Hi Blade,
Please delete the above 3 posts as I forgot to uncheck the word wrap. Posting the logs again without word wrap.
Cheers,
Rayoflight
Hi Blade,
Please delete the above 3 posts as I forgot to uncheck the word wrap. Posting the logs again without word wrap.
Cheers,
Rayoflight
ComboFix 10-05-22.03 - LT 05/23/2010 13:29:27.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.545 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800
c:\documents and settings\LT\Application Data\20935E7BB5BE849ECFA6390617E58800\enemies-names.txt
c:\documents and settings\LT\Application Data\ARManager
c:\documents and settings\LT\Application Data\ARManager\languages\Czech.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Danish.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Dutch.lng
c:\documents and settings\LT\Application Data\ARManager\languages\English.lng
c:\documents and settings\LT\Application Data\ARManager\languages\French.lng
c:\documents and settings\LT\Application Data\ARManager\languages\German.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Italian.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Portuguese.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Slovak.lng
c:\documents and settings\LT\Application Data\ARManager\languages\Spanish.lng
c:\documents and settings\LT\Application Data\ARManager\languages\template.lng
c:\documents and settings\LT\Application Data\ARManager\wallpaper.jpg
c:\documents and settings\LT\Application Data\JuniperSetup.exe
c:\documents and settings\LT\Application Data\Microsoft\HTML Help\hh.dat
c:\documents and settings\LT\g2mdlhlpx.exe
c:\program files\INSTALL.LOG
c:\windows\regsvr32.exe
c:\windows\system32\Cache
c:\windows\system32\vb40032.dll
Infected copy of c:\windows\system32\drivers\wmiacpi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 17:48 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
R2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
R2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
R2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
R2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
R2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 13:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8632C228]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7534fc3
\Driver\ACPI -> ACPI.sys @ 0xf73c7cb8
\Driver\atapi -> 0x8632c228
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582544
ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Broadcom NetXtreme 57xx Gigabit Controller -> SendCompleteHandler -> 0x8639e5c0
PacketIndicateHandler -> NDIS.sys @ 0xf7220a0b
SendHandler -> NDIS.sys @ 0xf7234b31
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0DF937C1
malicious code @ sector 0x0DF937C4 !
PE file found in sector at 0x0DF937DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\waveGina.dll
c:\windows\system32\AmRes_en.dll
c:\windows\system32\OEM_Resources.dll
c:\program files\Wave Systems Corp\Dell Preboot Manager\PrebootBiosManager.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthControl2.dll
c:\program files\Wave Systems Corp\Authentication Manager\AuthentecPlugin.dll
c:\windows\system32\ATSC70.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Wave Systems Corp\Common\CryptoManager.dll
c:\windows\system32\tcg15.dll
c:\windows\system32\Tsp1.dll
c:\windows\system32\wclient14.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Wave Systems Corp\Authentication Manager\upek.dll
c:\windows\system32\BioAPI100.dll
c:\windows\system32\BIOAPI_MDS300.dll
c:\windows\system32\AmRes_en.dll
c:\program files\Wave Systems Corp\Authentication Manager\authcontrol.dll
c:\program files\Wave Systems Corp\Authentication Manager\UserCredentialStore.dll
c:\windows\system\tfmessbsp.dll
- - - - - - - > 'Explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
c:\progra~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
c:\program files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
c:\program files\SigmaTel\C-Major Audio\WDM\StacSV.exe
c:\inetpub\TDBIN\SiteScope\java\bin\java.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\inetpub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\stsystra.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-05-23 13:56:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-23 17:56
Pre-Run: 77,760,942,080 bytes free
Post-Run: 77,737,537,536 bytes free
- - End Of File - - 8627318145D9FF863F7BA43D246510D8
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/13/2008 11:51:22 PM
System Uptime: 5/23/2010 1:46:43 PM (1 hours ago)
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1995/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1994/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 72.438 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
==== System Restore Points ===================
RP332: 2/2/2010 9:26:04 PM - System Checkpoint
RP333: 2/4/2010 9:14:22 PM - System Checkpoint
RP334: 2/8/2010 11:51:24 AM - System Checkpoint
RP335: 2/9/2010 3:45:41 PM - Restore Operation
RP336: 2/10/2010 6:30:20 PM - System Checkpoint
RP337: 2/11/2010 1:00:39 PM - Installed Citrix Presentation Server Client - Web Only
RP338: 2/12/2010 8:46:33 PM - System Checkpoint
RP339: 2/13/2010 1:03:59 AM - Software Distribution Service 3.0
RP340: 2/15/2010 1:32:54 PM - System Checkpoint
RP341: 2/16/2010 1:54:20 PM - System Checkpoint
RP342: 2/16/2010 10:56:55 PM - Software Distribution Service 3.0
RP343: 2/18/2010 3:49:46 PM - Restore Operation
RP344: 2/20/2010 10:57:18 AM - System Checkpoint
RP345: 2/21/2010 9:37:39 PM - System Checkpoint
RP346: 2/25/2010 8:46:14 AM - System Checkpoint
RP347: 2/27/2010 6:12:41 PM - System Checkpoint
RP348: 3/1/2010 9:58:45 PM - System Checkpoint
RP349: 3/2/2010 7:37:07 PM - Software Distribution Service 3.0
RP350: 3/3/2010 8:20:42 PM - System Checkpoint
RP351: 3/6/2010 3:04:13 PM - System Checkpoint
RP352: 3/10/2010 12:53:19 PM - System Checkpoint
RP353: 3/11/2010 8:39:35 PM - System Checkpoint
RP354: 3/12/2010 9:57:42 PM - Software Distribution Service 3.0
RP355: 3/13/2010 10:28:06 AM - Restore Operation
RP356: 3/14/2010 5:26:16 AM - Software Distribution Service 3.0
RP357: 3/17/2010 10:12:57 PM - System Checkpoint
RP358: 3/28/2010 2:27:43 PM - System Checkpoint
RP359: 4/3/2010 7:38:36 PM - System Checkpoint
RP360: 4/4/2010 8:53:09 PM - System Checkpoint
RP361: 4/5/2010 9:22:31 PM - System Checkpoint
RP362: 4/5/2010 10:09:46 PM - Software Distribution Service 3.0
RP363: 4/10/2010 6:51:25 PM - System Checkpoint
RP364: 4/11/2010 10:00:47 PM - System Checkpoint
RP365: 4/14/2010 11:24:43 AM - System Checkpoint
RP366: 4/17/2010 11:36:32 AM - System Checkpoint
RP367: 4/18/2010 1:31:33 PM - System Checkpoint
RP368: 4/19/2010 11:23:11 PM - Software Distribution Service 3.0
RP369: 4/26/2010 11:49:29 AM - System Checkpoint
RP370: 5/1/2010 9:51:33 AM - Software Distribution Service 3.0
RP371: 5/1/2010 10:53:53 AM - Restore Operation
RP372: 5/1/2010 11:33:48 AM - Installed AVG Free 8.0
RP373: 5/1/2010 6:54:28 PM - Installed AVG 9.0
RP374: 5/1/2010 8:12:53 PM - Installed Java(TM) 6 Update 20
RP375: 5/1/2010 8:20:09 PM - Installed AVG 9.0
RP376: 5/4/2010 8:30:35 PM - avast! Free Antivirus Setup
==== Installed Programs ======================
Ad-Aware
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AIM 6
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
avast! Free Antivirus
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
cBizOne
Celtx (2.7)
Cisco Systems VPN Client 4.8.01.0300
Citrix Presentation Server Client - Web Only
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Cricket Scorer 5.5.4.0
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Expense Calculator
Facebook Plug-In
FileZilla Client 3.3.1
Final Draft 7
Gemalto
GemSafe Standard Edition 5.1
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB937930)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
InstallMICGenericHook
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Juniper Citrix Services Client
Juniper Terminal Services Client
Logitech Desktop Messenger
Logitech ImageStudio
Malwarebytes' Anti-Malware
Mercury LoadRunner 8.0
MercuryTours
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Script Debugger
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MySpaceIM
NetWaiting
NTRU TCG Software Stack
Octoshape add-in for Adobe Flash Player
ooVoo Toolbar
P2P Tv Plugin
PowerDVD
Preboot Manager
Private Information Manager
Quality Center Microsoft Excel Addin
Quest Software Toad for SQL Server Trial 4.1
QuickSet
QuickTest Professional
QuickTime
RealPlayer
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
SearchAssist
Secure Update
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Wizards
SigmaTel Audio
SiteScope
Skype™ 4.0
Slideroll Gallery AV 0.92b4
Slideroll Video Creator 0.83b
Sonic Activation Module
SopCast 3.0.1
SPVOD Player1.8
TeamViewer 4
TestDirector 8.0
Trusted Drive Manager
tsp patch
Unified Report
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
WampServer 2.0
Wave Infrastructure Installer
Wave Support Software
WebEx
WebEx Meeting Manager for Firefox/Netscape/Chrome
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinRunner
Yahoo! BrowserPlus 2.7.1
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
5/23/2010 9:49:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD APPDRV aswSP aswTdi BHDrvx86 ccHP Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SymIRON SYMTDI Tcpip
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 9:49:11 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/23/2010 12:45:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP MPFP SymDS SymEFA SymIRON
5/23/2010 12:45:34 PM, error: Service Control Manager [7024] - The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Proxy Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Network Agent service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:34 PM, error: Service Control Manager [7000] - The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the path specified.
5/23/2010 12:45:02 PM, error: Print [23] - Printer WebEx Document Loader failed to initialize because a suitable HP Color LaserJet 4700 PCL 5c driver could not be found.
5/23/2010 12:45:02 PM, error: Print [23] - Printer Microsoft XPS Document Writer failed to initialize because a suitable Microsoft XPS Document Writer driver could not be found.
5/23/2010 12:45:02 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/23/2010 12:45:02 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/23/2010 12:44:58 PM, error: DCOM [10020] - The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool.
5/23/2010 12:43:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/23/2010 12:32:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/23/2010 12:30:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/23/2010 1:19:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP MPFP SRTSPX SymDS SymEFA SymIRON SYMTDI
5/23/2010 1:14:51 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:51 PM, error: Service Control Manager [7034] - The ExpressionService service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:50 PM, error: Service Control Manager [7034] - The SiteScope service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:14:50 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:11:30 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/20/2010 8:27:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MPFP
==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by at 14:01:07.90 on Sun 05/23/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.460 [GMT -4:00]
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe
C:\Program Files\Common Files\Mercury Interactive\TDAPIServer\SendAllQualifiedApp.exe
C:\PROGRA~1\COMMON~1\MERCUR~1\TDAPIS~1\TDDomSrv.exe
C:\InetPub\TDBIN\SITESC~1\tools\SITESC~1.EXE
C:\Program Files\Mercury\Quality Center\msdeBinn\MSSQL\Binn\sqlagent.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\InetPub\TDBIN\SiteScope\java\bin\java.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Mercury Interactive\TDStartStop.exe
C:\InetPub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe
C:\WINDOWS\system32\dllhost.exe
C:\InetPub\TDBIN\MTours\JavaSoft\JRE\1.2\bin\java.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Documents and Settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\LT\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: BHOManager Class: {474264bc-9571-47c1-85b9-780f756dc9ce} - c:\windows\system32\BHOManager.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [cdloader] "c:\documents and settings\LT\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\documents and settings\LT\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amtrak.com\vpn
DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://vpn.amtrak.com/vdesk/cachecleaner.cab#version=6030,2009,0514,2202
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://vpn.amtrak.com/vdesk/terminal/urxvpn.cab#version=6030,2009,514,2217
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.11.50.178/qcbin/capicom.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vpn.amtrak.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,514,2213
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://vpn.amtrak.com/vdesk/terminal/f5InspectionHost.cab#version=6030,2009,0514,2204
DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - hxxp://imlive.com/chatsource/ImlCID.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vpn.amtrak.com/vdesk/terminal/urxshost.cab#version=6030,2009,514,2210
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://vpn.amtrak.com/policy/download_binary.php/win32/f5syschk.cab#Version=6030,2009,0514,2213
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} -
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShHook Class: {a5949e07-8536-4625-a3d0-2dd83f559990} - c:\windows\system32\ShellHook.dll
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\logiqa~1\applic~1\mozilla\firefox\profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{3191e4ce-790e-42be-b2e0-223475263b7e}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\{dbbb3167-6e81-400f-bbfd-bd8921726f52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\firefox\profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-4 162768]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-4 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
R2 ExpressionService;ExpressionService;c:\program files\common files\mercury interactive\tdapiserver\ExpService.exe [2008-4-12 532548]
R2 LogonService1;LogonService1;c:\program files\common files\mercury interactive\tdapiserver\LogonService1.exe [2008-4-12 86016]
R2 OtaPool;OtaPool;c:\program files\common files\mercury interactive\tdapiserver\OTAPool.exe [2008-4-12 102400]
R2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2008-2-23 10951]
R2 SiteScope;SiteScope;c:\inetpub\tdbin\sitesc~1\tools\SITESC~1.EXE [2008-4-12 45056]
R2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\common files\mercury interactive\TDStartStop.exe [2008-4-12 1452032]
R2 TomcatService;TomcatService;c:\inetpub\tdbin\mtours\jakarta-tomcat-3.3\bin\TomcatService.exe [2008-4-12 61440]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2009-3-31 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys --> c:\windows\system32\drivers\n360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys --> c:\windows\system32\drivers\n360\0401000.020\SYMEFA.SYS [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-5-4 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-5-4 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\Ironx86.sys [2010-5-4 116784]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 N360;Norton 360;c:\program files\norton 360\engine\4.1.0.32\ccSvcHst.exe [2010-5-4 126392]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-4 40384]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\common files\mercury interactive\CheckU.exe [2008-4-12 342528]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20091105.001\IDSxpx86.sys [2010-5-4 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-4 38224]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-9 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-9 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-9 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-9 40552]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100501.002\naveng.sys [2010-5-4 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20100501.002\navex15.sys [2010-5-4 1324720]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [2008-8-21 220079]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
UnknownUnknown vkquwexg;vkquwexg; [x]
=============== Created Last 30 ================
2010-05-23 16:33:26 98816 ----a-w- c:\windows\sed.exe
2010-05-23 16:33:26 77312 ----a-w- c:\windows\MBR.exe
2010-05-23 16:33:26 256512 ----a-w- c:\windows\PEV.exe
2010-05-23 16:33:26 161792 ----a-w- c:\windows\SWREG.exe
2010-05-05 02:11:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-05 00:29:50 0 d-----w- C:\Anti_Virus_SW
2010-05-04 23:16:08 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16:08 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16:08 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:16:08 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:15:46 0 d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15:44 0 d-----w- c:\program files\Norton 360
2010-05-04 23:15:36 0 d-----w- c:\program files\NortonInstaller
2010-05-02 01:12:39 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-02 01:12:39 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 01:12:39 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12:39 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12:39 0 d-----w- c:\program files\Symantec
2010-05-02 01:12:39 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-02 01:11:36 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-05-02 01:07:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-02 00:13:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39:39 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39:39 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 23:02:53 0 ----a-w- c:\windows\system32\commonpriv.log.lock
2010-05-01 22:54:35 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-01 22:54:07 0 d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35:15 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35:10 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:34:40 0 d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33:54 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2010-05-01 14:57:40 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-01 14:14:49 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
==================== Find3M ====================
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-05 19:02:04 456704 ----a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-02-24 12:31:30 454016 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:20:02 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
============= FINISH: 14:01:16.31 ===============
Hi,
Please run ComboFix again and let it install recovery console. Post back the results.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Blade,
Can you please delete posts # 11, 12 & 13
Thank You,
Rayoflight
ComboFix 10-05-22.03 - LT 05/23/2010 19:17:09.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.780 [GMT -4:00]
Running from: c:\documents and settings\LT\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\LT\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-05 02:11 . 2009-12-30 18:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 02:11 . 2009-12-30 18:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-05 02:11 . 2010-05-05 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 00:31 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-05 00:31 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-05 00:31 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-05 00:31 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-05 00:31 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-05 00:31 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-05 00:31 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 00:30 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-05 00:30 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\program files\Alwil Software
2010-05-05 00:30 . 2010-05-05 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-05 00:29 . 2010-05-05 00:29 -------- d-----w- C:\Anti_Virus_SW
2010-05-04 23:16 . 2010-02-27 02:23 43696 ----a-r- c:\windows\system32\drivers\srtspx.sys
2010-05-04 23:16 . 2010-02-04 01:40 362032 ----a-r- c:\windows\system32\drivers\symtdi.sys
2010-05-04 23:16 . 2010-02-04 01:40 172592 ----a-r- c:\windows\system32\drivers\SymEFA.sys
2010-05-04 23:16 . 2010-02-04 01:40 328752 ----a-r- c:\windows\system32\drivers\SymDS.sys
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\windows\system32\drivers\N360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\Norton 360
2010-05-04 23:15 . 2010-05-04 23:15 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 01:12 . 2010-05-04 23:18 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-02 01:12 . 2010-05-04 23:16 -------- d-----w- c:\program files\Symantec
2010-05-02 01:12 . 2010-05-04 23:16 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-02 01:12 . 2010-05-04 23:16 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-02 01:12 . 2010-05-02 01:12 -------- d-----w- c:\program files\Windows Sidebar
2010-05-02 01:11 . 2010-05-02 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-02 01:07 . 2010-05-04 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-02 00:13 . 2010-05-02 00:13 503808 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcp71.dll
2010-05-02 00:13 . 2010-05-02 00:13 499712 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\jmc.dll
2010-05-02 00:13 . 2010-05-02 00:13 348160 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2e30d559-n\msvcr71.dll
2010-05-02 00:13 . 2010-05-02 00:13 61440 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-sse.dll
2010-05-02 00:13 . 2010-05-02 00:13 12800 ----a-w- c:\documents and settings\LT\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-76719865-n\decora-d3d.dll
2010-05-02 00:13 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 23:39 . 2010-05-02 00:50 54 ----a-w- c:\windows\system32\rp_stats.dat
2010-05-01 23:39 . 2010-05-02 00:50 39 ----a-w- c:\windows\system32\rp_rules.dat
2010-05-01 22:54 . 2010-05-02 00:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-01 22:54 . 2010-05-01 23:02 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-01 15:35 . 2010-05-01 15:35 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-01 15:35 . 2010-05-01 15:35 97928 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-01 15:35 . 2010-05-01 15:35 26824 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-01 15:34 . 2010-05-02 00:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-01 15:33 . 2010-05-03 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-01 14:57 . 2010-05-01 14:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 22:10 . 2008-02-14 04:51 0 ----a-w- c:\documents and settings\LT\Local Settings\Application Data\WavXMapDrive.bat
2010-05-05 00:29 . 2008-02-16 00:22 -------- d-----w- c:\documents and settings\LT\Application Data\U3
2010-05-04 23:16 . 2010-05-02 01:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-04 23:16 . 2010-05-02 01:12 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 00:13 . 2008-02-07 13:50 -------- d-----w- c:\program files\Java
2010-05-01 22:40 . 2008-02-07 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 14:55 . 2009-02-25 05:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-01 14:14 . 2010-05-01 14:14 0 ----a-w- c:\windows\system32\drivers\SET101.tmp
2010-04-29 14:20 . 2009-12-21 05:30 -------- d-----w- c:\documents and settings\LT\Application Data\vlc
2010-04-21 00:56 . 2010-03-06 23:44 439816 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\setup.exe
2010-04-20 01:58 . 2010-02-06 20:35 50354 ----a-w- c:\documents and settings\LT\Application Data\Facebook\uninstall.exe
2010-04-20 01:58 . 2010-02-06 20:35 -------- d-----w- c:\documents and settings\LT\Application Data\Facebook
2010-04-19 18:59 . 2010-04-19 18:59 255472 ----a-w- c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-04-17 00:34 . 2008-02-16 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-05 00:11 . 2009-08-18 23:18 -------- d-----w- c:\program files\Celtx
2010-03-11 12:38 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-06-26 13:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-04-01 02:13 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-04-01 02:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 16:00 . 2010-03-07 16:00 118784 ----a-w- c:\documents and settings\LT\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-24 12:31 . 2009-04-01 02:12 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-06 17:06 . 2009-03-06 17:06 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-03-06 17:06 . 2009-03-06 17:06 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-03-06 17:07 . 2009-03-06 17:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-08 02:46 . 2008-02-08 02:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 02:46 . 2008-02-08 02:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 02:46 . 2008-02-08 02:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-08 02:46 . 2008-02-08 02:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 02:46 . 2008-02-08 02:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 02:46 . 2008-02-08 02:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-08 02:46 . 2008-02-08 02:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-06-24 15:08 . 2009-06-24 15:08 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2007-03-16 22:27 . 2007-03-16 22:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 22:27 . 2007-03-16 22:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 22:27 . 2007-03-16 22:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 17:47 . 2007-07-20 17:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 02:46 . 2008-02-08 02:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8087-36EE87E26986}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\LT\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"Aim6"="" [BU]
"Google Update"="c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [BU]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-25 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-07 68856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "c:\windows\system32\ShellHook.dll" [2006-09-25 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LoadRunner Agent Process.lnk
backup=c:\windows\pss\LoadRunner Agent Process.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-08 15:49 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-24 13:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 04:04 133104 ----atw- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-13 00:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 22:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 22:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 21:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-25 22:05 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mercury Interactive\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\Mercury Interactive\\Mercury LoadRunner\\launch_service\\bin\\magentproc.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\LT\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\LT\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"37677:TCP"= 37677:TCP:*:Disabled:ooVoo TCP port 37677
"37677:UDP"= 37677:UDP:*:Disabled:ooVoo UDP port 37677
"37676:UDP"= 37676:UDP:*:Disabled:ooVoo UDP port 37676
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5030:TCP"= 5030:TCP:Services
"3265:TCP"= 3265:TCP:Services
"6374:TCP"= 6374:TCP:Services
"3937:TCP"= 3937:TCP:Services
"5089:TCP"= 5089:TCP:Services
"8678:TCP"= 8678:TCP:Services
"3356:TCP"= 3356:TCP:Services
"5212:TCP"= 5212:TCP:Services
"2398:TCP"= 2398:TCP:Services
"3296:TCP"= 3296:TCP:Services
"3179:TCP"= 3179:TCP:Services
"4858:TCP"= 4858:TCP:Services
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMDS.SYS [?]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS --> c:\windows\system32\drivers\N360\0401000.020\SYMEFA.SYS [?]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/4/2010 8:31 PM 162768]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [5/4/2010 7:16 PM 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [5/4/2010 7:16 PM 501888]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\Ironx86.sys [5/4/2010 7:16 PM 116784]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2010 8:31 PM 19024]
S2 ExpressionService;ExpressionService;c:\program files\Common Files\Mercury Interactive\TDAPIServer\ExpService.exe [4/12/2008 3:53 PM 532548]
S2 LogonService1;LogonService1;c:\program files\Common Files\Mercury Interactive\TDAPIServer\LogonService1.exe [4/12/2008 3:56 PM 86016]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [5/4/2010 7:15 PM 126392]
S2 OtaPool;OtaPool;c:\program files\Common Files\Mercury Interactive\TDAPIServer\OTAPool.exe [4/12/2008 3:53 PM 102400]
S2 paldrv;paldrv;c:\windows\system32\pal_drv.sys [2/23/2008 1:27 AM 10951]
S2 SiteScope;SiteScope;c:\inetpub\TDBIN\SITESC~1\tools\SITESC~1.EXE [4/12/2008 3:55 PM 45056]
S2 TDStartStopService;Advanced TestDirector StartStop Service;c:\program files\Common Files\Mercury Interactive\TDStartStop.exe [4/12/2008 3:56 PM 1452032]
S2 TomcatService;TomcatService;c:\inetpub\TDBIN\MTours\jakarta-tomcat-3.3\bin\TomcatService.exe [4/12/2008 3:54 PM 61440]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [3/31/2009 10:13 PM 5120]
S3 CheckTestDirectorUserAccount;Check TestDirector User account;c:\program files\Common Files\Mercury Interactive\CheckU.exe [4/12/2008 3:43 PM 342528]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20091105.001\IDSxpx86.sys [5/4/2010 7:16 PM 329592]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/4/2010 10:11 PM 38224]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [8/21/2008 2:16 PM 220079]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 15:49]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005Core.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3727747301-3168930972-3825058957-1005UA.job
- c:\documents and settings\LT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080207
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amtrak.com\vpn
TCP: {992575CE-4F05-4343-88B1-693175150DAD} = 202.144.105.4,202.144.10.50
DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} - hxxp://logiqa/TDBIN/Spider80.ocx
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://mssepmapp01/projectserver/objects/pjclient.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://logiqa:8080/qcbin/Spider90.ocx
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://mssepmapp01/projectserver/objects/1033/pjcintl.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxp://10.11.50.178/qcbin/Spider91.cab
FF - ProfilePath - c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\
FF - prefs.js: browser.search.selectedEngine - JobSearch - Dice.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\LT\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\LT\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{3191E4CE-790E-42be-B2E0-223475263B7E}\plugins\NPuroamCleaner.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\Firefox\Profiles\krvj0fdt.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\LT\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\LT\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 19:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(332)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
- - - - - - - > 'explorer.exe'(1672)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-05-23 19:28:43
ComboFix-quarantined-files.txt 2010-05-23 23:28
ComboFix2.txt 2010-05-23 17:56
Pre-Run: 78,803,447,808 bytes free
Post-Run: 78,745,735,168 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - D71B3F980CD649900DF66C4AA10641D0
Hi,
Removed those double posts of yours.
Seems that you installed recovery console meant for XP Home Edition while yours is Professional one. We have to replace wrong console version with a correct one. Follow "Removing the Recovery Console" -part here. Then install correct recovery console here with ComboFix. Post back ComboFix log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
It is not letting me delete the 'cmdcons' folder.
What do I do?
Go to next step on those console removing instructions.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Posting Permissions
