View Full Version : Slow PC, Large Upload Traffic, Pop ups and redirecting
Snailspace
2010-05-22, 13:28
Hi
My PC is running very slowly and the uploads when just browsing are huge. I’m also getting intermittent pop ups and some redirecting websites.
Unfortunately I tried some ‘fixes’ myself, sorry if this makes it all the much harder. I’ve run Malaware scan, spybot, Mcafee, and also the NTREGOPT programme.
Thanks for any assistance.
DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 9:52:04.87 on 22/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1405 [GMT 1:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HooTech Net Meter\HooNetMeter.exe
C:\WINDOWS\hh.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100513072136.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Ldorefedah] rundll32.exe "c:\windows\naup10EU.dll",Startup
uRun: [NetMeter] c:\program files\hootech net meter\HooNetMeter.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.freeonlinegames.com/sports-games/battle-board.html"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Wwalufic] rundll32.exe "c:\windows\ululedun.dll",Startup
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-1-7 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-1 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-5 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-1 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-1 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-1 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-7 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-7 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-1 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-1 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
S2 iPodRDSessMgr;iPod Service iPodRDSessMgr;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S2 TapiSrvDot3svc;Telephony TapiSrvDot3svc;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S2 WZCSVCRemoteRegistry;Wireless Zero Configuration WZCSVCRemoteRegistry;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-1 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-1 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-7 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-7 40552]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-4-23 50704]
=============== Created Last 30 ================
2010-05-22 07:53:26 0 d-----w- c:\program files\HooTech Net Meter
2010-05-13 18:02:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-05-13 18:02:30 0 d-----w- c:\program files\PCPitstop
2010-05-12 18:29:05 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-12 18:17:38 175 ----a-w- c:\windows\system32\MRT.INI
2010-05-09 15:35:27 0 d--h--w- c:\windows\PIF
2010-05-09 15:34:20 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate
2010-05-09 15:34:17 0 d-----w- c:\windows\Hewlett-Packard
2010-05-06 16:44:39 755200 ----a-w- c:\windows\system32\drivers\qnaneyqw.sys
2010-05-06 16:44:06 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-05-03 05:38:28 259328 ----a-w- c:\windows\system32\o.dat
2010-05-02 17:52:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Deadtime Stories
2010-05-02 17:52:12 0 d-----w- c:\program files\Deadtime Stories
2010-05-02 15:42:26 0 d-----w- c:\program files\iPod
2010-05-02 15:42:18 0 d-----w- c:\program files\iTunes
2010-05-02 15:35:13 0 d-----w- c:\program files\Bonjour
2010-05-01 21:19:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-01 21:19:09 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-01 21:19:09 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-01 21:19:09 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-01 21:19:09 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-01 21:19:09 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-01 21:19:09 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-30 16:48:38 120 ----a-w- c:\windows\Ysigedulofos.dat
2010-04-30 16:48:38 0 ----a-w- c:\windows\Rbibebuxeyakiwik.bin
2010-04-23 19:59:50 0 ----a-w- c:\windows\g7f1d01cffkcgdif3jn2oe47.ini
2010-04-23 19:58:09 32 --s-a-w- c:\windows\system32\208116323.dat
2010-04-23 19:58:05 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-04-23 19:58:05 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-04-23 19:58:05 100880 ----a-w- c:\windows\system32\Packet.dll
==================== Find3M ====================
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 16:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 16:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 10:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2007-01-07 14:36:37 251 ----a-w- c:\program files\wt3d.ini
2007-01-26 15:46:02 22 -csha-w- c:\windows\sminst\HPCD.sys
2008-10-25 07:29:45 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 9:54:05.60 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/01/2007 08:12:00
System Uptime: 22/05/2010 08:40:53 (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | Calcite
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | CPU 1 | 1596/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 179 GiB total, 102.654 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.65 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_04F9&PID_0161&MI_02\6&29DF29C8&0&0002
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_04F9&PID_0161&MI_02\6&29DF29C8&0&0002
Service: USBSTOR
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-H652L_______________0603____\5&240141ED&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp CD/DVDW TS-H652L
PNP Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-H652L_______________0603____\5&240141ED&0&0.0.0
Service: cdrom
==== System Restore Points ===================
RP260: 30/04/2010 18:39:49 - System Checkpoint
RP261: 02/05/2010 16:07:09 - System Checkpoint
RP262: 03/05/2010 19:28:08 - System Checkpoint
RP263: 05/05/2010 19:07:52 - System Checkpoint
RP264: 11/05/2010 01:22:12 - System Checkpoint
RP265: 12/05/2010 19:08:09 - Software Distribution Service 3.0
RP266: 13/05/2010 20:12:36 - System Checkpoint
RP267: 14/05/2010 21:26:44 - System Checkpoint
RP268: 16/05/2010 12:06:40 - May16th
RP269: 18/05/2010 20:41:48 - System Checkpoint
RP270: 20/05/2010 07:21:59 - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games: Game Manager
Bonjour
Brother MFL-Pro Suite
Bruce's Unusual Typing Wizard, Version 1.5.0
BufferChm
CardRecovery
CAT Paper 6 v2.0
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Dan Elwell's Broadband Speed Test
Deadtime Stories
Destinations
DeviceManagementQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
FullDPAppQFolder
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HPPhotoSmartExpress
HpSdpAppCoreApp
ImgBurn (Remove Only)
InstantShareDevices
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Internet Explorer Developer Toolbar
Internet Services
iTunes
Java(TM) 6 Update 12
LightScribe 1.4.105.1
Malwarebytes' Anti-Malware
McAfee Internet Security
Memory-Map European Edition
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007 Step by Step
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Meter v3.6 build 437
NVIDIA Drivers
OptionalContentQFolder
PaperPort
PC-Doctor 5 for Windows
PC Inspector smart recovery
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
System Requirements Lab
The Lost Cases of 221B Baker St.
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vampireville
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zero Assumption Recovery Version 8.3
==== Event Viewer Messages From Past Week ========
22/05/2010 09:50:23, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
21/05/2010 20:04:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom ftsata2 Imapi IntelIde ViaIde
21/05/2010 19:07:44, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
21/05/2010 19:07:44, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/05/2010 19:07:34, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
21/05/2010 19:07:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Extender Service service to connect.
21/05/2010 19:07:04, error: Service Control Manager [7000] - The Media Center Extender Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/05/2010 07:29:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom ftsata2 Imapi
17/05/2010 07:29:07, error: Service Control Manager [7022] - The SSDP Discovery Service service hung on starting.
17/05/2010 07:29:07, error: Service Control Manager [7001] - The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
16/05/2010 11:15:33, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0018F3AD6715 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
shelf life
2010-05-27, 02:00
hi,
Your log is a few days old. If you still need help simply reply to my post.
Snailspace
2010-05-27, 09:40
Hi
Updated logs below. I'm off to work now but will check in once I get back tonight and let you have any more details you require. Thanks.
DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 7:29:04.62 on 27/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1368 [GMT 1:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HooTech Net Meter\HooNetMeter.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100513072136.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Ldorefedah] rundll32.exe "c:\windows\naup10EU.dll",Startup
uRun: [NetMeter] c:\program files\hootech net meter\HooNetMeter.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.freeonlinegames.com/sports-games/battle-board.html"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [Wwalufic] rundll32.exe "c:\windows\ululedun.dll",Startup
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-1-7 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-1 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-5 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-1 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-1 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-1 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-1 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-1 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-7 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-7 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-1 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-1 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-13 135664]
S2 iPodRDSessMgr;iPod Service iPodRDSessMgr;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S2 TapiSrvDot3svc;Telephony TapiSrvDot3svc;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S2 WZCSVCRemoteRegistry;Wireless Zero Configuration WZCSVCRemoteRegistry;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-1 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-1 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-7 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-7 40552]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-4-23 50704]
=============== Created Last 30 ================
2010-05-22 07:53:26 0 d-----w- c:\program files\HooTech Net Meter
2010-05-13 18:02:31 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-05-13 18:02:30 0 d-----w- c:\program files\PCPitstop
2010-05-12 18:29:05 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-12 18:17:38 175 ----a-w- c:\windows\system32\MRT.INI
2010-05-09 15:35:27 0 d--h--w- c:\windows\PIF
2010-05-09 15:34:20 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HpUpdate
2010-05-09 15:34:17 0 d-----w- c:\windows\Hewlett-Packard
2010-05-06 16:44:39 755200 ----a-w- c:\windows\system32\drivers\qnaneyqw.sys
2010-05-06 16:44:06 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-05-03 05:38:28 259328 ----a-w- c:\windows\system32\o.dat
2010-05-02 17:52:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Deadtime Stories
2010-05-02 17:52:12 0 d-----w- c:\program files\Deadtime Stories
2010-05-02 15:42:26 0 d-----w- c:\program files\iPod
2010-05-02 15:42:18 0 d-----w- c:\program files\iTunes
2010-05-02 15:35:13 0 d-----w- c:\program files\Bonjour
2010-05-01 21:19:23 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-01 21:19:09 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-01 21:19:09 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-01 21:19:09 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-01 21:19:09 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-01 21:19:09 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-01 21:19:09 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-30 16:48:38 120 ----a-w- c:\windows\Ysigedulofos.dat
2010-04-30 16:48:38 0 ----a-w- c:\windows\Rbibebuxeyakiwik.bin
==================== Find3M ====================
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 16:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 16:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-23 19:58:05 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2010-04-23 19:58:05 281104 ----a-w- c:\windows\system32\wpcap.dll
2010-04-23 19:58:05 100880 ----a-w- c:\windows\system32\Packet.dll
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2007-01-07 14:36:37 251 ----a-w- c:\program files\wt3d.ini
2007-01-26 15:46:02 22 -csha-w- c:\windows\sminst\HPCD.sys
2008-10-25 07:29:45 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat
============= FINISH: 7:31:37.70 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/01/2007 08:12:00
System Uptime: 27/05/2010 07:09:47 (0 hours ago)
Motherboard: ASUSTeK Computer INC. | | Calcite
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | CPU 1 | 1596/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 179 GiB total, 102.389 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.65 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-H652L_______________0603____\5&240141ED&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp CD/DVDW TS-H652L
PNP Device ID: IDE\CDROMTSSTCORP_CD/DVDW_TS-H652L_______________0603____\5&240141ED&0&0.0.0
Service: cdrom
==== System Restore Points ===================
RP260: 30/04/2010 18:39:49 - System Checkpoint
RP261: 02/05/2010 16:07:09 - System Checkpoint
RP262: 03/05/2010 19:28:08 - System Checkpoint
RP263: 05/05/2010 19:07:52 - System Checkpoint
RP264: 11/05/2010 01:22:12 - System Checkpoint
RP265: 12/05/2010 19:08:09 - Software Distribution Service 3.0
RP266: 13/05/2010 20:12:36 - System Checkpoint
RP267: 14/05/2010 21:26:44 - System Checkpoint
RP268: 16/05/2010 12:06:40 - May16th
RP269: 18/05/2010 20:41:48 - System Checkpoint
RP270: 20/05/2010 07:21:59 - System Checkpoint
RP271: 22/05/2010 10:13:22 - System Checkpoint
RP272: 23/05/2010 11:02:29 - System Checkpoint
RP273: 25/05/2010 07:37:18 - System Checkpoint
RP274: 26/05/2010 17:54:42 - System Checkpoint
==== Installed Programs ======================
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Big Fish Games: Game Manager
Bonjour
Brother MFL-Pro Suite
Bruce's Unusual Typing Wizard, Version 1.5.0
BufferChm
CardRecovery
CAT Paper 6 v2.0
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Dan Elwell's Broadband Speed Test
Deadtime Stories
Destinations
DeviceManagementQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
FullDPAppQFolder
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HPPhotoSmartExpress
HpSdpAppCoreApp
ImgBurn (Remove Only)
InstantShareDevices
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Internet Explorer Developer Toolbar
Internet Services
iTunes
Java(TM) 6 Update 12
LightScribe 1.4.105.1
Malwarebytes' Anti-Malware
McAfee Internet Security
Memory-Map European Edition
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access 2007 Step by Step
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Net Meter v3.6 build 437
NVIDIA Drivers
OptionalContentQFolder
PaperPort
PC-Doctor 5 for Windows
PC Inspector smart recovery
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
System Requirements Lab
The Lost Cases of 221B Baker St.
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vampireville
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zero Assumption Recovery Version 8.3
==== Event Viewer Messages From Past Week ========
25/05/2010 07:10:46, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
25/05/2010 07:10:46, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/05/2010 09:50:23, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
21/05/2010 20:04:19, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom ftsata2 Imapi IntelIde ViaIde
21/05/2010 19:07:44, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
21/05/2010 19:07:44, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/05/2010 19:07:34, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
21/05/2010 19:07:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Extender Service service to connect.
21/05/2010 19:07:04, error: Service Control Manager [7000] - The Media Center Extender Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/05/2010 17:34:24, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom ftsata2 Imapi
==== End Of File ===========================
shelf life
2010-05-28, 02:32
Ok. We will get another download to use. Its called combofix. There is a short guide to read first before you use it. Read through the guide then apply the directions onace you have downloaded it. Post the combofix in your reply.
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Snailspace
2010-05-28, 21:23
Hi
Please see log below
I received one error while it was trying to pull up report
PEV.cfxxe - Application error
Unknown software (0x4000015) app, location 0x0044c2f9
Not sure if that means anything.
ComboFix 10-05-28.01 - HP_Administrator 28/05/2010 18:49:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1508 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\install.rdf
c:\windows\inf\vvt.pnf
c:\windows\naup10EU.dll
c:\windows\system32\208116323.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\Packet.dll
c:\windows\system32\Vb40032.dll
c:\windows\system32\wpcap.dll
c:\windows\ululedun.dll
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_TAPISRVDOT3SVC
-------\Legacy_WZCSVCREMOTEREGISTRY
-------\Service_NPF
-------\Service_TapiSrvDot3svc
-------\Service_WZCSVCRemoteRegistry
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.
2010-05-28 18:01 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-28 18:01 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-22 07:53 . 2010-05-22 07:53 -------- d-----w- c:\program files\HooTech Net Meter
2010-05-13 18:02 . 2010-05-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-05-13 18:02 . 2010-05-13 18:08 -------- d-----w- c:\program files\PCPitstop
2010-05-12 18:29 . 2010-05-13 06:34 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-09 15:35 . 2010-05-09 15:35 -------- d--h--w- c:\windows\PIF
2010-05-09 15:34 . 2010-05-09 15:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2010-05-09 15:34 . 2010-05-09 15:34 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-06 16:44 . 2010-05-28 18:10 755200 ----a-w- c:\windows\system32\drivers\qnaneyqw.sys
2010-05-03 05:38 . 2010-05-03 05:38 259328 ----a-w- c:\windows\system32\o.dat
2010-05-02 17:54 . 2010-05-02 18:10 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Deadtime Stories
2010-05-02 17:52 . 2010-05-02 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Deadtime Stories
2010-05-02 17:52 . 2010-05-02 17:53 -------- d-----w- c:\program files\Deadtime Stories
2010-05-02 15:42 . 2010-05-02 15:42 -------- d-----w- c:\program files\iPod
2010-05-02 15:42 . 2010-05-02 15:43 -------- d-----w- c:\program files\iTunes
2010-05-02 15:35 . 2010-05-02 15:35 -------- d-----w- c:\program files\Bonjour
2010-05-01 21:19 . 2010-04-27 16:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-01 21:19 . 2010-04-27 16:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-01 21:19 . 2010-04-27 16:16 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-01 21:19 . 2010-04-27 16:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-01 21:19 . 2010-04-27 16:16 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-01 21:19 . 2010-04-27 16:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-01 21:19 . 2010-04-27 16:16 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-30 16:48 . 2010-05-28 05:55 0 ----a-w- c:\windows\Rbibebuxeyakiwik.bin
2010-04-30 16:48 . 2010-05-27 19:31 120 ----a-w- c:\windows\Ysigedulofos.dat
2010-04-30 06:16 . 2010-05-16 06:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 20:25 . 2008-09-15 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-21 18:01 . 2010-01-10 16:28 -------- d-----w- c:\program files\Game_Maker8
2010-05-16 11:30 . 2009-03-14 17:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-16 08:04 . 2007-01-07 08:40 -------- d-----w- c:\program files\McAfee
2010-05-16 06:05 . 2009-02-12 15:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 16:41 . 2006-09-21 07:24 -------- d-----w- c:\program files\Google
2010-05-12 18:10 . 2009-05-07 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-06 16:42 . 2010-05-06 16:42 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qvjsge.dat
2010-05-02 15:42 . 2007-09-19 18:09 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 15:32 . 2010-05-02 15:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:16 . 2007-01-07 08:40 -------- d-----w- c:\program files\McAfee.com
2010-05-01 21:25 . 2007-01-07 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 21:23 . 2007-01-07 08:40 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-01 13:56 . 2008-10-25 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 16:46 . 2010-04-30 16:46 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\wzmjhy.dat
2010-04-29 14:39 . 2009-03-16 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-03-16 20:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 16:16 . 2007-01-07 08:40 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16 . 2007-01-07 08:40 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 16:16 . 2007-01-07 08:40 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-17 16:09 . 2010-04-17 16:09 181208 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-11 19:10 . 2010-04-11 19:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GOA
2010-04-11 19:10 . 2010-04-11 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\GOA
2010-04-08 17:16 . 2007-09-09 17:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 18:25 . 2010-04-02 17:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LegacyInteractive
2010-04-05 17:08 . 2010-04-05 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 17:03 . 2010-04-05 17:03 -------- d-----w- c:\program files\QuickTime
2010-04-02 17:47 . 2010-04-02 17:45 -------- d-----w- c:\program files\The Lost Cases of 221B Baker St
2010-04-01 18:37 . 2010-04-01 18:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Artogon
2010-03-18 19:21 . 2010-03-18 19:21 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-03-10 06:15 . 2004-08-10 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-01-07 14:36 . 2007-01-07 14:36 251 ----a-w- c:\program files\wt3d.ini
2007-01-26 15:46 . 2007-01-26 15:46 22 -csha-w- c:\windows\SMINST\HPCD.sys
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\HooTech Net Meter\HooNetMeter.exe" [2010-04-20 585728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [01/05/2010 22:19 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/09/2008 13:44 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [01/05/2010 22:18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [01/05/2010 22:18 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [01/05/2010 22:19 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [01/05/2010 22:19 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [01/05/2010 22:19 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [01/05/2010 22:19 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [01/05/2010 22:19 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 09:27 135664]
S2 iPodRDSessMgr;iPod Service iPodRDSessMgr;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [01/05/2010 22:19 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [01/05/2010 22:19 83496]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
*Deregistered* - qnaneyqw
.
Contents of the 'Scheduled Tasks' folder
2010-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 08:27]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 08:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Ldorefedah - c:\windows\naup10EU.dll
HKLM-Run-Wwalufic - c:\windows\ululedun.dll
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 19:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qnaneyqw]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-05-28 19:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 18:19
ComboFix2.txt 2009-03-16 21:37
Pre-Run: 109,857,058,816 bytes free
Post-Run: 110,735,974,400 bytes free
- - End Of File - - B96BA778AE61DA9411B25D60B51D6D57
Snailspace
2010-05-28, 21:26
Hi
Thought I'd posted reply but something went wrong
Received an error when trying to show log
PEV.cfxxe-Application error
Unknown software (0x4000015)app
location 0x0044c2f9
Not sur if that affects anything.
Combo log below.
ComboFix 10-05-28.01 - HP_Administrator 28/05/2010 18:49:18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1508 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\chrome.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator\Local Settings\Application Data\{58D9A845-9324-4B4A-8634-02B7387552B0}\install.rdf
c:\windows\inf\vvt.pnf
c:\windows\naup10EU.dll
c:\windows\system32\208116323.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\Packet.dll
c:\windows\system32\Vb40032.dll
c:\windows\system32\wpcap.dll
c:\windows\ululedun.dll
Infected copy of c:\windows\system32\drivers\ohci1394.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_TAPISRVDOT3SVC
-------\Legacy_WZCSVCREMOTEREGISTRY
-------\Service_NPF
-------\Service_TapiSrvDot3svc
-------\Service_WZCSVCRemoteRegistry
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.
2010-05-28 18:01 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-05-28 18:01 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-05-22 07:53 . 2010-05-22 07:53 -------- d-----w- c:\program files\HooTech Net Meter
2010-05-13 18:02 . 2010-05-13 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-05-13 18:02 . 2010-05-13 18:08 -------- d-----w- c:\program files\PCPitstop
2010-05-12 18:29 . 2010-05-13 06:34 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-09 15:35 . 2010-05-09 15:35 -------- d--h--w- c:\windows\PIF
2010-05-09 15:34 . 2010-05-09 15:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2010-05-09 15:34 . 2010-05-09 15:34 -------- d-----w- c:\windows\Hewlett-Packard
2010-05-06 16:44 . 2010-05-28 18:10 755200 ----a-w- c:\windows\system32\drivers\qnaneyqw.sys
2010-05-03 05:38 . 2010-05-03 05:38 259328 ----a-w- c:\windows\system32\o.dat
2010-05-02 17:54 . 2010-05-02 18:10 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Deadtime Stories
2010-05-02 17:52 . 2010-05-02 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Deadtime Stories
2010-05-02 17:52 . 2010-05-02 17:53 -------- d-----w- c:\program files\Deadtime Stories
2010-05-02 15:42 . 2010-05-02 15:42 -------- d-----w- c:\program files\iPod
2010-05-02 15:42 . 2010-05-02 15:43 -------- d-----w- c:\program files\iTunes
2010-05-02 15:35 . 2010-05-02 15:35 -------- d-----w- c:\program files\Bonjour
2010-05-01 21:19 . 2010-04-27 16:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-01 21:19 . 2010-04-27 16:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-01 21:19 . 2010-04-27 16:16 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-01 21:19 . 2010-04-27 16:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-01 21:19 . 2010-04-27 16:16 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-01 21:19 . 2010-04-27 16:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-01 21:19 . 2010-04-27 16:16 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-30 16:48 . 2010-05-28 05:55 0 ----a-w- c:\windows\Rbibebuxeyakiwik.bin
2010-04-30 16:48 . 2010-05-27 19:31 120 ----a-w- c:\windows\Ysigedulofos.dat
2010-04-30 06:16 . 2010-05-16 06:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 20:25 . 2008-09-15 19:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-21 18:01 . 2010-01-10 16:28 -------- d-----w- c:\program files\Game_Maker8
2010-05-16 11:30 . 2009-03-14 17:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-16 08:04 . 2007-01-07 08:40 -------- d-----w- c:\program files\McAfee
2010-05-16 06:05 . 2009-02-12 15:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-13 16:41 . 2006-09-21 07:24 -------- d-----w- c:\program files\Google
2010-05-12 18:10 . 2009-05-07 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-06 16:42 . 2010-05-06 16:42 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qvjsge.dat
2010-05-02 15:42 . 2007-09-19 18:09 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 15:32 . 2010-05-02 15:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-02 05:16 . 2007-01-07 08:40 -------- d-----w- c:\program files\McAfee.com
2010-05-01 21:25 . 2007-01-07 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-01 21:23 . 2007-01-07 08:40 -------- d-----w- c:\program files\Common Files\McAfee
2010-05-01 13:56 . 2008-10-25 14:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-30 16:46 . 2010-04-30 16:46 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\wzmjhy.dat
2010-04-29 14:39 . 2009-03-16 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-03-16 20:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 16:16 . 2007-01-07 08:40 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 16:16 . 2007-01-07 08:40 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 16:16 . 2007-01-07 08:40 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-17 16:09 . 2010-04-17 16:09 181208 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-11 19:10 . 2010-04-11 19:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GOA
2010-04-11 19:10 . 2010-04-11 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\GOA
2010-04-08 17:16 . 2007-09-09 17:06 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 18:25 . 2010-04-02 17:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LegacyInteractive
2010-04-05 17:08 . 2010-04-05 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-05 17:03 . 2010-04-05 17:03 -------- d-----w- c:\program files\QuickTime
2010-04-02 17:47 . 2010-04-02 17:45 -------- d-----w- c:\program files\The Lost Cases of 221B Baker St
2010-04-01 18:37 . 2010-04-01 18:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Artogon
2010-03-18 19:21 . 2010-03-18 19:21 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-03-10 06:15 . 2004-08-10 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2007-01-07 14:36 . 2007-01-07 14:36 251 ----a-w- c:\program files\wt3d.ini
2007-01-26 15:46 . 2007-01-26 15:46 22 -csha-w- c:\windows\SMINST\HPCD.sys
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\program files\HooTech Net Meter\HooNetMeter.exe" [2010-04-20 585728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [01/05/2010 22:19 82952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [05/09/2008 13:44 93320]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [01/05/2010 22:18 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [01/05/2010 22:18 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [01/05/2010 22:19 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [01/05/2010 22:19 141792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [01/05/2010 22:19 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [01/05/2010 22:19 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [01/05/2010 22:19 88480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2010 09:27 135664]
S2 iPodRDSessMgr;iPod Service iPodRDSessMgr;c:\windows\system32\apphelpo.exe srv --> c:\windows\system32\apphelpo.exe srv [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [01/05/2010 22:19 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [01/05/2010 22:19 83496]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
*Deregistered* - qnaneyqw
.
Contents of the 'Scheduled Tasks' folder
2010-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 08:27]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 08:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Ldorefedah - c:\windows\naup10EU.dll
HKLM-Run-Wwalufic - c:\windows\ululedun.dll
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 19:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qnaneyqw]
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2010-05-28 19:19:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 18:19
ComboFix2.txt 2009-03-16 21:37
Pre-Run: 109,857,058,816 bytes free
Post-Run: 110,735,974,400 bytes free
- - End Of File - - B96BA778AE61DA9411B25D60B51D6D57
shelf life
2010-05-29, 02:47
ok good. Re-directs gone? We will get one more download to use. link and directions:
Please download: RootRepeal
http://ad13.geekstogo.com/RootRepeal.exe
Click the icon on your desktop to start.
Click on the Report tab at the bottom of the window
Next, Click on the Scan button
In the Select Scan Window check everything:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Click the OK button
In the next dialog window select all the drives that are listed
Click OK to start the scan
May take some time to complete.
When done click the Save Report button.
Save the report to your desktop
To Exit RootRepeal: click File>Exit
Post the report in your reply
Snailspace
2010-05-29, 09:23
Hi
Redirects seem to be gone, and the cpu is not running quite as high.
I still seem to be getting a lot of traffic both downloads and uploads, with the uploads around 3x the downloads.
Thanks for your time.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/29 07:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA7996000 Size: 786432 File Visible: No Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA6C8C000 Size: 180608 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA3A6000 Size: 105344 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA3ED000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2A42000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\windows\temp\mcafee_bdgmihbe65xqz72
Status: Allocation size mismatch (API: 4096, Raw: 0)
Path: C:\WINDOWS\system32\drivers\qnaneyqw.sys
Status: Locked to the Windows API!
Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\9NE7A72D.8D7\EEW3YN83.LX8\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\9NE7A72D.8D7\EEW3YN83.LX8\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
Path: d:\system volume information\_restore{f7149ec7-4fa5-4148-81fa-2f7a6348fd9a}\rp265\change.log.2
Status: Allocation size mismatch (API: 16384, Raw: 4096)
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a6688c0 Size: 1857
==EOF==
shelf life
2010-05-30, 03:25
ok thanks for the info.we will get another tool to use. Link and directions:
Please download TDSS Killer.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your desktop
Extract the zip file to your desktop. double click to launch the utility. When its finished press any key to continue.
You can then find the log file in your Local Drive C:
TDSSkiller. version.date.time.log.txt
Please post the log.
Snailspace
2010-05-30, 09:24
Log below
I've only just rebooted, but cpu use is down & so is internt traffic.
07:10:14:359 5560 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
07:10:14:359 5560 ================================================================================
07:10:14:359 5560 SystemInfo:
07:10:14:359 5560 OS Version: 5.1.2600 ServicePack: 3.0
07:10:14:359 5560 Product type: Workstation
07:10:14:359 5560 ComputerName: MOREHATE
07:10:14:359 5560 UserName: HP_Administrator
07:10:14:359 5560 Windows directory: C:\WINDOWS
07:10:14:359 5560 Processor architecture: Intel x86
07:10:14:359 5560 Number of processors: 2
07:10:14:359 5560 Page size: 0x1000
07:10:14:359 5560 Boot type: Normal boot
07:10:14:359 5560 ================================================================================
07:10:14:703 5560 Initialize success
07:10:14:703 5560
07:10:14:703 5560 Scanning Services ...
07:10:15:187 5560 Raw services enum returned 373 services
07:10:15:203 5560 Suspicious serv qnaneyqw (h: 0, b: 1)
07:10:15:203 5560
07:10:15:203 5560 Hidden service detected!
07:10:15:203 5560 Service name: qnaneyqw
07:10:15:203 5560 Image path:
07:10:15:203 5560 Type "delete" (without quotes) to delete it: 07:10:29:625 5560
07:10:29:625 5560 By user detect qnaneyqw
07:10:29:625 5560 RegNode HKLM\SYSTEM\ControlSet001\services\qnaneyqw infected by TDSS rootkit ... 07:10:29:625 5560 will be deleted on reboot
07:10:29:625 5560 RegNode HKLM\SYSTEM\ControlSet002\services\qnaneyqw infected by TDSS rootkit ... 07:10:29:625 5560 will be deleted on reboot
07:10:29:625 5560 File C:\WINDOWS\system32\drivers\qnaneyqw.sys infected by TDSS rootkit ... 07:10:29:625 5560 will be deleted on reboot
07:10:29:625 5560
07:10:29:625 5560 Scanning Drivers ...
07:10:30:500 5560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:10:30:531 5560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
07:10:30:609 5560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
07:10:30:687 5560 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
07:10:30:765 5560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
07:10:30:828 5560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:10:30:859 5560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
07:10:30:890 5560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:10:30:937 5560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
07:10:30:953 5560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
07:10:31:015 5560 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
07:10:31:109 5560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
07:10:31:140 5560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
07:10:31:203 5560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
07:10:31:265 5560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:10:31:328 5560 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
07:10:31:390 5560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
07:10:31:437 5560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
07:10:31:515 5560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
07:10:31:531 5560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
07:10:31:546 5560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
07:10:31:593 5560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
07:10:31:656 5560 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
07:10:31:671 5560 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
07:10:31:734 5560 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
07:10:31:812 5560 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
07:10:31:859 5560 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
07:10:31:921 5560 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
07:10:32:031 5560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
07:10:32:171 5560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
07:10:32:203 5560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
07:10:32:218 5560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
07:10:32:281 5560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
07:10:32:296 5560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:10:32:328 5560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:10:32:390 5560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
07:10:32:500 5560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:10:32:546 5560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:10:32:562 5560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:10:32:640 5560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
07:10:32:687 5560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:10:32:703 5560 iaStor (88b1943ecff661f765228099138cf6ab) C:\WINDOWS\system32\DRIVERS\iastor.sys
07:10:32:718 5560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
07:10:32:937 5560 IntcAzAudAddService (81b7003bf13ff3ac95d7b2d4c2e8f787) C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:10:33:031 5560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
07:10:33:046 5560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:10:33:093 5560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
07:10:33:125 5560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:10:33:171 5560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:10:33:218 5560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:10:33:234 5560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:10:33:281 5560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
07:10:33:296 5560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:10:33:343 5560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:10:33:359 5560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:10:33:406 5560 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
07:10:33:453 5560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
07:10:33:656 5560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
07:10:33:718 5560 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys
07:10:33:828 5560 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
07:10:33:953 5560 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
07:10:34:062 5560 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
07:10:34:171 5560 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys
07:10:34:281 5560 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
07:10:34:343 5560 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
07:10:34:390 5560 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
07:10:34:500 5560 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
07:10:34:625 5560 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
07:10:34:703 5560 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys
07:10:34:812 5560 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
07:10:34:953 5560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
07:10:35:000 5560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
07:10:35:031 5560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:10:35:078 5560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:10:35:109 5560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
07:10:35:140 5560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:10:35:203 5560 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:10:35:234 5560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
07:10:35:265 5560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:10:35:281 5560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:10:35:328 5560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
07:10:35:375 5560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:10:35:500 5560 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
07:10:35:562 5560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
07:10:35:578 5560 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:10:35:656 5560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:10:35:671 5560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:10:35:687 5560 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
07:10:35:703 5560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
07:10:35:750 5560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
07:10:35:812 5560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
07:10:35:812 5560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
07:10:35:890 5560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
07:10:35:937 5560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
07:10:36:203 5560 nv (fee170f182d5167b6e06e490dd7b42d7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
07:10:36:640 5560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:10:36:656 5560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:10:36:718 5560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
07:10:36:765 5560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
07:10:36:781 5560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
07:10:36:812 5560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
07:10:36:828 5560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
07:10:36:859 5560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
07:10:36:906 5560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
07:10:37:015 5560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:10:37:031 5560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
07:10:37:062 5560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:10:37:078 5560 PxHelp20 (97b735de4e3cd44c71c8cb09bdbf07b7) C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:10:37:250 5560 qnaneyqw (b4fc6f7bc77a445ec6c44ce087105285) C:\WINDOWS\system32\drivers\qnaneyqw.sys
07:10:37:250 5560 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\qnaneyqw.sys. md5: b4fc6f7bc77a445ec6c44ce087105285
07:10:37:296 5560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:10:37:312 5560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:10:37:343 5560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:10:37:359 5560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
07:10:37:421 5560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:10:37:453 5560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:10:37:515 5560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:10:37:562 5560 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
07:10:37:609 5560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
07:10:37:640 5560 RT73 (6ea04a4370609e5e1eaeee898a2ab6ac) C:\WINDOWS\system32\DRIVERS\rt73.sys
07:10:37:734 5560 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
07:10:37:781 5560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:10:37:921 5560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
07:10:37:984 5560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
07:10:38:031 5560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
07:10:38:062 5560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
07:10:38:093 5560 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
07:10:38:125 5560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
07:10:38:156 5560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
07:10:38:265 5560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
07:10:38:296 5560 Tcpip (9425b72f40257b45d45d24773273dad0) C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:10:38:343 5560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
07:10:38:375 5560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
07:10:38:375 5560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
07:10:38:437 5560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
07:10:38:484 5560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
07:10:38:531 5560 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
07:10:38:671 5560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:10:38:703 5560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:10:38:734 5560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:10:38:796 5560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
07:10:38:812 5560 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:10:38:843 5560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:10:38:859 5560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
07:10:38:890 5560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
07:10:38:890 5560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
07:10:38:921 5560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:10:38:953 5560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
07:10:39:000 5560 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
07:10:39:015 5560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:10:39:062 5560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:10:39:062 5560 Reboot required for cure complete..
07:10:39:484 5560 Cure on reboot scheduled successfully
07:10:39:484 5560
07:10:39:484 5560 Completed
07:10:39:484 5560
07:10:39:484 5560 Results:
07:10:39:484 5560 Registry objects infected / cured / cured on reboot: 2 / 0 / 2
07:10:39:484 5560 File objects infected / cured / cured on reboot: 1 / 0 / 1
07:10:39:484 5560
07:10:39:500 5560 KLMD(ARK) unloaded successfully
shelf life
2010-05-30, 22:57
hi,
ok good. Please re-run RootRepeal once more.
Snailspace
2010-05-31, 08:51
Morning
PC ran much better yesterday, and downloads and upload were much more like usual.
Report below.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/31 06:38
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA94C1000 Size: 786432 File Visible: No Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xAC7A6000 Size: 7936 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA4BE000 Size: 105344 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA505000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5874000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\9NE7A72D.8D7\EEW3YN83.LX8\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!
Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\9NE7A72D.8D7\EEW3YN83.LX8\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!
Path: d:\system volume information\_restore{f7149ec7-4fa5-4148-81fa-2f7a6348fd9a}\rp265\change.log.2
Status: Allocation size mismatch (API: 16384, Raw: 4096)
==EOF==
shelf life
2010-06-01, 00:07
hi,
Ok good. you can get a utility that will remove combofix for you:
Please download OTCleanIt and save it to desktop.
http://oldtimer.geekstogo.com/OTC.exe
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
You can delete the RootRepeal icon from your desktop.
Last you can make a new restore point. The how and the why:
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore points)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore point on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
If all is good some tips to help you remain malware free;
10 Tips for Reducing/Preventing Your Risk To Malware:
In no special order
1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. There is no reason why your computer can not stay malware free.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and W7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) and do it yourself.
10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?
A longer version in link below.
Happy Safe Surfing.
Snailspace
2010-06-01, 21:24
Hi
Thank you so much for your help, it is greatly appreciated. All seems to be working well now.
Do I need to worry about what files were being downloaded & uploaded while the machine was infected? I’d hate to get a knock on the door if they were illegal files of some kind.
shelf life
2010-06-02, 00:12
ok your welcome. Hard to say what was going on other than the re-directs popups etc. Anything is possible with backdoors. This is the most advanced Windows rootkit created to date. Rootkits can hide from traditional AV and anti-malware software.
Could have had a single function or several functions. You might change your passwords and monitor your financial situation as a precaution.
Some suggest a re-format re-install of Windows after rootkit activity.