ef0f6c2314}\install.rdf

c:\documents and settings\Troy\jfhzekuzyh.tmp

c:\windows\system32\atitvo3232.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))

.

.

2011-11-20 07:31 . 2011-11-20 07:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2011-11-15 16:19 . 2011-11-15 16:19 388096 ----a-r- c:\documents and settings\Troy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-15 16:19 . 2011-11-15 16:19 -------- d-----w- c:\program files\Trend Micro

2011-11-13 19:02 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 20:05 . 2011-11-12 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 19:49 . 2011-05-17 23:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2010-02-15 18:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 00:52 . 2011-09-08 04:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EBE59CF-C617-41AB-A800-B965E7D40AF6}]

c:\windows\system32\atitvo3232.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-04-11 17:10 65536 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

2004-06-16 05:17 69705 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]

2004-08-27 06:51 200704 ----a-w- c:\program files\ATI Multimedia\RemCtrl\ATIRW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-07-18 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2004-02-29 23:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-11-22 01:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 23:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 23:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]

2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-04-28 11:05 14372352 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-09-08 06:43 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

2004-03-12 22:18 124128 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

2009-07-14 22:10 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"NAUpdate"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8370:TCP"= 8370:TCP:League of Legends Launcher

"8370:UDP"= 8370:UDP:League of Legends Launcher

"8371:TCP"= 8371:TCP:League of Legends Launcher

"8371:UDP"= 8371:UDP:League of Legends Launcher

"6917:TCP"= 6917:TCP:League of Legends Launcher

"6917:UDP"= 6917:UDP:League of Legends Launcher

"8372:TCP"= 8372:TCP:League of Legends Launcher

"8372:UDP"= 8372:UDP:League of Legends Launcher

"8373:TCP"= 8373:TCP:League of Legends Launcher

"8373:UDP"= 8373:UDP:League of Legends Launcher

"8374:TCP"= 8374:TCP:League of Legends Launcher

"8374:UDP"= 8374:UDP:League of Legends Launcher

"8375:TCP"= 8375:TCP:League of Legends Launcher

"8375:UDP"= 8375:UDP:League of Legends Launcher

"6896:TCP"= 6896:TCP:League of Legends Launcher

"6896:UDP"= 6896:UDP:League of Legends Launcher

"8376:TCP"= 8376:TCP:League of Legends Launcher

"8376:UDP"= 8376:UDP:League of Legends Launcher

"8377:TCP"= 8377:TCP:League of Legends Launcher

"8377:UDP"= 8377:UDP:League of Legends Launcher

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6983:TCP"= 6983:TCP:League of Legends Launcher

"6983:UDP"= 6983:UDP:League of Legends Launcher

"57770:TCP"= 57770:TCP:Pando Media Booster

"57770:UDP"= 57770:UDP:Pando Media Booster

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

.

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [7/14/2009 9:09 AM 14848]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]

R2 Symantec AntiVirus32;Symantec AntiVirus ;c:\windows\system32\kbdhu32.exe [7/13/2011 11:11 PM 813568]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/10/2010 11:53 PM 16512]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 2:18 PM 169192]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]

S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 11:07 AM 503080]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2010-09-10 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF274316288.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 08:46]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-23 c:\windows\Tasks\User_Feed_Synchronization-{E637A6E5-851D-4874-A14E-EED25584ACED}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\

FF - prefs.js: network.proxy.type - 4

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-23 15:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1484)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(6200)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\acs.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\atitvo3232.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-23 15:53:32 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-23 23:53

ComboFix2.txt 2011-11-20 07:11

.

Pre-Run: 40,934,350,848 bytes free

Post-Run: 40,921,247,744 bytes free

.

- - End Of File - - 6B426B78BA1C277369E5B18293333F7D

Log 2:

ComboFix 11-11-19.04 - Troy 11/23/2011 15:59:36.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1400 [GMT -8:00]

Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))

.

.

2011-11-20 07:31 . 2011-11-20 07:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2011-11-15 16:19 . 2011-11-15 16:19 388096 ----a-r- c:\documents and settings\Troy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-15 16:19 . 2011-11-15 16:19 -------- d-----w- c:\program files\Trend Micro

2011-11-13 19:02 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 20:05 . 2011-11-12 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 19:49 . 2011-05-17 23:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2010-02-15 18:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 00:52 . 2011-09-08 04:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-20_07.06.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-24 00:10 . 2008-07-26 14:25 109080 c:\windows\temp\logishrd\LVPrcInj01.dll

- 2011-11-20 07:05 . 2011-11-20 07:06 109080 c:\windows\temp\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EBE59CF-C617-41AB-A800-B965E7D40AF6}]

c:\windows\system32\atitvo3232.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-04-11 17:10 65536 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

2004-06-16 05:17 69705 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]

2004-08-27 06:51 200704 ----a-w- c:\program files\ATI Multimedia\RemCtrl\ATIRW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-07-18 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2004-02-29 23:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-11-22 01:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 23:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 23:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]

2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-04-28 11:05 14372352 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-09-08 06:43 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

2004-03-12 22:18 124128 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

2009-07-14 22:10 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"NAUpdate"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8370:TCP"= 8370:TCP:League of Legends Launcher

"8370:UDP"= 8370:UDP:League of Legends Launcher

"8371:TCP"= 8371:TCP:League of Legends Launcher

"8371:UDP"= 8371:UDP:League of Legends Launcher

"6917:TCP"= 6917:TCP:League of Legends Launcher

"6917:UDP"= 6917:UDP:League of Legends Launcher

"8372:TCP"= 8372:TCP:League of Legends Launcher

"8372:UDP"= 8372:UDP:League of Legends Launcher

"8373:TCP"= 8373:TCP:League of Legends Launcher

"8373:UDP"= 8373:UDP:League of Legends Launcher

"8374:TCP"= 8374:TCP:League of Legends Launcher

"8374:UDP"= 8374:UDP:League of Legends Launcher

"8375:TCP"= 8375:TCP:League of Legends Launcher

"8375:UDP"= 8375:UDP:League of Legends Launcher

"6896:TCP"= 6896:TCP:League of Legends Launcher

"6896:UDP"= 6896:UDP:League of Legends Launcher

"8376:TCP"= 8376:TCP:League of Legends Launcher

"8376:UDP"= 8376:UDP:League of Legends Launcher

"8377:TCP"= 8377:TCP:League of Legends Launcher

"8377:UDP"= 8377:UDP:League of Legends Launcher

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6983:TCP"= 6983:TCP:League of Legends Launcher

"6983:UDP"= 6983:UDP:League of Legends Launcher

"57770:TCP"= 57770:TCP:Pando Media Booster

"57770:UDP"= 57770:UDP:Pando Media Booster

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

.

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [7/14/2009 9:09 AM 14848]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]

R2 Symantec AntiVirus32;Symantec AntiVirus ;c:\windows\system32\kbdhu32.exe [7/13/2011 11:11 PM 813568]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/10/2010 11:53 PM 16512]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 2:18 PM 169192]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]

S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 11:07 AM 503080]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2010-09-10 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF274316288.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 08:46]

.

2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-23 c:\windows\Tasks\User_Feed_Synchronization-{E637A6E5-851D-4874-A14E-EED25584ACED}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\

FF - prefs.js: network.proxy.type - 4

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-23 16:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1484)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(5392)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\acs.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\atitvo3232.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-23 16:15:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-24 00:15

ComboFix2.txt 2011-11-23 23:53

ComboFix3.txt 2011-11-20 07:11

.

Pre-Run: 40,932,245,504 bytes free

Post-Run: 40,914,862,080 bytes free

.

- - End Of File - - F995D4C00BF8AA95CBE9E5AB3598B19D

I really appreciate your time and your effort in helping me. If nothing can be done, I'm still grateful for the advice!

Incana8

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\temp\logishrd\LVPrcInj01.dll
c:\windows\temp\logishrd\LVPrcInj01.dll
c:\windows\system32\atitvo3232.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EBE59CF-C617-41AB-A800-B965E7D40AF6}]

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Ah, as far as I can tell, my computer is acting the same as before. I'm happy to have my computer work this much; I can save as many files as I can before a reformat now. I'll reply as you reply, and make changes if you send them, but I'm satisfied. I really appreciate your time and advice.

with gratitude,

Incana8

Log:

ComboFix 11-11-19.04 - Troy 11/25/2011 19:34:40.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -8:00]

Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt

.

- REDUCED FUNCTIONALITY MODE -

.

FILE ::

"c:\windows\system32\atitvo3232.dll"

"c:\windows\temp\logishrd\LVPrcInj01.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\temp\logishrd\LVPrcInj01.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))

.

.

2011-11-20 07:31 . 2011-11-20 07:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2011-11-15 16:19 . 2011-11-15 16:19 388096 ----a-r- c:\documents and settings\Troy\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-15 16:19 . 2011-11-15 16:19 -------- d-----w- c:\program files\Trend Micro

2011-11-13 19:02 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-12 20:05 . 2011-11-12 20:05 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-19 19:49 . 2011-05-17 23:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 00:00 . 2010-02-15 18:30 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 00:52 . 2011-09-08 04:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2004-08-04 12:00 94784 --sh--w- c:\windows\twain.dll

2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll

2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll

2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll

2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll

2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll

2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-08 198160]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-27 323646]

NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-04-11 17:10 65536 ----a-w- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]

2004-06-16 05:17 69705 ----a-w- c:\program files\ATI Multimedia\main\atidtct.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]

2004-08-27 06:51 200704 ----a-w- c:\program files\ATI Multimedia\RemCtrl\ATIRW.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2004-07-18 04:10 339968 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2004-02-29 23:44 66680 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

2006-11-22 01:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 23:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 23:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]

2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2005-04-28 11:05 14372352 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-09-08 06:43 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

2004-03-12 22:18 124128 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]

2009-07-14 22:10 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

2001-10-06 00:34 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"NAUpdate"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8370:TCP"= 8370:TCP:League of Legends Launcher

"8370:UDP"= 8370:UDP:League of Legends Launcher

"8371:TCP"= 8371:TCP:League of Legends Launcher

"8371:UDP"= 8371:UDP:League of Legends Launcher

"6917:TCP"= 6917:TCP:League of Legends Launcher

"6917:UDP"= 6917:UDP:League of Legends Launcher

"8372:TCP"= 8372:TCP:League of Legends Launcher

"8372:UDP"= 8372:UDP:League of Legends Launcher

"8373:TCP"= 8373:TCP:League of Legends Launcher

"8373:UDP"= 8373:UDP:League of Legends Launcher

"8374:TCP"= 8374:TCP:League of Legends Launcher

"8374:UDP"= 8374:UDP:League of Legends Launcher

"8375:TCP"= 8375:TCP:League of Legends Launcher

"8375:UDP"= 8375:UDP:League of Legends Launcher

"6896:TCP"= 6896:TCP:League of Legends Launcher

"6896:UDP"= 6896:UDP:League of Legends Launcher

"8376:TCP"= 8376:TCP:League of Legends Launcher

"8376:UDP"= 8376:UDP:League of Legends Launcher

"8377:TCP"= 8377:TCP:League of Legends Launcher

"8377:UDP"= 8377:UDP:League of Legends Launcher

"8378:TCP"= 8378:TCP:League of Legends Launcher

"8378:UDP"= 8378:UDP:League of Legends Launcher

"8379:TCP"= 8379:TCP:League of Legends Launcher

"8379:UDP"= 8379:UDP:League of Legends Launcher

"8380:TCP"= 8380:TCP:League of Legends Launcher

"8380:UDP"= 8380:UDP:League of Legends Launcher

"8381:TCP"= 8381:TCP:League of Legends Launcher

"8381:UDP"= 8381:UDP:League of Legends Launcher

"6983:TCP"= 6983:TCP:League of Legends Launcher

"6983:UDP"= 6983:UDP:League of Legends Launcher

"57770:TCP"= 57770:TCP:Pando Media Booster

"57770:UDP"= 57770:UDP:Pando Media Booster

"8382:TCP"= 8382:TCP:League of Legends Launcher

"8382:UDP"= 8382:UDP:League of Legends Launcher

"8383:TCP"= 8383:TCP:League of Legends Launcher

"8383:UDP"= 8383:UDP:League of Legends Launcher

.

R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [7/14/2009 9:09 AM 14848]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]

R2 Symantec AntiVirus32;Symantec AntiVirus ;c:\windows\system32\kbdhu32.exe [7/13/2011 11:11 PM 813568]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/10/2010 11:53 PM 16512]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 12:17 PM 136176]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 2:18 PM 169192]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]

S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [5/4/2010 11:07 AM 503080]

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2010-09-10 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF274316288.job

- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 08:46]

.

2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 20:17]

.

2011-11-26 c:\windows\Tasks\User_Feed_Synchronization-{E637A6E5-851D-4874-A14E-EED25584ACED}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\kvwpyct8.default\

FF - prefs.js: network.proxy.type - 4

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-25 19:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1484)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(5532)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\windows\system32\acs.exe

c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\windows\system32\atitvo3232.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-11-25 19:44:22 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-26 03:44

ComboFix2.txt 2011-11-24 00:15

ComboFix3.txt 2011-11-23 23:53

ComboFix4.txt 2011-11-20 07:11

.

Pre-Run: 40,901,431,296 bytes free

Post-Run: 40,881,119,232 bytes free

.

- - End Of File - - 51B3762A01238A023083CFBADF547BDC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.