Slow, Freezes & Re-Directing Browser [Archive]

View Full Version : Slow, Freezes & Re-Directing Browser

Lori445

2011-09-18, 16:15

When I start the computer I get a FUFAXSTM.EXE error. My browser started being re-directed, running slow then freezing. Here is the DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Owner at 10:09:25 on 2011-09-18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.22 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\1895240179:216926351.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AVG7_CC] c:\progra~1\grisoft\avgfre~1\avgcc.exe /STARTUP
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [PDUiP6600DMon] c:\program files\canon\memory card utility\ip6600d\PDUiP6600DMon.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{63EABCA9-5C75-4110-B1E6-63F5F039CA0C} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
.
=============== Created Last 30 ================
.
2011-09-18 11:44:54 -------- d-----w- c:\windows\system32\appmgmt
2011-09-18 11:14:43 -------- d-----w- c:\program files\Trend Micro
2011-09-18 01:29:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-18 01:29:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-17 12:16:05 -------- d-----w- c:\program files\real(2)
.
==================== Find3M ====================
.
2011-07-03 16:14:05 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 10:10:15.76 ===============

jeffce

2011-09-19, 18:44

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything or run additional scans unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

There should have been a log named Attach.txt created when you ran DDS. Could you post that into your next reply? :)
----------

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

In your next reply please post the Attach.txt log created by DDS when you ran it and the log created by GMER. :)

Lori445

2011-09-20, 01:30

Im not able to get through the GMER scan, it keeps shutting down half way through. During the last attempt a blue screen came up saying Windows was shutting down to prevent further damage to your computer.

jeffce

2011-09-20, 02:20

Hi Lori445,

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

In your next reply please post the logs created by TDSSKiller and ComboFix. :)

Lori445

2011-09-20, 02:56

Here's TDSSKiller Log still trying to DL combofix:

2011/09/19 20:40:48.0703 2740 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/19 20:40:49.0796 2740 ================================================================================
2011/09/19 20:40:49.0796 2740 SystemInfo:
2011/09/19 20:40:49.0796 2740
2011/09/19 20:40:49.0796 2740 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/19 20:40:49.0796 2740 Product type: Workstation
2011/09/19 20:40:49.0796 2740 ComputerName: TOSHIBA-USER
2011/09/19 20:40:49.0796 2740 UserName: Owner
2011/09/19 20:40:49.0796 2740 Windows directory: C:\WINDOWS
2011/09/19 20:40:49.0796 2740 System windows directory: C:\WINDOWS
2011/09/19 20:40:49.0796 2740 Processor architecture: Intel x86
2011/09/19 20:40:49.0796 2740 Number of processors: 1
2011/09/19 20:40:49.0796 2740 Page size: 0x1000
2011/09/19 20:40:49.0796 2740 Boot type: Normal boot
2011/09/19 20:40:49.0796 2740 ================================================================================
2011/09/19 20:40:54.0250 2740 Initialize success
2011/09/19 20:41:11.0406 3596 ================================================================================
2011/09/19 20:41:11.0406 3596 Scan started
2011/09/19 20:41:11.0406 3596 Mode: Manual;
2011/09/19 20:41:11.0406 3596 ================================================================================
2011/09/19 20:41:18.0000 3596 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/19 20:41:18.0937 3596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/19 20:41:21.0593 3596 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/09/19 20:41:23.0921 3596 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/19 20:41:26.0109 3596 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/09/19 20:41:29.0343 3596 AgereSoftModem (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/19 20:41:38.0843 3596 AR5211 (65b963f05458a7ee00473eb21ce3789d) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/19 20:41:43.0218 3596 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/19 20:41:44.0796 3596 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/19 20:41:45.0890 3596 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/19 20:41:49.0203 3596 ati2mtag (956c7ec3a9de96f785b829beb41e3c3e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/19 20:41:54.0203 3596 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/19 20:41:55.0890 3596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/19 20:41:57.0156 3596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/19 20:41:59.0156 3596 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
2011/09/19 20:42:00.0406 3596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/19 20:42:02.0687 3596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/19 20:42:03.0500 3596 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/19 20:42:04.0671 3596 Cdrom (fb7cb75ca81b4599a328777168daf0c1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/19 20:42:07.0765 3596 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/19 20:42:09.0640 3596 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/19 20:42:14.0046 3596 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/19 20:42:16.0265 3596 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/19 20:42:18.0640 3596 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/19 20:42:19.0828 3596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/19 20:42:21.0062 3596 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/19 20:42:22.0921 3596 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/19 20:42:23.0593 3596 f311f770 (f77d14fb6a4011ee98d3e73242405617) C:\WINDOWS\1895240179:216926351.exe
2011/09/19 20:42:27.0250 3596 Suspicious file (Hidden): C:\WINDOWS\1895240179:216926351.exe. md5: f77d14fb6a4011ee98d3e73242405617
2011/09/19 20:42:27.0265 3596 f311f770 - detected HiddenFile.Multi.Generic (1)
2011/09/19 20:42:28.0953 3596 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/19 20:42:30.0171 3596 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/19 20:42:31.0453 3596 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/19 20:42:32.0203 3596 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/19 20:42:33.0890 3596 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/19 20:42:35.0171 3596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/19 20:42:36.0359 3596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/19 20:42:37.0656 3596 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/19 20:42:39.0390 3596 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/19 20:42:40.0578 3596 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/19 20:42:43.0687 3596 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/19 20:42:47.0250 3596 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/19 20:42:48.0046 3596 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/19 20:42:56.0281 3596 IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/19 20:43:04.0468 3596 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/19 20:43:05.0546 3596 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/19 20:43:06.0281 3596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/19 20:43:07.0359 3596 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/19 20:43:08.0734 3596 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/19 20:43:09.0984 3596 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/19 20:43:11.0296 3596 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/19 20:43:12.0750 3596 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/19 20:43:14.0000 3596 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/19 20:43:14.0718 3596 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/19 20:43:15.0953 3596 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/19 20:43:18.0015 3596 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/09/19 20:43:20.0046 3596 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/19 20:43:23.0468 3596 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/09/19 20:43:24.0765 3596 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/19 20:43:25.0812 3596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/19 20:43:27.0031 3596 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/19 20:43:27.0781 3596 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/19 20:43:28.0843 3596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/19 20:43:30.0234 3596 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/19 20:43:32.0640 3596 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/19 20:43:34.0796 3596 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/19 20:43:36.0281 3596 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/19 20:43:37.0453 3596 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/19 20:43:38.0515 3596 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/19 20:43:39.0562 3596 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/19 20:43:40.0703 3596 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/19 20:43:41.0937 3596 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/19 20:43:43.0343 3596 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/19 20:43:44.0968 3596 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/19 20:43:46.0046 3596 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/19 20:43:46.0812 3596 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/19 20:43:47.0937 3596 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/19 20:43:49.0000 3596 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/19 20:43:50.0265 3596 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/19 20:43:51.0515 3596 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/09/19 20:43:52.0703 3596 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/19 20:43:54.0453 3596 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/19 20:43:56.0562 3596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/19 20:43:57.0671 3596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/19 20:43:58.0843 3596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/19 20:44:00.0062 3596 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/19 20:44:01.0281 3596 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/19 20:44:02.0437 3596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/19 20:44:03.0734 3596 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/19 20:44:05.0546 3596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/19 20:44:06.0671 3596 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/19 20:44:14.0843 3596 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/19 20:44:16.0187 3596 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/19 20:44:17.0390 3596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/19 20:44:18.0546 3596 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/19 20:44:19.0578 3596 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
2011/09/19 20:44:24.0031 3596 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
2011/09/19 20:44:24.0859 3596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/19 20:44:25.0640 3596 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/19 20:44:26.0484 3596 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/19 20:44:27.0343 3596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/19 20:44:28.0296 3596 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/19 20:44:29.0656 3596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/19 20:44:30.0671 3596 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/19 20:44:31.0671 3596 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/19 20:44:32.0593 3596 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/19 20:44:33.0578 3596 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/09/19 20:44:34.0500 3596 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/19 20:44:35.0390 3596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/19 20:44:36.0562 3596 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/09/19 20:44:37.0468 3596 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/19 20:44:38.0234 3596 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/19 20:44:39.0234 3596 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/19 20:44:41.0484 3596 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/19 20:44:42.0484 3596 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/19 20:44:43.0812 3596 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/19 20:44:45.0156 3596 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/19 20:44:46.0437 3596 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/19 20:44:51.0359 3596 SynTP (21a8abc15f829baea7145c6f2cb108f5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/19 20:44:53.0312 3596 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/19 20:44:54.0828 3596 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/09/19 20:44:56.0343 3596 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/19 20:44:57.0546 3596 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/09/19 20:44:58.0281 3596 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/19 20:44:59.0046 3596 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/19 20:45:00.0250 3596 tdudf (09aa3cf863793f92276b39e74878c386) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/09/19 20:45:01.0687 3596 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/19 20:45:04.0078 3596 Udfs (7cef3e36843bf5dd55120fcce88800ce) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/19 20:45:07.0515 3596 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/19 20:45:08.0937 3596 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/19 20:45:09.0687 3596 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/19 20:45:10.0500 3596 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/19 20:45:11.0406 3596 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/19 20:45:12.0484 3596 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/19 20:45:13.0500 3596 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/19 20:45:14.0484 3596 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/19 20:45:15.0265 3596 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/19 20:45:18.0218 3596 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/19 20:45:20.0171 3596 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/19 20:45:21.0656 3596 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/09/19 20:45:23.0828 3596 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/19 20:45:27.0453 3596 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/19 20:45:28.0953 3596 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/09/19 20:45:30.0500 3596 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/19 20:45:32.0046 3596 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/19 20:45:33.0953 3596 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/19 20:45:34.0296 3596 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
2011/09/19 20:45:44.0515 3596 Boot (0x1200) (2d4956fca569ee5c0b7f3947ee0d9540) \Device\Harddisk0\DR0\Partition0
2011/09/19 20:45:44.0546 3596 ================================================================================
2011/09/19 20:45:44.0546 3596 Scan finished
2011/09/19 20:45:44.0546 3596 ================================================================================
2011/09/19 20:45:44.0562 0756 Detected object count: 1
2011/09/19 20:45:44.0562 0756 Actual detected object count: 1
2011/09/19 20:46:00.0406 0756 HiddenFile.Multi.Generic(f311f770) - User select action: Skip
2011/09/19 20:46:28.0078 3864 ================================================================================
2011/09/19 20:46:28.0078 3864 Scan started
2011/09/19 20:46:28.0078 3864 Mode: Manual;
2011/09/19 20:46:28.0078 3864 ================================================================================
2011/09/19 20:46:41.0187 3864 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/19 20:46:43.0140 3864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/19 20:46:46.0046 3864 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/09/19 20:46:48.0015 3864 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/19 20:46:49.0906 3864 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/09/19 20:46:53.0250 3864 AgereSoftModem (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/19 20:47:02.0390 3864 AR5211 (65b963f05458a7ee00473eb21ce3789d) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/19 20:47:09.0265 3864 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/19 20:47:10.0437 3864 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/19 20:47:11.0765 3864 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/19 20:47:15.0531 3864 ati2mtag (956c7ec3a9de96f785b829beb41e3c3e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/19 20:47:18.0421 3864 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/19 20:47:19.0750 3864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/19 20:47:21.0156 3864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/19 20:47:22.0312 3864 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
2011/09/19 20:47:24.0000 3864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/19 20:47:27.0000 3864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/19 20:47:28.0468 3864 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/19 20:47:29.0953 3864 Cdrom (fb7cb75ca81b4599a328777168daf0c1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/19 20:47:32.0140 3864 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/19 20:47:34.0750 3864 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/19 20:47:39.0406 3864 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/19 20:47:41.0500 3864 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/19 20:47:43.0515 3864 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/19 20:47:44.0656 3864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/19 20:47:45.0937 3864 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/19 20:47:47.0953 3864 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/19 20:47:48.0406 3864 f311f770 (f77d14fb6a4011ee98d3e73242405617) C:\WINDOWS\1895240179:216926351.exe
2011/09/19 20:47:49.0265 3864 Suspicious file (Hidden): C:\WINDOWS\1895240179:216926351.exe. md5: f77d14fb6a4011ee98d3e73242405617
2011/09/19 20:47:49.0281 3864 f311f770 - detected HiddenFile.Multi.Generic (1)
2011/09/19 20:47:50.0296 3864 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/19 20:47:51.0609 3864 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/19 20:47:52.0390 3864 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/19 20:47:53.0218 3864 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/19 20:47:54.0093 3864 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/19 20:47:54.0953 3864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/19 20:47:56.0062 3864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/19 20:47:57.0000 3864 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/19 20:47:57.0984 3864 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/19 20:47:59.0031 3864 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/19 20:48:01.0000 3864 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/19 20:48:04.0281 3864 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/19 20:48:05.0343 3864 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/19 20:48:11.0765 3864 IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/19 20:48:17.0984 3864 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/19 20:48:18.0906 3864 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/19 20:48:19.0656 3864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/19 20:48:20.0406 3864 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/19 20:48:21.0468 3864 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/19 20:48:22.0453 3864 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/19 20:48:23.0468 3864 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/19 20:48:24.0296 3864 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/19 20:48:25.0218 3864 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/19 20:48:26.0015 3864 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/19 20:48:27.0484 3864 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/19 20:48:28.0875 3864 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/09/19 20:48:30.0484 3864 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/19 20:48:33.0046 3864 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/09/19 20:48:34.0203 3864 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/19 20:48:35.0359 3864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/19 20:48:36.0421 3864 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/19 20:48:37.0421 3864 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/19 20:48:38.0265 3864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/19 20:48:39.0093 3864 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/19 20:48:40.0671 3864 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/19 20:48:42.0156 3864 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/19 20:48:43.0640 3864 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/19 20:48:44.0625 3864 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/19 20:48:45.0312 3864 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/19 20:48:46.0109 3864 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/19 20:48:46.0984 3864 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/19 20:48:48.0203 3864 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/19 20:48:49.0500 3864 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/19 20:48:50.0562 3864 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/19 20:48:51.0312 3864 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/19 20:48:52.0156 3864 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/19 20:48:53.0156 3864 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/19 20:48:54.0484 3864 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/19 20:48:55.0656 3864 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/19 20:48:56.0812 3864 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/09/19 20:48:57.0562 3864 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/19 20:48:59.0031 3864 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/19 20:49:00.0500 3864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/19 20:49:01.0234 3864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/19 20:49:02.0171 3864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/19 20:49:02.0984 3864 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/19 20:49:03.0812 3864 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/19 20:49:04.0625 3864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/19 20:49:05.0406 3864 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/19 20:49:07.0109 3864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/19 20:49:08.0203 3864 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/19 20:49:14.0375 3864 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/19 20:49:15.0765 3864 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/19 20:49:16.0812 3864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/19 20:49:17.0765 3864 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/19 20:49:18.0796 3864 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
2011/09/19 20:49:23.0109 3864 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
2011/09/19 20:49:23.0890 3864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/19 20:49:24.0703 3864 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/19 20:49:25.0484 3864 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/19 20:49:26.0265 3864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/19 20:49:27.0390 3864 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/19 20:49:28.0484 3864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/19 20:49:29.0671 3864 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/19 20:49:30.0906 3864 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/19 20:49:31.0781 3864 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/19 20:49:32.0703 3864 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/09/19 20:49:33.0593 3864 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/19 20:49:34.0546 3864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/19 20:49:35.0421 3864 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/09/19 20:49:36.0187 3864 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/19 20:49:36.0953 3864 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/19 20:49:37.0890 3864 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/19 20:49:40.0015 3864 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/19 20:49:40.0828 3864 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/19 20:49:42.0109 3864 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/19 20:49:43.0484 3864 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/19 20:49:44.0468 3864 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/19 20:49:48.0812 3864 SynTP (21a8abc15f829baea7145c6f2cb108f5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/19 20:49:50.0187 3864 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/19 20:49:51.0515 3864 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/09/19 20:49:53.0078 3864 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/19 20:49:54.0312 3864 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/09/19 20:49:55.0093 3864 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/19 20:49:56.0046 3864 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/19 20:49:57.0156 3864 tdudf (09aa3cf863793f92276b39e74878c386) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/09/19 20:49:58.0187 3864 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/19 20:49:59.0781 3864 Udfs (7cef3e36843bf5dd55120fcce88800ce) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/19 20:50:01.0750 3864 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/19 20:50:03.0031 3864 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/19 20:50:03.0796 3864 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/19 20:50:04.0625 3864 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/19 20:50:05.0625 3864 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/19 20:50:06.0703 3864 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/19 20:50:07.0781 3864 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/19 20:50:08.0796 3864 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/19 20:50:09.0703 3864 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/09/19 20:50:11.0265 3864 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/19 20:50:12.0500 3864 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/19 20:50:13.0546 3864 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/09/19 20:50:14.0937 3864 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/19 20:50:17.0156 3864 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/19 20:50:17.0984 3864 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/09/19 20:50:19.0046 3864 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/19 20:50:20.0187 3864 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/19 20:50:21.0250 3864 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/19 20:50:21.0343 3864 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
2011/09/19 20:50:23.0875 3864 Boot (0x1200) (2d4956fca569ee5c0b7f3947ee0d9540) \Device\Harddisk0\DR0\Partition0
2011/09/19 20:50:23.0890 3864 ================================================================================
2011/09/19 20:50:23.0890 3864 Scan finished
2011/09/19 20:50:23.0890 3864 ================================================================================
2011/09/19 20:50:23.0921 0124 Detected object count: 1
2011/09/19 20:50:23.0921 0124 Actual detected object count: 1
2011/09/19 20:51:18.0000 0124 HiddenFile.Multi.Generic(f311f770) - User select action: Skip

Lori445

2011-09-20, 05:23

... and here is the combofix log. It said I was infected with RootKit.ZeroAccess

Thanks Jeff :)

jeffce

2011-09-20, 16:54

Hi Lori445,

Thank you for the logs but would you please copy/paste the logs into your replies? It helps me to read them more easily. :)
----------

1. Close any open browsers.

2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Lori445

2011-09-20, 19:26

ComboFix 11-09-19.04 - Owner 09/20/2011 12:57:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.147 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))))))))))))))))))))))))))
.
.
2011-09-20 01:31 . 2011-02-08 01:16 62592 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-09-20 01:31 . 2011-02-08 01:16 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-20 00:02 . 2011-09-20 00:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-18 12:00 . 2011-09-18 12:01 -------- d-----w- c:\program files\ERUNT
2011-09-18 11:14 . 2011-09-18 11:14 -------- d-----w- c:\program files\Trend Micro
2011-09-18 01:29 . 2011-09-18 01:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-18 01:29 . 2011-09-18 01:29 -------- d-----w- c:\program files\Real
2011-09-17 12:16 . 2011-09-18 01:29 -------- d-----w- c:\program files\real(2)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 16:14 . 2011-07-03 16:14 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-20_03.04.45 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"PDUiP6600DMon"="c:\program files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 69632]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-10-19 155648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PadTouch"=c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
"SmoothView"=c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 2:50 PM 98816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 9:00 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 9:00 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 01:00]
.
2011-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 01:00]
.
2011-09-20 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-20 13:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-09-20 13:24:06
ComboFix-quarantined-files.txt 2011-09-20 17:24
ComboFix2.txt 2011-09-20 03:15
.
Pre-Run: 42,887,536,640 bytes free
Post-Run: 42,876,882,944 bytes free
.
- - End Of File - - EF325AB2556FAAFF48BC1AC600CED1F2

jeffce

2011-09-20, 22:08

Hi Lori445,

I see that you have Malwarebytes on your system. Please start that program, Update it and then run a Quick Scan. It will produce a log that I will need in your next reply.
---------------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

http://www.eset.com/onlinescan/
----------------

In your next reply please post the logs created by Malwarebytes and ESET Online Scanner.

Lori445

2011-09-21, 10:56

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7757

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

9/20/2011 6:37:18 PM
mbam-log-2011-09-20 (18-37-17).txt

Scan type: Quick scan
Objects scanned: 175704
Time elapsed: 21 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

C:\Program Files\OurBabyMaker_27EI\Installr\1.bin\27EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
Operating memory Win32/RegistryBooster application

jeffce

2011-09-21, 13:50

Hi Lori445,

Things seem to be looking better. How is your system running?
----------

Please go to Start > Run > type CMD and press Enter. This will open the command prompt. Please copy/paste the bolded text below into the command prompt and press Enter.

del "C:\Program Files\OurBabyMaker_27EI\Installr\1.bin\27EIPlug.dll" /f /q

----------

Once you get that complete please run DDS once more and post both logs created into your next reply.

Lori445

2011-09-21, 16:11

System seems to be running much better. No more re-directing and not lagging. Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Owner at 10:07:36 on 2011-09-21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.137 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [PDUiP6600DMon] c:\program files\canon\memory card utility\ip6600d\PDUiP6600DMon.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{63EABCA9-5C75-4110-B1E6-63F5F039CA0C} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
.
=============== Created Last 30 ================
.
2011-09-20 23:04:41 -------- d-----w- c:\program files\ESET
2011-09-20 01:31:53 62592 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-09-20 01:31:53 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-20 01:17:55 -------- d-sha-r- C:\cmdcons
2011-09-20 01:07:05 208896 ----a-w- c:\windows\MBR.exe
2011-09-20 01:07:04 98816 ----a-w- c:\windows\sed.exe
2011-09-20 01:07:04 518144 ----a-w- c:\windows\SWREG.exe
2011-09-20 01:07:04 256000 ----a-w- c:\windows\PEV.exe
2011-09-18 11:44:54 -------- d-----w- c:\windows\system32\appmgmt
2011-09-18 11:14:43 -------- d-----w- c:\program files\Trend Micro
2011-09-18 01:29:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-18 01:29:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-17 12:16:05 -------- d-----w- c:\program files\real(2)
.
==================== Find3M ====================
.
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 16:14:05 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 10:09:09.71 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2006 9:51:51 AM
System Uptime: 9/19/2011 11:00:35 PM (35 hours ago)
.
Motherboard: TOSHIBA | | Satellite L35
Processor: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | U23 | 1599/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 39.761 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP369: 6/22/2011 6:12:11 AM - System Checkpoint
RP370: 6/23/2011 6:55:34 AM - System Checkpoint
RP371: 6/24/2011 6:59:03 AM - System Checkpoint
RP372: 6/25/2011 7:55:45 AM - System Checkpoint
RP373: 6/26/2011 8:55:46 AM - System Checkpoint
RP374: 6/27/2011 10:31:10 AM - System Checkpoint
RP375: 6/28/2011 10:56:55 AM - System Checkpoint
RP376: 6/29/2011 11:50:38 AM - System Checkpoint
RP377: 6/30/2011 12:50:39 PM - System Checkpoint
RP378: 7/1/2011 12:52:44 PM - System Checkpoint
RP379: 7/2/2011 1:48:40 PM - System Checkpoint
RP380: 7/3/2011 2:30:15 PM - System Checkpoint
RP381: 7/4/2011 3:39:57 PM - System Checkpoint
RP382: 7/5/2011 4:22:56 PM - System Checkpoint
RP383: 7/6/2011 5:17:24 PM - System Checkpoint
RP384: 7/7/2011 5:21:41 PM - System Checkpoint
RP385: 7/8/2011 6:25:10 PM - System Checkpoint
RP386: 7/9/2011 7:19:48 PM - System Checkpoint
RP387: 7/10/2011 8:19:15 PM - System Checkpoint
RP388: 7/11/2011 8:19:52 PM - System Checkpoint
RP389: 7/12/2011 8:21:02 PM - System Checkpoint
RP390: 7/12/2011 8:30:27 PM - Installed Windows XP -- Software Updates KB952011.
RP391: 7/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP392: 7/14/2011 3:19:52 AM - System Checkpoint
RP393: 7/15/2011 4:19:42 AM - System Checkpoint
RP394: 7/19/2011 6:22:30 PM - System Checkpoint
RP395: 7/20/2011 6:47:44 PM - System Checkpoint
RP396: 7/21/2011 8:00:11 PM - System Checkpoint
RP397: 7/22/2011 10:38:53 PM - System Checkpoint
RP398: 7/23/2011 10:49:08 PM - System Checkpoint
RP399: 7/24/2011 11:47:50 PM - System Checkpoint
RP400: 7/26/2011 12:47:47 AM - System Checkpoint
RP401: 7/27/2011 1:47:50 AM - System Checkpoint
RP402: 7/28/2011 2:47:53 AM - System Checkpoint
RP403: 7/29/2011 3:47:56 AM - System Checkpoint
RP404: 7/30/2011 5:39:46 AM - System Checkpoint
RP405: 7/31/2011 5:48:01 AM - System Checkpoint
RP406: 8/1/2011 6:48:01 AM - System Checkpoint
RP407: 8/2/2011 7:12:54 AM - System Checkpoint
RP408: 8/3/2011 8:01:57 AM - System Checkpoint
RP409: 8/4/2011 8:04:01 AM - System Checkpoint
RP410: 8/6/2011 11:50:51 PM - System Checkpoint
RP411: 8/8/2011 12:24:02 AM - System Checkpoint
RP412: 8/9/2011 1:24:01 AM - System Checkpoint
RP413: 8/10/2011 2:24:04 AM - System Checkpoint
RP414: 8/11/2011 3:00:19 AM - Software Distribution Service 3.0
RP415: 8/12/2011 3:24:02 AM - System Checkpoint
RP416: 8/13/2011 4:24:02 AM - System Checkpoint
RP417: 8/14/2011 5:24:02 AM - System Checkpoint
RP418: 8/15/2011 6:24:05 AM - System Checkpoint
RP419: 8/16/2011 8:27:41 AM - System Checkpoint
RP420: 8/19/2011 8:06:17 PM - System Checkpoint
RP421: 8/20/2011 8:35:14 PM - System Checkpoint
RP422: 8/21/2011 9:34:07 PM - System Checkpoint
RP423: 8/24/2011 10:39:12 PM - System Checkpoint
RP424: 8/25/2011 10:45:05 PM - System Checkpoint
RP425: 8/26/2011 10:47:08 PM - System Checkpoint
RP426: 8/27/2011 10:51:37 PM - System Checkpoint
RP427: 8/28/2011 1:47:33 PM - Restore Operation
RP428: 8/29/2011 1:56:19 PM - System Checkpoint
RP429: 8/30/2011 2:35:03 PM - System Checkpoint
RP430: 8/31/2011 2:55:13 PM - System Checkpoint
RP431: 8/31/2011 9:40:20 PM - Restore Operation
RP432: 9/1/2011 10:35:03 PM - System Checkpoint
RP433: 9/2/2011 10:47:09 PM - System Checkpoint
RP434: 9/3/2011 11:47:09 PM - System Checkpoint
RP435: 9/5/2011 12:47:06 AM - System Checkpoint
RP436: 9/6/2011 1:47:09 AM - System Checkpoint
RP437: 9/7/2011 2:47:10 AM - System Checkpoint
RP438: 9/8/2011 3:47:08 AM - System Checkpoint
RP439: 9/9/2011 4:47:09 AM - System Checkpoint
RP440: 9/10/2011 5:47:07 AM - System Checkpoint
RP441: 9/11/2011 6:47:04 AM - System Checkpoint
RP442: 9/12/2011 7:47:09 AM - System Checkpoint
RP443: 9/13/2011 8:47:09 AM - System Checkpoint
RP444: 9/14/2011 3:00:18 AM - Software Distribution Service 3.0
RP445: 9/15/2011 3:47:08 AM - System Checkpoint
RP446: 9/16/2011 4:47:09 AM - System Checkpoint
RP447: 9/17/2011 5:47:09 AM - System Checkpoint
RP448: 9/17/2011 9:25:28 PM - Restore Operation
RP449: 9/17/2011 10:50:51 PM - Restore Operation
RP450: 9/18/2011 7:06:49 AM - Software Distribution Service 3.0
RP451: 9/18/2011 7:14:40 AM - Installed HiJackThis
RP452: 9/18/2011 7:34:10 AM - Restore Operation
RP453: 9/18/2011 7:44:47 AM - Removed HiJackThis
RP454: 9/19/2011 6:43:43 PM - Software Distribution Service 3.0
RP455: 9/20/2011 3:00:48 AM - Software Distribution Service 3.0
RP456: 9/21/2011 3:01:38 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AIM 6.0
AIM 7
Apple Application Support
Apple Software Update
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI Control Panel
ATI Display Driver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Canon iP6600D
Canon iP6600D Memory Card Utility
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
ContentManager
Coupon Printer for Windows
Desktop Dialer
Download Updater (AOL LLC)
DVD-RAM Driver
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 320 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.2
ERUNT 1.1j
ESET Online Scanner v3
ESPNMotion
FATE
ffdshow [rev 2527] [2008-12-19]
GemMaster Mystic
GolfLogix Course Manager 3.5
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 5700 Series
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 20
Lexmark 2300 Series
Lexmark Fax Solutions
Mah Jong Quest
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WinUsb 2.0
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Office 2003 Trial Assistant
OpenOffice.org 3.2
Otto
P3ProSwing Commercial Version
Penguins!
Picasa 3
PL-2303 USB-to-Serial
Polar Bowler
Polar Golfer
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Rhapsody
SCRABBLE
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic Encoders
Spybot - Search & Destroy 1.4
StreamTorrent 1.0
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
Toshiba Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Uniblue RegistryBooster
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Veetle TV 0.9.18
Verizon V CAST Media Manager
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Microsoft Internal (WDF:UMDF) (WUDFRd) USB (05/27/2008 6.0.6001.18000)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (07/08/2008 5.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
9/19/2011 9:25:58 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
9/19/2011 9:25:58 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
9/19/2011 7:23:26 PM, error: System Error [1003] - Error code 10000050, parameter1 e121f000, parameter2 00000000, parameter3 804d9a69, parameter4 00000001.
9/19/2011 7:09:50 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 ef33b8a4, parameter3 ef33b5a0, parameter4 f733e399.
9/19/2011 6:50:20 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/19/2011 6:48:15 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/18/2011 10:10:00 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/18/2011 10:06:56 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

jeffce

2011-09-21, 16:47

Hi Lori445,

System seems to be running much better. :bigthumb:
----------

Ok we have some updates to do that may take some time to complete, but be patient as these are very important.

I notice that you are running Windows XP with Service Pack 2. The most recent is Service Pack 3. It is very important to keep Windows updated so that it will help reduce security vulnerabilities. Please open your Internet Explorer browser > Tools > Windows Update > Express. This will begin the download of all the updates you will need for Windows. Continue with the updates until there are not any remaining. This may take some time to complete so don't worry.
----------

You are using an outdated version of Internet Explorer. Please update Internet Explorer to version 8 found here (http://www.microsoft.com/download/en/details.aspx?id=43).
----------

You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html). Be sure to delete any older versions by going to Start > Control Panel > Add/Remove Programs.
----------

Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own folder

Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
----------

Once you get all of that completed run DDS once more and post both of the new logs. We are on the home stretch now. :) If you have any problems let me know.

Lori445

2011-09-22, 03:36

OK here ya go ... Thanks Jeff, :bigthumb: everything seems back to normal!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:32:14 on 2011-09-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.123 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.excite.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SkyTel] SkyTel.EXE
mRun: [PDUiP6600DMon] c:\program files\canon\memory card utility\ip6600d\PDUiP6600DMon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{63EABCA9-5C75-4110-B1E6-63F5F039CA0C} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 135664]
.
=============== Created Last 30 ================
.
2011-09-22 00:07:02 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-09-22 00:02:08 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2011-09-21 23:48:10 -------- d-----w- c:\windows\ie8updates
2011-09-21 23:35:19 -------- dc-h--w- c:\windows\ie8
2011-09-21 23:29:29 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-09-21 23:29:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-09-21 23:29:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-21 23:29:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-21 16:43:14 -------- d-----w- c:\windows\system32\scripting
2011-09-21 16:43:12 -------- d-----w- c:\windows\l2schemas
2011-09-21 16:43:08 -------- d-----w- c:\windows\system32\en
2011-09-21 16:43:07 -------- d-----w- c:\windows\system32\bits
2011-09-20 23:04:41 -------- d-----w- c:\program files\ESET
2011-09-20 01:31:53 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-20 01:17:55 -------- d-sha-r- C:\cmdcons
2011-09-20 01:07:05 208896 ----a-w- c:\windows\MBR.exe
2011-09-20 01:07:04 98816 ----a-w- c:\windows\sed.exe
2011-09-20 01:07:04 518144 ----a-w- c:\windows\SWREG.exe
2011-09-20 01:07:04 256000 ----a-w- c:\windows\PEV.exe
2011-09-18 11:44:54 -------- d-----w- c:\windows\system32\appmgmt
2011-09-18 11:14:43 -------- d-----w- c:\program files\Trend Micro
2011-09-18 01:29:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-18 01:29:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-17 12:16:05 -------- d-----w- c:\program files\real(2)
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-22 01:25:41 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-22 01:25:41 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 16:14:05 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:34:41.65 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2006 9:51:51 AM
System Uptime: 9/21/2011 7:59:07 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Satellite L35
Processor: Intel(R) Celeron(R) M CPU 420 @ 1.60GHz | U23 | 1599/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 37.66 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP386: 7/9/2011 7:19:48 PM - System Checkpoint
RP387: 7/10/2011 8:19:15 PM - System Checkpoint
RP388: 7/11/2011 8:19:52 PM - System Checkpoint
RP389: 7/12/2011 8:21:02 PM - System Checkpoint
RP390: 7/12/2011 8:30:27 PM - Installed Windows XP -- Software Updates KB952011.
RP391: 7/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP392: 7/14/2011 3:19:52 AM - System Checkpoint
RP393: 7/15/2011 4:19:42 AM - System Checkpoint
RP394: 7/19/2011 6:22:30 PM - System Checkpoint
RP395: 7/20/2011 6:47:44 PM - System Checkpoint
RP396: 7/21/2011 8:00:11 PM - System Checkpoint
RP397: 7/22/2011 10:38:53 PM - System Checkpoint
RP398: 7/23/2011 10:49:08 PM - System Checkpoint
RP399: 7/24/2011 11:47:50 PM - System Checkpoint
RP400: 7/26/2011 12:47:47 AM - System Checkpoint
RP401: 7/27/2011 1:47:50 AM - System Checkpoint
RP402: 7/28/2011 2:47:53 AM - System Checkpoint
RP403: 7/29/2011 3:47:56 AM - System Checkpoint
RP404: 7/30/2011 5:39:46 AM - System Checkpoint
RP405: 7/31/2011 5:48:01 AM - System Checkpoint
RP406: 8/1/2011 6:48:01 AM - System Checkpoint
RP407: 8/2/2011 7:12:54 AM - System Checkpoint
RP408: 8/3/2011 8:01:57 AM - System Checkpoint
RP409: 8/4/2011 8:04:01 AM - System Checkpoint
RP410: 8/6/2011 11:50:51 PM - System Checkpoint
RP411: 8/8/2011 12:24:02 AM - System Checkpoint
RP412: 8/9/2011 1:24:01 AM - System Checkpoint
RP413: 8/10/2011 2:24:04 AM - System Checkpoint
RP414: 8/11/2011 3:00:19 AM - Software Distribution Service 3.0
RP415: 8/12/2011 3:24:02 AM - System Checkpoint
RP416: 8/13/2011 4:24:02 AM - System Checkpoint
RP417: 8/14/2011 5:24:02 AM - System Checkpoint
RP418: 8/15/2011 6:24:05 AM - System Checkpoint
RP419: 8/16/2011 8:27:41 AM - System Checkpoint
RP420: 8/19/2011 8:06:17 PM - System Checkpoint
RP421: 8/20/2011 8:35:14 PM - System Checkpoint
RP422: 8/21/2011 9:34:07 PM - System Checkpoint
RP423: 8/24/2011 10:39:12 PM - System Checkpoint
RP424: 8/25/2011 10:45:05 PM - System Checkpoint
RP425: 8/26/2011 10:47:08 PM - System Checkpoint
RP426: 8/27/2011 10:51:37 PM - System Checkpoint
RP427: 8/28/2011 1:47:33 PM - Restore Operation
RP428: 8/29/2011 1:56:19 PM - System Checkpoint
RP429: 8/30/2011 2:35:03 PM - System Checkpoint
RP430: 8/31/2011 2:55:13 PM - System Checkpoint
RP431: 8/31/2011 9:40:20 PM - Restore Operation
RP432: 9/1/2011 10:35:03 PM - System Checkpoint
RP433: 9/2/2011 10:47:09 PM - System Checkpoint
RP434: 9/3/2011 11:47:09 PM - System Checkpoint
RP435: 9/5/2011 12:47:06 AM - System Checkpoint
RP436: 9/6/2011 1:47:09 AM - System Checkpoint
RP437: 9/7/2011 2:47:10 AM - System Checkpoint
RP438: 9/8/2011 3:47:08 AM - System Checkpoint
RP439: 9/9/2011 4:47:09 AM - System Checkpoint
RP440: 9/10/2011 5:47:07 AM - System Checkpoint
RP441: 9/11/2011 6:47:04 AM - System Checkpoint
RP442: 9/12/2011 7:47:09 AM - System Checkpoint
RP443: 9/13/2011 8:47:09 AM - System Checkpoint
RP444: 9/14/2011 3:00:18 AM - Software Distribution Service 3.0
RP445: 9/15/2011 3:47:08 AM - System Checkpoint
RP446: 9/16/2011 4:47:09 AM - System Checkpoint
RP447: 9/17/2011 5:47:09 AM - System Checkpoint
RP448: 9/17/2011 9:25:28 PM - Restore Operation
RP449: 9/17/2011 10:50:51 PM - Restore Operation
RP450: 9/18/2011 7:06:49 AM - Software Distribution Service 3.0
RP451: 9/18/2011 7:14:40 AM - Installed HiJackThis
RP452: 9/18/2011 7:34:10 AM - Restore Operation
RP453: 9/18/2011 7:44:47 AM - Removed HiJackThis
RP454: 9/19/2011 6:43:43 PM - Software Distribution Service 3.0
RP455: 9/20/2011 3:00:48 AM - Software Distribution Service 3.0
RP456: 9/21/2011 3:01:38 AM - Software Distribution Service 3.0
RP457: 9/21/2011 11:19:56 AM - Software Distribution Service 3.0
RP458: 9/21/2011 11:32:28 AM - Software Distribution Service 3.0
RP459: 9/21/2011 6:31:21 PM - Removed Adobe Reader 7.0
RP460: 9/21/2011 7:31:52 PM - Software Distribution Service 3.0
RP461: 9/21/2011 7:38:19 PM - Installed Windows Internet Explorer 8.
RP462: 9/21/2011 7:44:24 PM - Software Distribution Service 3.0
RP463: 9/21/2011 8:22:30 PM - Installed Adobe Reader X (10.1.1).
RP464: 9/21/2011 9:00:41 PM - Software Distribution Service 3.0
RP465: 9/21/2011 9:24:01 PM - Installed Java(TM) 7
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
AIM 6.0
Apple Application Support
Apple Software Update
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI Control Panel
ATI Display Driver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Canon iP6600D
Canon iP6600D Memory Card Utility
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
ContentManager
Coupon Printer for Windows
Desktop Dialer
Download Updater (AOL LLC)
DVD-RAM Driver
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 320 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.2
ESET Online Scanner v3
ESPNMotion
FATE
ffdshow [rev 2527] [2008-12-19]
GemMaster Mystic
GolfLogix Course Manager 3.5
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Deskjet 5700 Series
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 7
Lexmark 2300 Series
Lexmark Fax Solutions
Mah Jong Quest
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft WinUsb 2.0
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Office 2003 Trial Assistant
OpenOffice.org 3.2
Otto
P3ProSwing Commercial Version
Penguins!
Picasa 3
PL-2303 USB-to-Serial
Polar Bowler
Polar Golfer
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Rhapsody
SCRABBLE
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Sonic Encoders
Spybot - Search & Destroy 1.4
StreamTorrent 1.0
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
Toshiba Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Veetle TV 0.9.18
Verizon V CAST Media Manager
Viewpoint Media Player
WebFldrs XP
Windows Driver Package - Microsoft Internal (WDF:UMDF) (WUDFRd) USB (05/27/2008 6.0.6001.18000)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (07/08/2008 5.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
9/19/2011 9:25:58 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
9/19/2011 9:25:58 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
9/19/2011 7:23:26 PM, error: System Error [1003] - Error code 10000050, parameter1 e121f000, parameter2 00000000, parameter3 804d9a69, parameter4 00000001.
9/19/2011 7:09:50 PM, error: System Error [1003] - Error code 00000024, parameter1 001902fe, parameter2 ef33b8a4, parameter3 ef33b5a0, parameter4 f733e399.
9/19/2011 6:50:20 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/19/2011 6:48:15 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
9/17/2011 9:32:02 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/17/2011 9:31:56 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

jeffce

2011-09-22, 03:52

Hi Lori445,

This has been a really bad infection and I want to make sure it is gone before we do our cleanup. Please run TDSSKiller once more. If anything is detected please select Cure. Then post the log into your next reply. You are doing great!

Lori445

2011-09-22, 11:05

TDSSKiller Log: No threats found :yahoo:

2011/09/22 04:56:26.0703 3156 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 04:56:27.0078 3156 ================================================================================
2011/09/22 04:56:27.0078 3156 SystemInfo:
2011/09/22 04:56:27.0078 3156
2011/09/22 04:56:27.0078 3156 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/22 04:56:27.0078 3156 Product type: Workstation
2011/09/22 04:56:27.0078 3156 ComputerName: TOSHIBA-USER
2011/09/22 04:56:27.0078 3156 UserName: Owner
2011/09/22 04:56:27.0078 3156 Windows directory: C:\WINDOWS
2011/09/22 04:56:27.0078 3156 System windows directory: C:\WINDOWS
2011/09/22 04:56:27.0078 3156 Processor architecture: Intel x86
2011/09/22 04:56:27.0078 3156 Number of processors: 1
2011/09/22 04:56:27.0078 3156 Page size: 0x1000
2011/09/22 04:56:27.0078 3156 Boot type: Normal boot
2011/09/22 04:56:27.0078 3156 ================================================================================
2011/09/22 04:56:29.0640 3156 Initialize success
2011/09/22 04:57:09.0265 3800 ================================================================================
2011/09/22 04:57:09.0265 3800 Scan started
2011/09/22 04:57:09.0265 3800 Mode: Manual;
2011/09/22 04:57:09.0265 3800 ================================================================================
2011/09/22 04:57:12.0515 3800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 04:57:13.0375 3800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/22 04:57:14.0890 3800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 04:57:15.0750 3800 AegisP (accd563bf09c4659b54143fde633b57d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/22 04:57:16.0625 3800 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 04:57:18.0625 3800 AgereSoftModem (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/22 04:57:25.0031 3800 AR5211 (65b963f05458a7ee00473eb21ce3789d) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/22 04:57:28.0984 3800 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/22 04:57:29.0796 3800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 04:57:30.0656 3800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 04:57:33.0484 3800 ati2mtag (956c7ec3a9de96f785b829beb41e3c3e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/22 04:57:35.0578 3800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 04:57:36.0468 3800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 04:57:37.0437 3800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 04:57:38.0187 3800 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
2011/09/22 04:57:38.0921 3800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/22 04:57:40.0312 3800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/22 04:57:41.0093 3800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 04:57:42.0000 3800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 04:57:43.0531 3800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/22 04:57:44.0921 3800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/22 04:57:47.0812 3800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 04:57:49.0359 3800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 04:57:50.0921 3800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 04:57:51.0750 3800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 04:57:52.0515 3800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/22 04:57:54.0015 3800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/22 04:57:54.0953 3800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 04:57:55.0812 3800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/22 04:57:56.0609 3800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 04:57:57.0390 3800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/22 04:57:58.0234 3800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 04:57:59.0078 3800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 04:57:59.0890 3800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 04:58:00.0734 3800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 04:58:01.0625 3800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/22 04:58:02.0546 3800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/22 04:58:04.0265 3800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 04:58:06.0578 3800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 04:58:07.0437 3800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 04:58:12.0812 3800 IntcAzAudAddService (fc3a99650afe0b39fe1d214304a7d0d3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/22 04:58:18.0375 3800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/22 04:58:19.0187 3800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 04:58:19.0953 3800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 04:58:20.0703 3800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/22 04:58:21.0671 3800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 04:58:22.0578 3800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 04:58:23.0359 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 04:58:24.0156 3800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 04:58:24.0937 3800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 04:58:25.0781 3800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/22 04:58:26.0656 3800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 04:58:27.0687 3800 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/09/22 04:58:28.0656 3800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 04:58:30.0875 3800 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/09/22 04:58:31.0671 3800 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/09/22 04:58:32.0375 3800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/22 04:58:33.0140 3800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 04:58:34.0031 3800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 04:58:34.0796 3800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/22 04:58:35.0546 3800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 04:58:37.0187 3800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 04:58:38.0484 3800 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 04:58:39.0703 3800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 04:58:40.0453 3800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 04:58:41.0156 3800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 04:58:41.0875 3800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 04:58:42.0625 3800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 04:58:43.0562 3800 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 04:58:44.0671 3800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 04:58:45.0562 3800 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/22 04:58:46.0375 3800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/22 04:58:47.0156 3800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/22 04:58:47.0984 3800 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 04:58:48.0781 3800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/22 04:58:49.0718 3800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/22 04:58:50.0593 3800 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/09/22 04:58:51.0453 3800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 04:58:52.0703 3800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 04:58:53.0953 3800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 04:58:54.0781 3800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/22 04:58:55.0515 3800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/22 04:58:56.0328 3800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/22 04:58:57.0140 3800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 04:58:57.0890 3800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/22 04:58:58.0640 3800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 04:59:00.0093 3800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 04:59:00.0890 3800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/22 04:59:06.0000 3800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/22 04:59:06.0828 3800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/22 04:59:07.0593 3800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 04:59:08.0343 3800 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/22 04:59:09.0062 3800 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
2011/09/22 04:59:13.0531 3800 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
2011/09/22 04:59:14.0250 3800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/22 04:59:15.0046 3800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/22 04:59:15.0812 3800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/22 04:59:16.0578 3800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/22 04:59:17.0453 3800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/22 04:59:18.0312 3800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 04:59:19.0187 3800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/22 04:59:20.0218 3800 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 04:59:21.0250 3800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/22 04:59:22.0125 3800 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/09/22 04:59:22.0921 3800 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/09/22 04:59:23.0781 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 04:59:24.0562 3800 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/09/22 04:59:25.0375 3800 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/22 04:59:26.0218 3800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/22 04:59:27.0015 3800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 04:59:29.0093 3800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 04:59:29.0906 3800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 04:59:31.0031 3800 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 04:59:32.0140 3800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 04:59:32.0906 3800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 04:59:36.0781 3800 SynTP (21a8abc15f829baea7145c6f2cb108f5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/22 04:59:37.0703 3800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 04:59:38.0484 3800 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/09/22 04:59:39.0546 3800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/22 04:59:40.0593 3800 tdcmdpst (cc1d7bc6a3632c55ee6d8877e9b936f3) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/09/22 04:59:41.0406 3800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 04:59:42.0140 3800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 04:59:42.0968 3800 tdudf (09aa3cf863793f92276b39e74878c386) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/09/22 04:59:43.0796 3800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/22 04:59:45.0312 3800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 04:59:47.0140 3800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 04:59:48.0375 3800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/22 04:59:49.0156 3800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/22 04:59:49.0921 3800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 04:59:50.0750 3800 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/22 04:59:51.0500 3800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/22 04:59:52.0328 3800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/22 04:59:53.0046 3800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 04:59:53.0812 3800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 04:59:55.0250 3800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/22 04:59:56.0109 3800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 04:59:57.0000 3800 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/09/22 04:59:58.0140 3800 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/22 05:00:00.0078 3800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 05:00:01.0093 3800 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/09/22 05:00:01.0921 3800 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/09/22 05:00:02.0796 3800 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/22 05:00:03.0796 3800 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/22 05:00:04.0000 3800 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
2011/09/22 05:00:04.0406 3800 Boot (0x1200) (2d4956fca569ee5c0b7f3947ee0d9540) \Device\Harddisk0\DR0\Partition0
2011/09/22 05:00:04.0421 3800 ================================================================================
2011/09/22 05:00:04.0421 3800 Scan finished
2011/09/22 05:00:04.0421 3800 ================================================================================
2011/09/22 05:00:04.0453 1672 Detected object count: 0
2011/09/22 05:00:04.0453 1672 Actual detected object count: 0

jeffce

2011-09-22, 14:09

Hi Lori445,

No threats!! :rockon:
----------

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
(Note: There is a space between the ..X and the /U that needs to be there.)

http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
----------

AntiVirus Program

I noticed that you don't have an Antivirus program installed on your system. As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

I would recommend that you install one of these free Antivirus programs immediately. Just choose one:
Microsoft Security Essentials (http://www.microsoft.com/security/pc-security/mse.aspx)
Avast (http://www.avast.com/en-au/free-antivirus-download)

Firewall Program

If you have not already done so, turn on your Windows Firewall. Start > Control Panel > Windows Firewall > Select On > Ok

OR

If you would care to choose from a few free firewalls there are some, with the links, below. Just choose one:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
----------

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
**Do not install more than one firewall program because they will conflict with each other**

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Filehippo's Update Checker (http://www.filehippo.com/updatechecker/). It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.

7. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

8. WOT (http://www.mywot.com/), Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware (http://forum.malwareremoval.com/viewtopic.php?t=13)

10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Lori445

2011-09-23, 16:14

Jeff,
OK, I've followed your suggestions on updating my system to make it more secure. Everything seems to be running smoothly. Thank you so much for your patience and great advice. You guys are awesome! :bow:

Lori

jeffce

2011-09-23, 17:43

You are quite welcome. :bigthumb:

jeffce

2011-09-23, 17:52

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.