View Full Version : Can't get rid of ntndis.sys and ipsecndis.sys
surfboarder
2010-07-05, 05:34
DDS Log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by asmuthw at 23:24:05.34 on Sun 07/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.183 [GMT -4:00]
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
svchost.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Symantec\ClientVPN\logservice.exe
C:\Program Files\Symantec\ClientVPN\emroute.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spmonnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SAMSUNG\Easy Button Manager\EasyBtnMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\NBC Direct\DirectPlayerCore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Symantec\ClientVPN\nsetup.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN4.tmp
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Pando Networks\Media Booster\pmb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\asmuthw\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.stb.dot.gov/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [EasyButtonManager] c:\program files\samsung\easy button manager\EasyBtnMgr.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\clientvpn\nsetup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195060231517
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer\TerraExplorerX.dll
Notify: jrsghmah - cwgfdrk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\asmuthw\applic~1\mozilla\firefox\profiles\1alkgjud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newyorktimes.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\asmuthw\application data\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\documents and settings\asmuthw\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\asmuthw\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\asmuthw\application data\mozilla\firefox\profiles\1alkgjud.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-7 207280]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-11 160792]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-11-14 4300]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-14 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 Symantec Client VPN;Symantec Client VPN;vpnservices.exe --> vpnservices.exe [?]
R3 axtvpn;Symantec Client VPN Driver;c:\windows\system32\drivers\axtvpn.sys [2008-5-15 764592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-11-14 36608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-14 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-14 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-14 170408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]
S2 jnbnrjtf;IPv6 Windows Firewall Controller;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pcbeygexqkbut;pcbeygexqkbut;\??\c:\windows\system32\drivers\ccpph.sys --> c:\windows\system32\drivers\ccpph.sys [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-11 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-11 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-11 81288]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-11 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-11 1141200]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-27 11520]
=============== Created Last 30 ================
2010-07-04 16:44:24 2912340 ----a-w- C:\British TV.exe
2010-07-03 01:53:20 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2010-06-09 00:57:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-05 19:26:00 0 d-----w- c:\program files\common files\xing shared
==================== Find3M ====================
2010-07-03 01:53:20 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 21:51:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-06-30 00:22:51 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-06-30 00:22:51 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-06-30 00:22:51 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 23:25:15.48 ===============
IndiGenus
2010-07-11, 00:25
Hello surfboarder and welcome back to the forums.
Sorry for the delay in getting to your post.
Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.
Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select the drive that Windows is installed on, typically C:\, and uncheck the rest.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.txt and copy/paste the contents in your next reply. If the file is too large to copy and paste you can upload it.
Exit the program and re-enable all active protection when done.
surfboarder
2010-07-11, 01:44
will do the gmer scan and post results.
Thanks for the help.
surfboarder
2010-07-11, 02:43
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 20:37:00
Windows 5.1.2600 Service Pack 3
Running: 1z49lu3v.exe; Driver: C:\DOCUME~1\asmuthw\LOCALS~1\Temp\awloyfow.sys
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF733BE22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF731CCDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF731CECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF733C610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF733C8C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF733AB14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF733CD30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF733C0E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF731C982]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF69F0380, 0x2F2807, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\pmb.exe[1124] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e12141
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e12ce3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e12ebf
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26e12141 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26e12ce3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26e12ebf (not active ControlSet)
---- EOF - GMER 1.0.15 ----
IndiGenus
2010-07-11, 02:47
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool.
Read through all the instructions before running combofix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please also make sure you allow combofix to install the recovery console.
Please include the C:\ComboFix.txt in your next reply for further review.
surfboarder
2010-07-11, 04:14
I also got a "PSD Runtime Error" message when the machine rebooted.
Again - thanks for the help.
.................................
ComboFix 10-07-10.01 - asmuthw 07/10/2010 21:46:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.532 [GMT -4:00]
Running from: c:\documents and settings\asmuthw\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\1152763595.dat
c:\windows\system32\cwgfdrk.dll
c:\windows\system32\Thumbs.db
c:\windows\Tasks\At1.job
c:\windows\wiaservim.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JNBNRJTF
-------\Service_jnbnrjtf
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-04 16:44 . 2010-07-01 19:17 2912340 ----a-w- C:\British TV.exe
2010-07-04 14:51 . 2010-07-04 14:51 -------- d-----w- c:\documents and settings\asmuthw\Local Settings\Application Data\Help
2010-07-03 01:53 . 2010-07-03 01:53 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 01:55 . 2008-06-21 21:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-10 23:11 . 2008-06-20 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-05 03:50 . 2004-08-04 03:14 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-07-05 03:22 . 2008-09-14 13:38 -------- d-----w- c:\program files\SopCast
2010-07-05 03:21 . 2008-08-24 13:58 -------- d-----w- c:\program files\TVAnts
2010-07-04 15:10 . 2009-10-17 22:16 -------- d-----w- c:\documents and settings\asmuthw\Application Data\vlc
2010-07-04 14:01 . 2009-10-17 00:59 -------- d-----w- c:\documents and settings\asmuthw\Application Data\NBC Direct
2010-06-30 03:48 . 2009-02-11 05:11 -------- d-----w- c:\program files\Spyware Doctor
2010-06-12 00:04 . 2010-02-16 21:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-05 19:27 . 2010-06-05 19:27 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-05 19:27 . 2010-06-05 19:27 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-05 19:27 . 2010-06-05 19:27 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-05 19:27 . 2010-06-05 19:27 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-05 19:27 . 2010-06-05 19:27 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-05 19:27 . 2008-08-25 21:04 -------- d-----w- c:\program files\Common Files\Real
2010-06-05 19:26 . 2009-11-19 01:37 -------- d-----w- c:\program files\Real
2010-06-05 19:26 . 2010-06-05 19:26 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-22 00:04 . 2010-05-22 00:04 503808 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d424a65-n\msvcp71.dll
2010-05-22 00:04 . 2010-05-22 00:04 499712 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d424a65-n\jmc.dll
2010-05-22 00:04 . 2010-05-22 00:04 348160 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d424a65-n\msvcr71.dll
2010-05-22 00:04 . 2010-05-22 00:04 61440 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19977883-n\decora-sse.dll
2010-05-22 00:04 . 2010-05-22 00:04 12800 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19977883-n\decora-d3d.dll
2010-05-20 14:23 . 2008-06-20 21:45 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 03:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-02-14 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-02-14 19:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 21:51 . 2010-04-28 21:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2004-08-04 04:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-09-24 1150016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"EasyButtonManager"="c:\program files\SAMSUNG\Easy Button Manager\EasyBtnMgr.exe" [2007-05-05 356352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-05 202256]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-14 25214]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 561213]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-11-14 114688]
Symantec Client VPN.lnk - c:\program files\Symantec\ClientVPN\nsetup.exe [2008-5-15 1073424]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-11-14 106560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Documents and Settings\\asmuthw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\SPMONNT.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57313:TCP"= 57313:TCP:Pando Media Booster
"57313:UDP"= 57313:UDP:Pando Media Booster
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/7/2009 8:17 AM 207280]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2/11/2009 12:34 AM 160792]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 7:07 AM 39080]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [11/14/2007 12:33 PM 4300]
R2 Symantec Client VPN;Symantec Client VPN;vpnservices.exe --> vpnservices.exe [?]
R3 axtvpn;Symantec Client VPN Driver;c:\windows\system32\drivers\axtvpn.sys [5/15/2008 11:24 AM 764592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/14/2007 12:24 PM 36608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 9:59 PM 133104]
S2 pcbeygexqkbut;pcbeygexqkbut;\??\c:\windows\system32\drivers\ccpph.sys --> c:\windows\system32\drivers\ccpph.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/11/2009 1:11 AM 358600]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/27/2010 12:21 AM 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-20 18:24]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 01:59]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 01:59]
2010-07-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1019521287-1167121082-2473808744-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1019521287-1167121082-2473808744-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.stb.dot.gov/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\asmuthw\Application Data\Mozilla\Firefox\Profiles\1alkgjud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newyorktimes.com/
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\asmuthw\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\documents and settings\asmuthw\Application Data\Mozilla\Firefox\Profiles\1alkgjud.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-jrsghmah - (no file)
AddRemove-HijackThis - c:\documents and settings\asmuthw\Desktop\Utilities\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 21:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1604)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Symantec\ClientVPN\vpnservices.exe
c:\program files\Symantec\ClientVPN\logservice.exe
c:\program files\Symantec\ClientVPN\emroute.exe
c:\windows\system32\spmonnt.exe
c:\windows\RTHDCPL.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\rundll32.exe
c:\windows\AGRSMMSG.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Pando Networks\Media Booster\pmb.exe
.
**************************************************************************
.
Completion time: 2010-07-10 22:03:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 02:03
ComboFix2.txt 2009-05-10 15:54
Pre-Run: 38,418,599,936 bytes free
Post-Run: 38,609,076,224 bytes free
- - End Of File - - 486036547BC1B26F028B6C9F8C9A7375
IndiGenus
2010-07-11, 04:39
1. Open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window:
File::
c:\windows\system32\drivers\ccpph.sys
Driver::
pcbeygexqkbut
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new DDS log. Just DDS.txt. .
surfboarder
2010-07-11, 05:19
ComboFix 10-07-10.01 - asmuthw 07/10/2010 22:53:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.465 [GMT -4:00]
Running from: c:\documents and settings\asmuthw\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\asmuthw\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FILE ::
"c:\windows\system32\drivers\ccpph.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PCBEYGEXQKBUT
-------\Service_pcbeygexqkbut
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-04 16:44 . 2010-07-01 19:17 2912340 ----a-w- C:\British TV.exe
2010-07-04 14:51 . 2010-07-04 14:51 -------- d-----w- c:\documents and settings\asmuthw\Local Settings\Application Data\Help
2010-07-03 01:53 . 2010-07-03 01:53 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 03:04 . 2008-06-21 21:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 03:01 . 2009-02-11 04:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-10 23:11 . 2008-06-20 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-05 03:50 . 2004-08-04 03:14 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-07-05 03:22 . 2008-09-14 13:38 -------- d-----w- c:\program files\SopCast
2010-07-05 03:21 . 2008-08-24 13:58 -------- d-----w- c:\program files\TVAnts
2010-07-04 15:10 . 2009-10-17 22:16 -------- d-----w- c:\documents and settings\asmuthw\Application Data\vlc
2010-07-04 14:01 . 2009-10-17 00:59 -------- d-----w- c:\documents and settings\asmuthw\Application Data\NBC Direct
2010-06-12 00:04 . 2010-02-16 21:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-05 19:27 . 2010-06-05 19:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-05 19:27 . 2010-06-05 19:27 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-05 19:27 . 2010-06-05 19:27 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-05 19:27 . 2010-06-05 19:27 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-05 19:27 . 2010-06-05 19:27 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-05 19:27 . 2010-06-05 19:27 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-05 19:27 . 2008-08-25 21:04 -------- d-----w- c:\program files\Common Files\Real
2010-06-05 19:26 . 2009-11-19 01:37 -------- d-----w- c:\program files\Real
2010-06-05 19:26 . 2010-06-05 19:26 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-22 00:04 . 2010-05-22 00:04 503808 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d424a65-n\msvcp71.dll
2010-05-22 00:04 . 2010-05-22 00:04 499712 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d424a65-n\jmc.dll
2010-05-22 00:04 . 2010-05-22 00:04 348160 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d424a65-n\msvcr71.dll
2010-05-22 00:04 . 2010-05-22 00:04 61440 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19977883-n\decora-sse.dll
2010-05-22 00:04 . 2010-05-22 00:04 12800 ----a-w- c:\documents and settings\asmuthw\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19977883-n\decora-d3d.dll
2010-05-20 14:23 . 2008-06-20 21:45 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 03:17 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-02-14 19:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-02-14 19:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 21:51 . 2010-04-28 21:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30 . 2004-08-04 04:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DirectPlayerCore"="c:\program files\NBC Direct\DirectPlayerCore.exe" [2009-09-24 1150016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"EasyButtonManager"="c:\program files\SAMSUNG\Easy Button Manager\EasyBtnMgr.exe" [2007-05-05 356352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-13 483328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-05 202256]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-14 25214]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-11 561213]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-11-14 114688]
Symantec Client VPN.lnk - c:\program files\Symantec\ClientVPN\nsetup.exe [2008-5-15 1073424]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-11-14 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jrsghmah]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Documents and Settings\\asmuthw\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\WINDOWS\\system32\\SPMONNT.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\NBC Direct\\DirectPlayerCore.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57313:TCP"= 57313:TCP:Pando Media Booster
"57313:UDP"= 57313:UDP:Pando Media Booster
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2/11/2009 12:34 AM 160792]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 7:07 AM 39080]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [11/14/2007 12:33 PM 4300]
R2 Symantec Client VPN;Symantec Client VPN;vpnservices.exe --> vpnservices.exe [?]
R3 axtvpn;Symantec Client VPN Driver;c:\windows\system32\drivers\axtvpn.sys [5/15/2008 11:24 AM 764592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [11/14/2007 12:24 PM 36608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 9:59 PM 133104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/27/2010 12:21 AM 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-20 18:24]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 01:59]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 01:59]
2010-07-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1019521287-1167121082-2473808744-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
2010-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1019521287-1167121082-2473808744-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.stb.dot.gov/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\asmuthw\Application Data\Mozilla\Firefox\Profiles\1alkgjud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newyorktimes.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 23:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nslsvice.exe
c:\windows\system32\nsl.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\windows\system32\ifxtcs.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\lotus\notes\ntmulti.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Symantec\ClientVPN\vpnservices.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Symantec\ClientVPN\logservice.exe
c:\program files\Symantec\ClientVPN\emroute.exe
c:\windows\system32\spmonnt.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\windows\AGRSMMSG.exe
c:\program files\Infineon\Security Platform Software\SpTna.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Pando Networks\Media Booster\pmb.exe
.
**************************************************************************
.
Completion time: 2010-07-10 23:10:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 03:10
ComboFix2.txt 2010-07-11 02:03
ComboFix3.txt 2009-05-10 15:54
Pre-Run: 38,819,348,480 bytes free
Post-Run: 38,728,978,432 bytes free
- - End Of File - - D8CB9B680722789DC9DD75FC70863E44
--------------------------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by asmuthw at 23:12:00.23 on Sat 07/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.337 [GMT -4:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
svchost.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Symantec\ClientVPN\logservice.exe
C:\Program Files\Symantec\ClientVPN\emroute.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\spmonnt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SAMSUNG\Easy Button Manager\EasyBtnMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\NBC Direct\DirectPlayerCore.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Symantec\ClientVPN\nsetup.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Pando Networks\Media Booster\pmb.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\asmuthw\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.stb.dot.gov/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DirectPlayerCore] "c:\program files\nbc direct\DirectPlayerCore.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [EasyButtonManager] c:\program files\samsung\easy button manager\EasyBtnMgr.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\clientvpn\nsetup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195060231517
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer\TerraExplorerX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\asmuthw\applic~1\mozilla\firefox\profiles\1alkgjud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newyorktimes.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-11 160792]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-11-14 4300]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-14 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 Symantec Client VPN;Symantec Client VPN;vpnservices.exe --> vpnservices.exe [?]
R3 axtvpn;Symantec Client VPN Driver;c:\windows\system32\drivers\axtvpn.sys [2008-5-15 764592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-11-14 36608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-14 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-14 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-14 170408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-14 133104]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-27 11520]
=============== Created Last 30 ================
2010-07-11 01:38:36 98816 ----a-w- c:\windows\sed.exe
2010-07-11 01:38:36 77312 ----a-w- c:\windows\MBR.exe
2010-07-11 01:38:36 256512 ----a-w- c:\windows\PEV.exe
2010-07-11 01:38:36 161792 ----a-w- c:\windows\SWREG.exe
2010-07-04 16:44:24 2912340 ----a-w- C:\British TV.exe
2010-07-03 01:53:20 210816 -c--a-w- c:\windows\system32\dllcache\ndis.sys
==================== Find3M ====================
2010-07-05 03:50:11 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 21:51:46 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
============= FINISH: 23:12:54.82 ===============
IndiGenus
2010-07-11, 15:29
I also got a "PSD Runtime Error" message when the machine rebootedAre you still seeing that message?
Delete Temp files
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with new DDS logs.
surfboarder
2010-07-11, 16:59
I'm still getting the PSD runtime error on boot-up, though...very strange.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4302
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/11/2010 10:25:55 AM
mbam-log-2010-07-11 (10-25-55).txt
Scan type: Quick scan
Objects scanned: 153148
Time elapsed: 8 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
IndiGenus
2010-07-11, 17:20
Please run DDS again and post both of the logs this time.
Also, does the error give you any more detail than that? Code numbers, etc...? Please note everything and report back.
surfboarder
2010-07-11, 18:46
This is the attach file that was generated by the error. I'm attaching the DDS logs. Back after WC Final...
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="PSDrt.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="IfxSpURsBR.dll" SIZE="3059712" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F2435" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:06" UPTO_LINK_DATE="02/01/2007 16:46:06" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsCH.dll" SIZE="2953216" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2D98D0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:21" UPTO_LINK_DATE="02/01/2007 16:46:21" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsCHT.dll" SIZE="2953216" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2DD66C" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:23" UPTO_LINK_DATE="02/01/2007 16:46:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsFR.dll" SIZE="3072000" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F133A" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:08" UPTO_LINK_DATE="02/01/2007 16:46:08" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsGR.dll" SIZE="3067904" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F90D0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:11" UPTO_LINK_DATE="02/01/2007 16:46:11" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsIT.dll" SIZE="3063808" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F089B" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:13" UPTO_LINK_DATE="02/01/2007 16:46:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsJP.dll" SIZE="2981888" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2E6C1C" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:16" UPTO_LINK_DATE="02/01/2007 16:46:16" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsKR.dll" SIZE="2977792" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2DF4AC" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:25" UPTO_LINK_DATE="02/01/2007 16:46:25" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsRU.dll" SIZE="3055616" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F7072" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:28" UPTO_LINK_DATE="02/01/2007 16:46:28" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsSP.dll" SIZE="3076096" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F25AA" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:18" UPTO_LINK_DATE="02/01/2007 16:46:18" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxSpURsUS.dll" SIZE="3039232" CHECKSUM="0x9B370544" BIN_FILE_VERSION="3.0.1239.1" BIN_PRODUCT_VERSION="3.0.1239.1" PRODUCT_VERSION="3.00.1239.01" FILE_DESCRIPTION="Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.01" ORIGINAL_FILENAME="IfxSpURs.dll" INTERNAL_NAME="IfxSpURs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x2F02B4" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.1" UPTO_BIN_PRODUCT_VERSION="3.0.1239.1" LINK_DATE="02/01/2007 16:46:04" UPTO_LINK_DATE="02/01/2007 16:46:04" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsBR.dll" SIZE="53248" CHECKSUM="0x7B794028" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1B76E" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:36" UPTO_LINK_DATE="01/23/2007 19:05:36" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsCH.dll" SIZE="34304" CHECKSUM="0x9B1FB700" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xE331" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:48" UPTO_LINK_DATE="01/23/2007 19:05:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsCHT.dll" SIZE="34304" CHECKSUM="0x6DA3CB6F" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1676B" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:53" UPTO_LINK_DATE="01/23/2007 19:05:53" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsFR.dll" SIZE="53248" CHECKSUM="0xD8EF1827" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x183AC" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:38" UPTO_LINK_DATE="01/23/2007 19:05:38" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsGR.dll" SIZE="53248" CHECKSUM="0x87AA0427" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD699" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:42" UPTO_LINK_DATE="01/23/2007 19:05:42" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsIT.dll" SIZE="53248" CHECKSUM="0x19F32828" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x16C51" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:44" UPTO_LINK_DATE="01/23/2007 19:05:44" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsJP.dll" SIZE="45056" CHECKSUM="0x26242BE7" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x126E1" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:45" UPTO_LINK_DATE="01/23/2007 19:05:45" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsKR.dll" SIZE="45056" CHECKSUM="0x3A753028" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xEEBF" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:54" UPTO_LINK_DATE="01/23/2007 19:05:54" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IfxTrsMs.dll" SIZE="204800" CHECKSUM="0x452A29A1" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Message Table" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRsMs.dll" INTERNAL_NAME="IFXTRsMs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x37DB4" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:34" UPTO_LINK_DATE="01/23/2007 19:05:34" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsRU.dll" SIZE="53248" CHECKSUM="0xAC3C4C28" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1561D" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:55" UPTO_LINK_DATE="01/23/2007 19:05:55" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsSP.dll" SIZE="53248" CHECKSUM="0xB86D1027" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1C6E1" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:46" UPTO_LINK_DATE="01/23/2007 19:05:46" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="IFXTRsUS.dll" SIZE="53248" CHECKSUM="0xA82C0C27" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="TCPA TSS Resources" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFXTRs.dll" INTERNAL_NAME="IFXTRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x13620" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:35" UPTO_LINK_DATE="01/23/2007 19:05:35" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="Psd.dll" SIZE="581632" CHECKSUM="0x829E5499" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD middleware layer" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PSD.DLL" INTERNAL_NAME="PSD.DLL" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9CA88" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:08:53" UPTO_LINK_DATE="01/23/2007 19:08:53" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PSDmsg.DLL" SIZE="7680" CHECKSUM="0x36E1A4B4" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Message DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PSDmsg.dll" INTERNAL_NAME="PSDmsg.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1128D" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:07:12" UPTO_LINK_DATE="01/23/2007 19:07:12" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsBR.dll" SIZE="233472" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4026D" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:13" UPTO_LINK_DATE="01/23/2007 19:16:13" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsCH.dll" SIZE="204800" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x35DD9" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:24" UPTO_LINK_DATE="01/23/2007 19:16:24" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsCHT.dll" SIZE="204800" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x35666" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:29" UPTO_LINK_DATE="01/23/2007 19:16:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsFR.dll" SIZE="233472" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x47672" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:14" UPTO_LINK_DATE="01/23/2007 19:16:14" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsGR.dll" SIZE="237568" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x460FA" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:18" UPTO_LINK_DATE="01/23/2007 19:16:18" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsIT.dll" SIZE="233472" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x42BFE" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:21" UPTO_LINK_DATE="01/23/2007 19:16:21" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsJP.dll" SIZE="212992" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x436BA" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:22" UPTO_LINK_DATE="01/23/2007 19:16:22" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsKR.dll" SIZE="212992" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3CCD7" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:30" UPTO_LINK_DATE="01/23/2007 19:16:30" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsRU.dll" SIZE="229376" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3A8B8" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:32" UPTO_LINK_DATE="01/23/2007 19:16:32" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsSP.dll" SIZE="233472" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3ABFE" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:23" UPTO_LINK_DATE="01/23/2007 19:16:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PsdRsUS.dll" SIZE="229376" CHECKSUM="0x7A7FDBA3" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Resource DLL" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PsdRs.dll" INTERNAL_NAME="PsdRs.dll" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x3A7EE" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:16:12" UPTO_LINK_DATE="01/23/2007 19:16:12" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="PSDrt.exe" SIZE="181792" CHECKSUM="0x51F7A30E" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD Runtime Application" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PSDRT.EXE" INTERNAL_NAME="PSDRT.EXE" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x35015" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:15:09" UPTO_LINK_DATE="01/23/2007 19:15:09" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpBackupWz.exe" SIZE="980512" CHECKSUM="0x2B2BB065" BIN_FILE_VERSION="3.0.1239.5" BIN_PRODUCT_VERSION="3.0.1239.5" PRODUCT_VERSION="3.00.1239.05" FILE_DESCRIPTION="Backup Wizard" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.05" ORIGINAL_FILENAME="SpBackupWz.exe" INTERNAL_NAME="SpBackupWz.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xEF750" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.5" UPTO_BIN_PRODUCT_VERSION="3.0.1239.5" LINK_DATE="02/22/2007 21:25:35" UPTO_LINK_DATE="02/22/2007 21:25:35" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpMigWz.exe" SIZE="763424" CHECKSUM="0xBB11051A" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="Migration Wizard" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpMigWz.exe" INTERNAL_NAME="SpMigWz.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xC5EC7" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 18:51:37" UPTO_LINK_DATE="01/23/2007 18:51:37" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpMUIHlp.exe" SIZE="79392" CHECKSUM="0xB1B65742" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="MUI Helper" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpMuiHlp.exe" INTERNAL_NAME="SpMuiHlp.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x19598" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:05:21" UPTO_LINK_DATE="01/23/2007 19:05:21" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpP12Wz.exe" SIZE="505376" CHECKSUM="0xD89E476" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PKCS #12 Import Wizard" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpP12Wz.exe" INTERNAL_NAME="SpP12Wz.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x7E289" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 18:55:47" UPTO_LINK_DATE="01/23/2007 18:55:47" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpPwdResetWz.exe" SIZE="788000" CHECKSUM="0x395A34D4" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="Password Reset Wizard" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpPwdResetWz.exe" INTERNAL_NAME="SpPwdResetWz.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xC135F" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 18:57:27" UPTO_LINK_DATE="01/23/2007 18:57:27" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpTNA.exe" SIZE="661024" CHECKSUM="0xE5873F7D" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="Taskbar Notification Icon" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpTNA.exe" INTERNAL_NAME="SpTNA.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xAE698" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:00:29" UPTO_LINK_DATE="01/23/2007 19:00:29" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpTPMWz.exe" SIZE="751136" CHECKSUM="0xC28E3077" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="Initialization Wizard" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpTPMWz.exe" INTERNAL_NAME="SpTPMWz.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xBBFD7" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 18:46:48" UPTO_LINK_DATE="01/23/2007 18:46:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpUpgrade.exe" SIZE="394784" CHECKSUM="0x47AB052C" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="Upgrade-Tool" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="IFX-SpUpgrade.exe" INTERNAL_NAME="IFX-SpUpgrade.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x611BA" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:06:37" UPTO_LINK_DATE="01/23/2007 19:06:37" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="SpUserWz.exe" SIZE="1062432" CHECKSUM="0x33D4A01F" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="User Initialization Wizard" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="SpUserWz.exe" INTERNAL_NAME="SpUserWz.exe" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x10FFC0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 18:49:13" UPTO_LINK_DATE="01/23/2007 18:49:13" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="psd.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="Psd.dll" SIZE="581632" CHECKSUM="0x829E5499" BIN_FILE_VERSION="3.0.1239.0" BIN_PRODUCT_VERSION="3.0.1239.0" PRODUCT_VERSION="3.00.1239.00" FILE_DESCRIPTION="PSD middleware layer" COMPANY_NAME="Infineon Technologies AG" PRODUCT_NAME="Infineon TPM Software" FILE_VERSION="3.00.1239.00" ORIGINAL_FILENAME="PSD.DLL" INTERNAL_NAME="PSD.DLL" LEGAL_COPYRIGHT="© Infineon Technologies AG 2003-2007" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x9CA88" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.1239.0" UPTO_BIN_PRODUCT_VERSION="3.0.1239.0" LINK_DATE="01/23/2007 19:08:53" UPTO_LINK_DATE="01/23/2007 19:08:53" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
IndiGenus
2010-07-11, 19:30
Appears to be related to this program:
Infineon TPM Professional Package
I'm not familiar with what it is or does. Something you use? You could try re-installing it if so. If not then you can uninstall.
surfboarder
2010-07-12, 00:23
I'll see about doing that. I think that this is unrelated to the current problem, which I believe is fixed.
So, I really appreciate all the help - thanks so much.
Best regards.
IndiGenus
2010-07-12, 01:41
One more virus scan in order I think. And a security update check.
Go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
surfboarder
2010-07-12, 05:00
Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 11, 2010 21:02:59
Records in database: 4232635
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
R:\
Scan statistics:
Objects scanned: 66508
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:03:03
File name / Threat / Threats count
C:\WINDOWS\system32\dllcache\ndis.sys Infected: Virus.Win32.Protector.f 1
C:\WINDOWS\system32\drivers\etc\hosts.20090531-021030.backup Infected: Trojan.Win32.Qhost.mcf 1
Selected area has been scanned.
---------------------------------------------------------------------------
Security Check log:
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 20
Adobe Flash Player 10.1.53.64
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise SHSTAT.EXE
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
IndiGenus
2010-07-12, 15:09
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
ndis.sys
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
surfboarder
2010-07-12, 15:54
Can't do it now - out for 6 hrs.
surfboarder
2010-07-12, 23:22
Also, just after the log popped up, McAfee on-access alert indicated that it cleaned the ndis.sys file.
McAfee log:
The file C:\WINDOWS\system32\dllcache\ndis.sys contained W32/Cutwail.a!rootkit Virus. The file was successfully cleaned with Scan engine version 5400.1158 DAT version 6040.0000.
-------------------------------------------------------------------------
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:14 on 12/07/2010 by asmuthw (Administrator - Elevation successful)
========== filefind ==========
Searching for "ndis.sys"
C:\WINDOWS\$NtServicePackUninstall$\ndis.sys --a--c 182912 bytes [11:25 20/06/2008] [03:14 04/08/2004] 558635D3AF1C7546D26067D5D9B6959E
C:\WINDOWS\ERDNT\cache\ndis.sys --a--- 182656 bytes [02:00 11/07/2010] [03:50 05/07/2010] 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\ServicePackFiles\i386\ndis.sys --a--- 182656 bytes [11:34 20/06/2008] [04:50 14/04/2008] 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\system32\dllcache\ndis.sys --a--c 210816 bytes [01:53 03/07/2010] [01:53 03/07/2010] 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\system32\drivers\ndis.sys --a--- 182656 bytes [03:14 04/08/2004] [03:50 05/07/2010] 1DF7F42665C94B825322FAE71721130D
-=End Of File=-
IndiGenus
2010-07-12, 23:45
Let's make sure it was cleaned. The dllcache folder essentially contains backups of system files, in case something happens to a system file it automatically gets replaced. Hate to have that happen with an infected file down the road.
Please go to http://www.virustotal.com/en/indexf.html
click on Browse, and upload the following file for analysis:
C:\WINDOWS\system32\dllcache\ndis.sys
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see. Or you can copy the link to the VT results page if that is easier.
You can also delete that old hosts file backup.
C:\WINDOWS\system32\drivers\etc\hosts.20090531-021030.backup
surfboarder
2010-07-13, 00:30
seems the directory and file no longer exist on this machine...I did delete the backup file, though.
IndiGenus
2010-07-13, 00:36
Sorry need to make sure hidden files are showing, my bad.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx
surfboarder
2010-07-13, 01:46
I did have the "show hidden files" tab checked, but didn't have the "hide systems file" unchecked...
IndiGenus
2010-07-13, 02:03
Looks clean to me and right size now too. So no need to worry there. Sometimes just going through the process of looking for a file like that will trigger the AV that something is wrong. Which looks like that happened here.
Other than the start-up issue is all running well?
Uninstall Combofix
Click START then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
The above procedure will:
Delete the following: ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
Now to remove most of the tools that we have used in fixing your machine:
Make sure you have an Internet Connection.
Download OTC (http://oldtimer.geekstogo.com/OTC.exe) to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Let me know if there are any other issues.
surfboarder
2010-07-13, 02:42
everything (save the TPM startup problem) seems just fine.
Thanks for all the help - really appreciate the time & effort.
Best regards.
IndiGenus
2010-07-13, 02:57
everything (save the TPM startup problem) seems just fine.
Great, and I bet a simple re-install or repair install if available will fix the problem.
Now that you are clean please take some time to read through TonyKlein's So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)
Glad we could help,
Dave