View Full Version : Trojan that deletes AV software
Well, It doesn't delete software, but it removes icons, and shuts down the computer when I try to run Malware Bytes or Spyware Doctor.
My son has contracted a virus while surfing porn. Apparently he downloaded combofix a couple of weeks ago. It will not run, or so he says. I tried to delete it, but it is set in Read Only and I cannot change that. Also, I downloaded Malwarebytes and attempted to run it. But, it only atarts to run than shuts down.
Lastly, I ran a program called Trojan Hunter on it. The virus does not seem to recognize this program as a threat, but it does not remove this virus. It removed files from Epson printer, Sunbelt Viper AV (expired), Java, System restore which is currently turned off and will not open, Adobe, spyware Dr., Combo Fix, and c:\32788R22FWJFW that cannot be deleted. This file was created when the virus took control.
What can I do from here, especially since he used Combofix and now can't?
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 21:41:49 on 2011-09-22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1044 [GMT -4:00]
.
AV: Sunbelt VIPRE *Enabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Sunbelt VIPRE *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\2556528678:3648495207.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~2\tools\iesdsg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~2\tools\iesdpb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [PopUpStopperFreeEdition] c:\progra~1\panicw~1\pop-up~1\PSFree.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~2\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: att.net\webauth
Trusted Zone: fortunerep.com\www
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2007-2-24 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2007-2-24 51072]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-5-12 13400]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-5-12 69720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-10 99376]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe --> c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [?]
S2 mrtRate;mrtRate; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-6-3 1251720]
.
=============== Created Last 30 ================
.
2011-09-23 01:09:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-23 01:09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 03:53:35 -------- d-----w- C:\ComboFix
2011-09-22 03:42:05 46080 ---ha-w- c:\windows\system32\dwwigpwd.dll
2011-09-18 07:34:37 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-08-17 20:23:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 05:41:03 411 -c--a-w- c:\windows\system.tmp
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 21:42:14.92 ===============
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
----------
RKill
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Do not reboot your computer after running rkill as the malware programs will start again.
----------
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
Double click the aswMBR icon to run it.
Vista and Windows 7 users right click the icon and choose "Run as administrator".
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png )
Click the image to enlarge it
---------
In your next reply please post the logs that were created by GMER and aswMBR. :)
Hello Jeff, I cannot find any button to subscribe to, so I assume that I have already done that . My son continued to try to "fix" it after I posted to you. He renamed the combofix program and ran it. Them he downloaded a trial virsion of Viper and then deleated that program, then ran Combofix again. I have included that stuff and took away his access to the computer until you do what ever you do. I am sorry, it seriously pisses me off that he kept screwing with it. Nothing else will be done on this computer until you give the all clear. Anyway, here are the two logs from his actions, and what I did as per your directions.
1st run;
ComboFix 11-09-22.04 - Owner 09/22/2011 23:01:27.18.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1218 [GMT -4:00]
Running from: H:\vageta.com
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB47343$\1831806209
c:\windows\$NtUninstallKB47343$\646472088\@
c:\windows\$NtUninstallKB47343$\646472088\click.tlb
c:\windows\$NtUninstallKB47343$\646472088\L\qaejgnvm
c:\windows\$NtUninstallKB47343$\646472088\loader.tlb
c:\windows\$NtUninstallKB47343$\646472088\U\@00000001
c:\windows\$NtUninstallKB47343$\646472088\U\@000000c0
c:\windows\$NtUninstallKB47343$\646472088\U\@000000cb
c:\windows\$NtUninstallKB47343$\646472088\U\@000000cf
c:\windows\$NtUninstallKB47343$\646472088\U\@80000000
c:\windows\$NtUninstallKB47343$\646472088\U\@800000c0
c:\windows\$NtUninstallKB47343$\646472088\U\@800000cb
c:\windows\$NtUninstallKB47343$\646472088\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\system32\
c:\windows\system32\c_27642.nls
c:\windows\system32\dwwigpwd.dll
c:\windows\system32\ikhcore.log
c:\windows\$NtUninstallKB47343$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_26886198
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 01:09 . 2011-09-23 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:09 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 07:34 . 2011-09-18 07:34 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 20:23 . 2011-06-13 23:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 05:41 . 2007-02-25 00:44 411 -c--a-w- c:\windows\system.tmp
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [5/12/2010 11:21 PM 13400]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 3:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 3:02 AM 3904]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [5/12/2010 11:21 PM 69720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/10/2008 10:59 PM 99376]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe --> c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [?]
S2 mrtRate;mrtRate; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: att.net\webauth
Trusted Zone: fortunerep.com\www
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-22 23:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5212)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-22 23:13:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-23 03:13
ComboFix2.txt 2011-09-18 01:28
ComboFix3.txt 2011-09-17 04:37
ComboFix4.txt 2011-07-28 02:23
ComboFix5.txt 2011-09-23 02:57
.
Pre-Run: 135,259,607,040 bytes free
Post-Run: 135,262,322,688 bytes free
.
- - End Of File - - 4C0058722841913A6D0CC11673ADE04B
2nd run;
ComboFix 11-09-22.04 - Administrator 09/23/2011 0:02.19.1 - x86 NETWORK
Running from: H:\vageta.com
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ikhcore.log
.
.
((((((((((((((((((((((((( Files Created from 2011-08-23 to 2011-09-23 )))))))))))))))))))))))))))))))
.
.
2011-09-23 03:11 . 2011-09-23 03:27 -------- d-----w- c:\windows\LastGood
2011-09-23 01:09 . 2011-09-23 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:09 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 07:34 . 2011-09-18 07:34 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 20:23 . 2011-06-13 23:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 05:41 . 2007-02-25 00:44 411 -c--a-w- c:\windows\system.tmp
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2011-09-23_03.10.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-12-15 02:11 . 2004-10-14 16:36 21504 c:\windows\$hf_mig$\KB885835\update\spcustom.dll
+ 2004-12-15 02:11 . 2004-10-14 15:36 21504 c:\windows\$hf_mig$\KB885835\update\spcustom.dll
- 2004-12-15 02:11 . 2004-10-14 16:34 7168 c:\windows\$hf_mig$\KB885835\spmsg.dll
+ 2004-12-15 02:11 . 2004-10-14 15:34 7168 c:\windows\$hf_mig$\KB885835\spmsg.dll
+ 2011-09-23 03:27 . 2009-06-25 08:44 724480 c:\windows\LastGood\system32\lsasrv.dll
+ 2011-09-23 03:27 . 2006-05-05 09:47 174592 c:\windows\LastGood\system32\DRIVERS\rdbss.sys
+ 2011-09-23 03:27 . 2010-02-24 12:31 454016 c:\windows\LastGood\system32\DRIVERS\mrxsmb.sys
+ 2011-09-23 03:27 . 2006-05-05 09:47 174592 c:\windows\LastGood\system32\DllCache\rdbss.sys
+ 2011-09-23 03:27 . 2010-02-24 12:31 454016 c:\windows\LastGood\system32\DllCache\mrxsmb.sys
+ 2011-09-23 03:27 . 2009-06-25 08:44 724480 c:\windows\LastGood\system32\DllCache\lsasrv.dll
+ 2011-09-23 03:27 . 2010-02-24 12:31 454016 c:\windows\LastGood\Driver Cache\i386\mrxsmb.sys
+ 2011-09-23 03:27 . 2004-10-28 01:14 174592 c:\windows\LastGood\$hf_mig$\KB885835\SP2QFE\rdbss.sys
+ 2011-09-23 03:27 . 2004-10-28 01:15 448128 c:\windows\LastGood\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
+ 2011-09-23 03:27 . 2004-10-28 01:28 721920 c:\windows\LastGood\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
- 2004-12-15 02:11 . 2004-10-14 16:34 654848 c:\windows\$hf_mig$\KB885835\update\update.exe
+ 2004-12-15 02:11 . 2004-10-14 15:34 654848 c:\windows\$hf_mig$\KB885835\update\update.exe
- 2004-12-15 02:11 . 2004-10-14 16:36 169984 c:\windows\$hf_mig$\KB885835\spuninst.exe
+ 2004-12-15 02:11 . 2004-10-14 15:36 169984 c:\windows\$hf_mig$\KB885835\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RecordNow!"=
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-01-04 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
R2 mrtRate;mrtRate; [x]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-01-04 69720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-02 99376]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - klmd21
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-23 00:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-09-23 00:07:25
ComboFix-quarantined-files.txt 2011-09-23 04:07
ComboFix2.txt 2011-09-23 03:13
ComboFix3.txt 2011-09-18 01:28
ComboFix4.txt 2011-09-17 04:37
ComboFix5.txt 2011-09-23 04:00
.
Pre-Run: 136,840,933,376 bytes free
Post-Run: 136,824,389,632 bytes free
.
- - End Of File - - 3EDC079D124CB7BAF552A0EC9840B834
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 09/23/2011 at 20:16:44.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
Rkill completed on 09/23/2011 at 20:16:47.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-23 23:22:35
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y160P0 rev.YAR41BW0
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fwldqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB982B340, 0xFFF7F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x238C20, 0xF8000020]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2444] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet004\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
---- EOF - GMER 1.0.15 ----
swMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-23 23:22:52
-----------------------------
23:22:52.500 OS Version: Windows 5.1.2600 Service Pack 2
23:22:52.500 Number of processors: 1 586 0x408
23:22:52.500 ComputerName: BILLSR UserName: Owner
23:22:52.953 Initialize success
23:23:07.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:23:07.093 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
23:23:09.109 Disk 0 MBR read successfully
23:23:09.109 Disk 0 MBR scan
23:23:09.109 Disk 0 unknown MBR code
23:23:09.125 Disk 0 scanning sectors +320150880
23:23:09.406 Disk 0 scanning C:\WINDOWS\system32\drivers
23:23:53.421 Service scanning
23:23:54.312 Modules scanning
23:24:50.203 Disk 0 trace - called modules:
23:24:50.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:24:50.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a1eaab8]
23:24:50.250 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000064[0x8a25b280]
23:24:50.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a1d8940]
23:24:50.750 Scan finished successfully
23:25:36.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:25:36.546 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Hi wmbeyer,
I cannot find any button to subscribe toSorry about that...look at the top of this topic and there is a button that says Thread Tools. Press that and then select Subscribe to this thread. That should do it. :)
----------
Thank you for the logs that I needed. Please do not do anything else with your system (especially running ComboFix as improper use of this tool can make your system completely inoperable) as this infection you have on your system is particularly nasty. Please read below...
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
If you would like to continue with the cleaning please continue with the following instructions and I will be more than happy to help. :)
----------
I would like for you to run DDS once more and then post both of the logs created into your next reply so that I can get a fresh look at what your system looks like.
----------
Please delete the version of ComboFix that you have on your system by using Righ-click > Delete. Now download a fresh copy of ComboFix from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) and save it directly to your Desktop. Go ahead and run ComboFix and when completed there will be a log that I will need you to post into your next reply.
In your next reply please post both of the logs created by DDS and the logs created by ComboFix. :)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 1:08:26 on 2011-09-25
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1134 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [PopUpStopperFreeEdition] c:\progra~1\panicw~1\pop-up~1\PSFree.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: att.net\webauth
Trusted Zone: fortunerep.com\www
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-10 99376]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; [x]
S2 mrtRate;mrtRate; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-6-3 1251720]
.
=============== Created Last 30 ================
.
2011-09-23 01:09:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-23 01:09:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-18 07:34:37 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-08-17 20:23:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 05:41:03 411 -c--a-w- c:\windows\system.tmp
2006-11-21 23:51:54 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 1:09:14.15 ===============
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2004 1:46:47 PM
System Uptime: 9/24/2011 2:20:05 PM (11 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Diablo
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1994/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 148 GiB total, 125.666 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.947 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP462: 9/16/2011 3:42:38 AM - System Checkpoint
RP463: 9/17/2011 12:44:20 AM - Made by Regsofts
RP464: 9/17/2011 12:48:57 AM - Made by Regsofts
RP465: 9/17/2011 10:49:24 PM - Made by Regsofts
RP466: 9/17/2011 10:53:14 PM - Made by Regsofts
RP467: 9/17/2011 10:55:46 PM - Made by Regsofts
RP468: 9/19/2011 1:44:26 AM - System Checkpoint
RP469: 9/20/2011 6:08:51 AM - System Checkpoint
RP470: 9/22/2011 1:05:23 AM - Removed VIPRE Antivirus Premium.
RP471: 9/22/2011 11:26:49 PM - Software Distribution Service 3.0
RP472: 9/23/2011 12:38:16 AM - Made by Regsofts
RP473: 9/23/2011 12:41:05 AM - Made by Regsofts
RP474: 9/23/2011 12:42:37 AM - Made by Regsofts
RP475: 9/23/2011 12:58:31 AM - Made by Regsofts
RP476: 9/23/2011 1:00:19 AM - Made by Regsofts
RP477: 9/23/2011 1:05:59 AM - Installed VIPRE Antivirus.
RP478: 9/23/2011 2:55:05 AM - Removed VIPRE Antivirus.
RP479: 9/24/2011 3:59:10 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Acrobat.com
Acronis*PrivacyExpert
Active@ Password Changer Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.1)
AiO_Scan
AIOMinimal
AiOSoftware
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft ShowBiz 2
ArcSoft Software Suite
CafeScribe Offline
Calculator Powertoy for Windows XP
CCleaner
CheckIt Diagnostics
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compaq Connections
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
Director
DocProc
Enhanced Multimedia Keyboard Solution
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ERUNT 1.1j
Fax
Free Window Registry Repair
GdiplusUpgrade
GoToMeeting 4.1.0.366
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Macromedia Shockwave Player
Mah Jong Tiles Deluxe
Malwarebytes' Anti-Malware version 1.51.2.1300
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office PowerPoint 2003 Template Creation Wizard
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MS Access 97 SP2
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyScribe
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PerformanceTest v5.0
PhotoGallery
PhotoshopdotcomInspirationBrowser
Photosmart 140,240,7200,7600,7700,7900 Series
Pop-Up Stopper Free Edition
PrintScreen
Professor Answers
Professor Teaches Excel 2003
Professor Teaches PowerPoint 2003
Professor Teaches Word 2003
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
Readme
RealPlayer
RecordNow!
RegCure
Registrar Registry Manager 4.03
Registrar Registry Manager 4.03 (Lite Edition)
Scan
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Series 6 Drill and Practice
SkinsHP1
SkinsHP2
Sonic Update Manager
Spybot - Search & Destroy
Sybase SQL Anywhere 7 Personal Server
Symantec KB-DocID:2003093015493306
System Security Suite 1.04
Top Comp Calculator
TrayApp
TrojanHunter 5.3
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Viewpoint Media Player (Remove Only)
Virtual Magnifying Glass v3.4
WebFldrs XP
WebReg
Westell Firmware Upgrade
Westwood Shared Internet Components
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
WinPatrol 2009
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
9/23/2011 12:55:09 AM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the path specified.
9/23/2011 12:55:09 AM, error: Service Control Manager [7000] - The NVIDIA Driver Helper Service service failed to start due to the following error: The system cannot find the path specified.
9/23/2011 12:55:09 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
9/23/2011 12:55:09 AM, error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
9/22/2011 9:58:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/22/2011 9:57:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/22/2011 9:48:19 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
9/22/2011 9:48:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The NVIDIA Driver Helper Service service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 9:47:59 AM, error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 9:06:29 PM, error: WMPNetworkSvc [14322] - Service 'WMPNetworkSvc' did not start correctly because MFStartup encountered error '0xc00d36ef'. If possible, reinstall Windows Media Player.
9/22/2011 5:54:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/22/2011 4:46:44 PM, error: Dhcp [1002] - The IP address lease 192.168.54.1 for the Network Card with network address 000EA664C943 has been denied by the DHCP server 192.168.54.254 (The DHCP Server sent a DHCPNACK message).
9/22/2011 3:55:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
9/22/2011 12:58:20 AM, error: Service Control Manager [7000] - The SB Recovery Service service failed to start due to the following error: The system cannot find the file specified.
9/22/2011 12:55:52 AM, error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 12:55:52 AM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 12:55:52 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 12:55:52 AM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 12:55:52 AM, error: Service Control Manager [7034] - The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
9/22/2011 11:00:53 PM, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The system cannot find the file specified.
9/22/2011 11:00:53 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The system cannot find the file specified.
9/22/2011 11:00:53 PM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The system cannot find the file specified.
9/22/2011 10:01:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/22/2011 1:04:25 AM, error: Service Control Manager [7000] - The VIPRE Antivirus Premium service failed to start due to the following error: Access is denied.
9/22/2011 1:04:25 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
9/21/2011 11:50:58 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/21/2011 11:46:37 PM, error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
ComboFix 11-09-24.04 - Owner 09/25/2011 1:12.22.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1157 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Security 6-23\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-25 to 2011-09-25 )))))))))))))))))))))))))))))))
.
.
2011-09-23 04:09 . 2011-09-23 04:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-09-23 01:09 . 2011-09-23 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:09 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 07:34 . 2011-09-18 07:34 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 20:23 . 2011-06-13 23:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 05:41 . 2007-02-25 00:44 411 -c--a-w- c:\windows\system.tmp
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 3:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 3:02 AM 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/10/2008 10:59 PM 99376]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; [x]
S2 mrtRate;mrtRate; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: att.net\webauth
Trusted Zone: fortunerep.com\www
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-25 01:16
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1620)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-25 01:18:05
ComboFix-quarantined-files.txt 2011-09-25 05:18
ComboFix2.txt 2011-09-23 07:50
ComboFix3.txt 2011-09-23 06:52
ComboFix4.txt 2011-09-23 04:07
ComboFix5.txt 2011-09-25 05:11
.
Pre-Run: 134,915,289,088 bytes free
Post-Run: 134,898,909,184 bytes free
.
- - End Of File - - 4C6C650ABF98AB844A4C3EA30C264A15
Hi wmbeyer,
Please disable WinPatrol
Right click on the "Scotty Dog" icon in your system tray and select "Exit Program".
----------
Go to Start > Control Panel > Add/Remove Programs > delete this -->Viewpoint Media Player
----------
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
DDS::
Trusted Zone: att.net\webauth
Trusted Zone: fortunerep.com\www
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com\download
File::
c:\windows\system32\drivers\sbredrv.sys
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
Driver::
SBRE
AdobeActiveFileMonitor7.0
mrtRate
Symantec Core LC
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
----------
Hello Jeff, I had to work today, so I am a little late getting back to you. I have done as you asked. Thanks
ComboFix 11-09-26.01 - Owner 09/26/2011 1:28.23.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1145 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Security 6-23\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\Security 6-23\CFScript.txt
.
FILE ::
"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe"
"c:\windows\system32\drivers\sbredrv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ADOBEACTIVEFILEMONITOR7.0
-------\Legacy_MRTRATE
-------\Legacy_SBRE
-------\Legacy_SYMANTEC_CORE_LC
-------\Service_AdobeActiveFileMonitor7.0
-------\Service_mrtRate
-------\Service_SBRE
-------\Service_Symantec Core LC
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-23 04:09 . 2011-09-23 04:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-09-23 01:09 . 2011-09-23 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:09 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 07:34 . 2011-09-18 07:34 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 20:23 . 2011-06-13 23:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-28 05:41 . 2007-02-25 00:44 411 -c--a-w- c:\windows\system.tmp
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 3:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 3:02 AM 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/10/2008 10:59 PM 99376]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 01:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-26 01:38:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-26 05:38
ComboFix2.txt 2011-09-25 05:18
ComboFix3.txt 2011-09-23 07:50
ComboFix4.txt 2011-09-23 06:52
ComboFix5.txt 2011-09-26 05:28
.
Pre-Run: 134,899,621,888 bytes free
Post-Run: 134,883,454,976 bytes free
.
- - End Of File - - 6F9BCFA088F25248BECE30AD7C97E84F
Hi wmbeyer,
I had to work today, so I am a little late getting back to you.It is not a problem at all. If you need more time just let me know and I can keep the topic open. :)
----------
1. Close any open browsers.
2. Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
RegNull::
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
No need to delay. i just won't have the ability to answer as fast as i get e-mail. Anyway, on the desk top I now have an icon with a small windows media player arrow on it called MBR.dat that was not there before. In addition, the hijack this is no longer an icon with the dynamite. Should this be deleted?
Here is the log after running your last script.
ComboFix 11-09-26.02 - Owner 09/26/2011 20:33:21.24.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1164 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Security 6-23\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\Security 6-23\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-23 04:09 . 2011-09-23 04:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-09-23 01:09 . 2011-09-23 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:09 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 07:34 . 2011-09-18 07:34 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 20:23 . 2011-06-13 23:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 3:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 3:02 AM 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/10/2008 10:59 PM 99376]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 20:38
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-26 20:39:35
ComboFix-quarantined-files.txt 2011-09-27 00:39
ComboFix2.txt 2011-09-26 05:38
ComboFix3.txt 2011-09-25 05:18
ComboFix4.txt 2011-09-23 07:50
ComboFix5.txt 2011-09-27 00:32
.
Pre-Run: 134,852,968,448 bytes free
Post-Run: 134,837,501,952 bytes free
.
- - End Of File - - 81BD00C1E0AB19BD6FAD273F6EB28638
on the desk top I now have an icon with a small windows media player arrow on it called MBR.dat that was not there before. In addition, the hijack this is no longer an icon with the dynamite. Should this be deleted?No those are fine. :) I will be back soon with what to do next.
Hi wmbeyer,
c:\documents and settings\Owner\Desktop\Security 6-23\ComboFix.exeI notice that you have a folder on your Desktop that you are run ComboFix from? If you would, please go ahead and just move the ComboFix icon directly onto your Desktop.
----------
Lets rerun the previous step with ComboFix...
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
REGNULL::
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe (it should be your Desktop now)
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
----------
ComboFix 11-09-27.01 - Owner 09/27/2011 16:16:17.25.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1175 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Security 6-23\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-23 04:09 . 2011-09-23 04:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-09-23 01:09 . 2011-09-23 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-23 01:09 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 07:34 . 2011-09-18 07:34 -------- d-----w- c:\program files\CafeScribe Offline
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-17 20:23 . 2011-06-13 23:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-11-21 23:51 . 2006-11-21 23:52 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PopUpStopperFreeEdition"=c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"hpsysdrv"=c:\windows\system\hpsysdrv.exe
"KBD"=c:\hp\KBD\KBD.EXE
"LTMSG"=LTMSG.exe 7
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"THGuard"="c:\program files\TrojanHunter 5.3\THGuard.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ccpm_0237.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [6/3/2005 3:02 AM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [6/3/2005 3:02 AM 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/10/2008 10:59 PM 99376]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://qus10.hpwis.com/
mSearch Bar = hxxp://srch-qus10.hpwis.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 16:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1730167982-1273179249-2621698179-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-09-27 16:21:53
ComboFix-quarantined-files.txt 2011-09-27 20:21
ComboFix2.txt 2011-09-27 00:39
ComboFix3.txt 2011-09-26 05:38
ComboFix4.txt 2011-09-25 05:18
ComboFix5.txt 2011-09-27 20:14
.
Pre-Run: 134,831,136,768 bytes free
Post-Run: 134,815,825,920 bytes free
.
- - End Of File - - 52A294374B61979185CACB5C9B3E0C20
Hi wmbeyer,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
OTL logfile created on: 9/28/2011 8:26:07 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.50 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 77.32% Memory free
2.85 Gb Paging File | 2.72 Gb Available in Paging File | 95.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.51 Gb Total Space | 125.55 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
Drive D: | 5.14 Gb Total Space | 0.95 Gb Free Space | 18.44% Space Free | Partition Type: FAT32
Drive H: | 7.53 Gb Total Space | 7.52 Gb Free Space | 99.81% Space Free | Partition Type: FAT32
Computer Name: BILLSR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll ()
========== Win32 Services (SafeList) ==========
SRV - (SDhelper) -- File not found
SRV - (NVSvc) -- File not found
SRV - (JavaQuickStarterService) -- File not found
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
========== Driver Services (SafeList) ==========
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (snapman) -- C:\WINDOWS\System32\DRIVERS\snapman.sys (Acronis)
DRV - (MAPMEM) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS ()
DRV - (BCMNTIO) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS ()
DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (nvcap) nVidia WDM Video Capture (universal) -- C:\WINDOWS\system32\drivers\nvcap.sys ()
DRV - (NVXBAR) -- C:\WINDOWS\system32\drivers\nvxbar.sys (NVIDIA Corporation)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation )
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?s=https&r0=1276167334
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2011/09/26 01:35:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PopUpStopperFreeEdition] C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (Panicware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00}: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\smile.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Pictures\smile.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/11 06:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/28 20:24:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/28 20:18:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/09/28 20:18:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/27 16:21:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/09/25 01:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\second logs
[2011/09/25 01:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\first logs
[2011/09/22 21:09:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/22 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/18 03:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\CafeScribe Offline
[2011/09/18 02:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ethics
[2011/09/18 02:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Biology
[2011/09/18 02:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mangerial Accounting
[2011/09/18 02:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Business Calc
[2006/11/21 19:52:08 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/28 20:24:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/28 19:09:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/28 19:09:05 | 1609,945,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 16:11:10 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2011/09/26 23:37:41 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2011/09/26 01:35:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/23 23:25:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/22 21:09:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 15:33:31 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.bak
[2011/09/21 03:50:39 | 000,001,538 | ---- | M] () -- C:\WINDOWS\System32\CountBlockedByFirewall.XML
[2011/09/18 03:34:37 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CafeScribe Offline.lnk
[2011/09/18 03:34:29 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\com.Follett.CafeScribe.Offline_state.xml
[2011/09/17 21:26:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110922-175058.backup
[2011/09/17 21:14:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/09/14 09:45:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/27 16:11:10 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.exe.lnk
[2011/09/23 23:25:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/09/23 00:34:34 | 1609,945,088 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/22 22:58:45 | 000,454,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mrxsmb.svs
[2011/09/22 21:09:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/18 03:34:29 | 000,000,377 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\com.Follett.CafeScribe.Offline_state.xml
[2011/09/17 21:14:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/07/27 22:14:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/27 22:14:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/27 22:14:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/27 22:14:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/27 22:14:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/27 21:52:50 | 000,012,084 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\306m286c3ht12fbhr40333q55j27e0i1ue06
[2011/07/27 21:52:50 | 000,012,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\306m286c3ht12fbhr40333q55j27e0i1ue06
[2011/07/13 03:00:59 | 000,013,004 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\d8cuhn4b277pj1vnbjoj5h37u7j
[2011/07/13 03:00:59 | 000,013,004 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d8cuhn4b277pj1vnbjoj5h37u7j
[2011/06/14 19:16:43 | 000,013,764 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\o65qw5qxmp45w71w2010773
[2011/06/14 19:16:43 | 000,013,764 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o65qw5qxmp45w71w2010773
[2011/06/05 17:16:40 | 000,012,054 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\8f2gvu11wnj076224dw377dm
[2011/06/05 17:16:40 | 000,012,054 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8f2gvu11wnj076224dw377dm
[2011/05/17 23:34:21 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\m2647CgIbCbK8588
[2011/02/15 19:44:56 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Statdisk.prefs
[2010/05/14 01:32:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\worldbuilder.INI
[2010/05/07 10:29:01 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\netstat.bat
[2010/04/20 23:03:36 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/09/11 10:57:10 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2009/09/10 03:07:16 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/17 22:38:18 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/06/17 22:38:18 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/06/17 22:36:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2008/02/28 15:30:08 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/15 00:01:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/04/13 00:57:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/04/11 19:36:11 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/09 19:58:24 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2006/03/09 19:58:24 | 000,090,151 | ---- | C] () -- C:\WINDOWS\System32\rrsec2k.exe
[2006/03/08 23:46:46 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\AdFirewall.SYS
[2006/02/13 22:38:41 | 000,007,512 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/13 22:38:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/06/06 15:01:41 | 000,004,156 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2005/06/02 19:32:41 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2005/06/02 19:32:25 | 000,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/06/02 11:50:42 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2005/06/02 11:50:42 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2005/06/02 11:50:42 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2005/06/02 11:50:42 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2005/06/02 11:50:42 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2005/06/02 11:50:42 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2005/06/02 11:50:42 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2005/06/02 11:50:42 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2005/06/02 11:50:42 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2005/06/02 11:50:42 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2005/05/09 20:16:57 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/05/09 20:16:57 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/05/09 20:15:50 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/03/23 22:58:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/01/02 19:44:42 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/01/02 19:44:29 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2005/01/02 19:44:29 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2005/01/02 19:44:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/01/02 19:44:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2005/01/02 19:37:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4600.ini
[2005/01/02 00:32:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/11/29 19:58:20 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2004/09/27 09:16:55 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/21 21:50:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\FTSL.INI
[2004/07/06 10:23:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/06/19 14:38:22 | 000,000,395 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/06/19 13:52:43 | 000,000,744 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/06/16 17:59:28 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\faboot.exe
[2004/05/10 20:55:25 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2004/05/10 20:55:19 | 000,002,140 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2004/04/02 22:49:59 | 000,001,402 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/04/02 22:23:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2004/04/02 16:55:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/04/02 16:52:22 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2004/04/02 15:13:34 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\nvuaudio.exe
[2004/04/02 15:09:09 | 000,001,181 | ---- | C] () -- C:\WINDOWS\System32\imbrmute.ini
[2004/03/22 11:42:36 | 000,811,008 | ---- | C] () -- C:\WINDOWS\System32\MYCALC.DLL
[2003/11/15 04:23:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/15 04:23:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/15 04:23:16 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/15 04:23:16 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/15 04:22:31 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/15 04:22:28 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/11/15 03:57:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/15 03:57:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/15 03:57:39 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/08 01:34:36 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\PURGEDRM.dll
[2003/10/14 09:52:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 09:35:01 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/11 08:51:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/10/11 08:50:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/10/11 08:50:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/10/11 08:47:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 08:45:41 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 08:42:56 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66L.exe
[2003/10/11 08:40:57 | 000,029,222 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 08:40:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 08:40:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 08:29:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 08:16:42 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/11 07:34:34 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/11 07:34:21 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/11 07:34:21 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/11 07:25:05 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/11 07:25:05 | 000,028,885 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/11 07:08:49 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/11 07:07:05 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/11 07:05:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/11 07:05:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/11 06:47:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/11 06:39:21 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/11 06:39:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/11 06:39:04 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/11 06:19:00 | 000,000,905 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/11 06:17:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/11 06:14:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/11 06:06:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/11 06:06:18 | 000,463,448 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/11 06:06:18 | 000,078,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/11 03:10:46 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/11 03:10:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 02:45:39 | 000,001,648 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/10 23:10:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 23:09:39 | 000,177,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/23 04:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/08 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
[2000/01/28 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/01/28 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
========== LOP Check ==========
[2006/02/13 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/06/17 22:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/10/11 21:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/02/10 16:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2004/07/07 13:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FullAudio
[2006/08/02 20:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/12/26 02:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/12/11 12:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/11 13:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/09/24 16:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/21 00:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2007/03/29 22:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2004/04/02 16:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acronis
[2011/08/22 18:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blackboard
[2011/01/05 18:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Centra
[2011/08/22 18:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Collaborate
[2011/08/23 11:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.Follett.CafeScribe.Offline
[2008/10/12 10:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/09/11 10:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2011/05/16 05:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2006/02/13 22:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Individual Software
[2003/10/14 09:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/04/23 12:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/06/03 04:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IsolatedStorage
[2004/04/23 12:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/01/06 20:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyScribe
[2003/10/11 09:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2005/01/17 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/04/21 00:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrojanHunter
[2007/03/29 22:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2010/05/07 00:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2011/09/28 07:30:09 | 000,030,600 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF54F1CA
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA029835
< End of report >
OTL Extras logfile created on: 9/28/2011 8:26:07 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.50 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 77.32% Memory free
2.85 Gb Paging File | 2.72 Gb Available in Paging File | 95.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.51 Gb Total Space | 125.55 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
Drive D: | 5.14 Gb Total Space | 0.95 Gb Free Space | 18.44% Space Free | Partition Type: FAT32
Drive H: | 7.53 Gb Total Space | 7.52 Gb Free Space | 99.81% Space Free | Partition Type: FAT32
Computer Name: BILLSR | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe" = C:\WINDOWS\Downloaded Program Files\ccpm_0237.exe:*:Enabled:ccpm_exe Module -- ()
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{155FBB0D-0EE9-42D1-9E41-15E08F691033}" = Microsoft Producer for Microsoft Office PowerPoint 2003
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39B1915D-3CBA-42F8-8A58-2AB5587BF863}" = Microsoft Office PowerPoint 2003 Template Creation Wizard
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{463A1D1B-BE4E-F4E0-4C97-538F47578CA0}" = CafeScribe Offline
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7148F0A8-6813-11D6-A77B-00B0D0142180}" = Java 2 Runtime Environment, SE v1.4.2_18
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003
"{90AB0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DF15059E-A356-47B2-B14B-6380ED32AB68}" = Microsoft Baseline Security Analyzer 1.2.1
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC713618-78C4-4563-9105-B9B503E8A86F}" = Top Comp Calculator
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE31A29F-B6E3-4678-8A6F-19F1819A7F52}" = Series 6 Drill and Practice
"Active@ Password Changer Professional" = Active@ Password Changer Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BellSouth® FastAccess® DSL Westell WireSpeed Update_is1" = Westell Firmware Upgrade
"CCleaner" = CCleaner
"CheckIt Diagnostics" = CheckIt Diagnostics
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Follett.CafeScribe.Offline" = CafeScribe Offline
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Free Window Registry Repair" = Free Window Registry Repair
"HijackThis" = HijackThis 1.99.0
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InterActual Player" = InterActual Player
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Mah Jong Tiles Deluxe" = Mah Jong Tiles Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MyScribe" = MyScribe
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"PerformanceTest_is1" = PerformanceTest v5.0
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Pop-Up Stopper Free Edition" = Pop-Up Stopper Free Edition
"PrivacyExpert" = Acronis*PrivacyExpert
"Professor Answers" = Professor Answers
"Professor Teaches Excel 2003" = Professor Teaches Excel 2003
"Professor Teaches PowerPoint 2003" = Professor Teaches PowerPoint 2003
"Professor Teaches Word 2003" = Professor Teaches Word 2003
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"RegCure" = RegCure
"Registrar Registry Manager (Lite Edition)_is1" = Registrar Registry Manager 4.03
"Registrar Registry Manager 4.03 (Lite Edition)" = Registrar Registry Manager 4.03 (Lite Edition)
"Secunia PSI" = Secunia PSI
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"Sybase SQL Anywhere 7 Personal Server" = Sybase SQL Anywhere 7 Personal Server
"System Security Suite 1.04" = System Security Suite 1.04
"TrojanHunter_is1" = TrojanHunter 5.3
"Tweak UI 2.10" = Tweak UI
"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPatrol" = WinPatrol 2009
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/22/2011 1:02:46 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:02:47 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:12 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:13 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:15 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:45 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11706
Description = Product: VIPRE Antivirus Premium -- Error 1706.No valid source could
be found for product VIPRE Antivirus Premium. The Windows Installer cannot continue.
Error - 9/22/2011 1:04:12 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11706
Description = Product: VIPRE Antivirus Premium -- Error 1706.No valid source could
be found for product VIPRE Antivirus Premium. The Windows Installer cannot continue.
Error - 9/22/2011 1:04:25 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11706
Description = Product: VIPRE Antivirus Premium -- Error 1706.No valid source could
be found for product VIPRE Antivirus Premium. The Windows Installer cannot continue.
Error - 9/26/2011 1:17:53 AM | Computer Name = BILLSR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/26/2011 1:17:56 AM | Computer Name = BILLSR | Source = Application Hang | ID = 1001
Description = Fault bucket 1878916232.
[ Application Events ]
Error - 9/22/2011 1:02:46 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:02:47 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:12 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:13 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:15 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11500
Description = Product: VIPRE Antivirus Premium -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.
Error - 9/22/2011 1:03:45 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11706
Description = Product: VIPRE Antivirus Premium -- Error 1706.No valid source could
be found for product VIPRE Antivirus Premium. The Windows Installer cannot continue.
Error - 9/22/2011 1:04:12 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11706
Description = Product: VIPRE Antivirus Premium -- Error 1706.No valid source could
be found for product VIPRE Antivirus Premium. The Windows Installer cannot continue.
Error - 9/22/2011 1:04:25 AM | Computer Name = BILLSR | Source = MsiInstaller | ID = 11706
Description = Product: VIPRE Antivirus Premium -- Error 1706.No valid source could
be found for product VIPRE Antivirus Premium. The Windows Installer cannot continue.
Error - 9/26/2011 1:17:53 AM | Computer Name = BILLSR | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/26/2011 1:17:56 AM | Computer Name = BILLSR | Source = Application Hang | ID = 1001
Description = Fault bucket 1878916232.
[ System Events ]
Error - 9/28/2011 5:54:05 AM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058
Error - 9/28/2011 5:54:05 AM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Driver Helper Service service failed to start due to the
following error: %%3
Error - 9/28/2011 5:54:05 AM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058
Error - 9/28/2011 5:54:05 AM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The PC Tools Spyware Doctor service failed to start due to the following
error: %%3
Error - 9/28/2011 7:09:43 PM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The EPSON V3 Service4(01) service failed to start due to the following
error: %%3
Error - 9/28/2011 7:09:43 PM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3
Error - 9/28/2011 7:09:43 PM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058
Error - 9/28/2011 7:09:43 PM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Driver Helper Service service failed to start due to the
following error: %%3
Error - 9/28/2011 7:09:43 PM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058
Error - 9/28/2011 7:09:43 PM | Computer Name = BILLSR | Source = Service Control Manager | ID = 7000
Description = The PC Tools Spyware Doctor service failed to start due to the following
error: %%3
< End of report >
Hi wmbeyer,
Please download ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
[2005/03/23 22:58:46 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
2004/07/21 21:50:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\FTSL.INI
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[clearallrestorepoints]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
C:\WINDOWS\DEBUGSM.INI moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes
User: LocalService
->Temp folder emptied: 69932 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 34795 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1354 bytes
User: Owner
->Temp folder emptied: 338996 bytes
->Temporary Internet Files folder emptied: 1760160 bytes
->Java cache emptied: 35471606 bytes
->Flash cache emptied: 714 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 20669 bytes
%systemroot%\System32 .tmp files removed: 4005393 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35218 bytes
RecycleBin emptied: 110576 bytes
Total Files Cleaned = 40.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 09292011_160810
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Hi wmbeyer,
Good job running that OTL fix. :bigthumb:
I see that you already have Malwarebytes on your system. Please open that program, Update it and then run Quick Scan. There will be a log produced that I will need in your next reply.
----------
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish
http://www.eset.com/onlinescan/
----------
In your next reply please post the logs created by Malwarebytes and ESET Online Scanner. :)
Malware Bytes and Eset found different viruses
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7837
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
9/30/2011 7:45:10 PM
mbam-log-2011-09-30 (19-45-10).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 283192
Time elapsed: 29 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\dwwigpwd.dll.vir (Backdoor.Papras) -> Quarantined and deleted successfully.
ESet Scan
C:\WINDOWS\system32\drivers\mrxsmb.svs Win32/Rootkit.Agent.NUT trojan
Hi wmbeyer,
The entry that Malwarebytes is actually already quarantined by ComboFix and we will be removing that when we uninstall ComboFix. :)
Let's get rid of that other though...
Go to Start > Run > type cmd > press Enter. This will open the command prompt. I would like for you to copy/paste the following bolded text into the command prompt and press Enter.
del C:\WINDOWS\system32\drivers\mrxsmb.svs /f /q
----------
I notice that you are using Windows XP with Service Pack 2. The most recent version of Windows XP is Service Pack 3. Please open Internet Explorer and go to Tools > Windows Update and then download and install all updates.
----------
Please download JavaRa (http://raproducts.org/click/click.php?id=1) to your desktop and unzip it to its own
folder
Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista), pick the language of your choice and click Select. Then
click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista) again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest
Java Runtime Environment (JRE) version for your computer.
----------
I would like for you to run DDS once more and post both of the logs that are created into your next reply.
Well I stopped after trying to install service pack 3. I was able to perform the deletion from the run command. However, after downloading service pack 3 i was directed to install 99 security and other updates. All of the updates failed. Below is what the site posted after failure. Should I attempt to go back to having just service pack 2? Should I continue on with the rest of your instructions?
It says that I didn't accept the end user agreement, I did. It says that I don't have enough disc space which isn't true. It also says that my automatic update is running, which it isn't. Please advise.
Review Your Installation Results
The software upgrade is complete
You can now use the website to find and install the latest updates for your computer.
Continue
More high-priority updates are available
Your computer might be at risk until you install them. Check for the remaining updates and install them now.
Restart now to finish installing updates
Your computer will not be up to date until you restart it. Please save any open files, photos or documents and restart now.
Installation Summary
Successful: 0
Failed: 99
Remaining: 0
--------------------------------------------------------------------------------
Successful Updates
--------------------------------------------------------------------------------
Failed Updates
For help installing an update successfully, see the solution under each problem description.
Problem: End User License Agreement (EULA) Not Accepted
Solution: Check for updates again and wait while you install updates. You will be asked to accept the EULA before any updates with a EULA can be installed.
Problem: Not Enough Disk Space
Solution: To make more space available, run the Disk Cleanup tool or uninstall any programs that you don’t use. For directions, see Help and Support on your computer.
Problem: Automatic Updates is currently installing updates
Solution: Please wait until Automatic Updates is complete and then check your update history. At that time, if the update has failed to install, you can try installing it from the website.
Note: To view Automatic Updates progress, click the updating icon in your System Tray.
Problem: Please check your update history for a description.
Problem: A problem on your computer is preventing updates from being downloaded or installed
Solution: To fix the problem, try installing the updates again. If that doesn't work, use the Troubleshooter to try solve the problem.
Microsoft Windows XP
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Update for Windows XP (KB951978)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB950974)
Update for Windows XP (KB952287)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB973815)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB969059)
Update for Windows XP (KB973687)
Update for Windows XP (KB970430)
Update for Windows XP (KB971737)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Update for Windows XP (KB955759)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB975558)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB2296011)
Update for Windows XP (KB2345886)
Security Update for Windows XP (KB2378111)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB2360937)
Security Update for Microsoft .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241)
Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 x86 (KB2416473)
Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2393802)
Update for Windows XP (KB971029)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2506212)
Cumulative Security Update for ActiveX Killbits for Windows XP (KB2508272)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2535512)
Security Update for .NET Framework 2.0 SP2 and 3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2518864)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2503665)
Security Update for Internet Explorer 7 for Windows XP (KB2544521)
Update for Windows XP (KB2541763)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2507938)
Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2559049)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2566454)
Update Rollup for ActiveX Killbits for Windows XP (KB2562937)
Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2539631)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2536276)
Update for Windows XP (KB2570791)
Security Update for Windows XP (KB2570947)
Update for Windows XP (KB2616676)
Windows Malicious Software Removal Tool - September 2011 (KB890830)
Microsoft Visual Studio 2005
Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)
Microsoft Office 2003
Microsoft Office File Validation Add-in
--------------------------------------------------------------------------------
Remaining High-Priority Updates
Your computer might be at risk until you install all high-priority updates. These updates help protect against security threats and performance problems.
--------------------------------------------------------------------------------
To review all updates you’ve installed from this website or by turning on automatic updating on your computer, see your update history.
Prior to down loading service pack 3, I tried to update my comp. at that time, I was told that I only needed Microsoft offc validationn add-in
and windows malicious software removal tool - Sept 2011 (KB890830)
Neither update would download, but it didn't list any reason, enen though it told me to look for the reason. It just said that something was wrong with my computer and to run troubleshooter. It won't start either.
When my computer restarted my watchdog program popped up with a request to allow a new start up program. Since it is a dims file I have left is as is, neither approving or rejecting permission.
This file C:\WINDOWS\system32\dimsntfy.dll in particular can be harmless but it can also allow a trojan to be loaded with multiple programs. I am unsure as to weather or not my watch dog can actually stop this file even if I select no. I feel like when I added windows service pack 3, I opened a bigger problem.
Hi wmbeyer,
No we do not want to stay with just Windows XP with Service Pack 2. That will leave many security vulnerabilities on your system.
Please go ahead and completely uninstall Spybot S-D for the time being. We will put it back on when we are finished. :)
----------
Disable WinPatrol
Right Click the 'Scotty Dog' icon in the system tray
Click Options
At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
Click the X in the upper right corner to end program.
Right Click the 'Scotty Dog' icon in the system tray again.
Click Exit Program
Reboot your machine for the changes to take effect.
----------
Go here (http://support.microsoft.com/mats/windows_security_diagnostic/en-us?entrypoint=lightbox) and use the Microsoft Fix It button and that should help with the download and installation problems.
----------
Once you get that completed try to install the updates and let me know how that works for you. It may take some time as these things can be tricky at times so please be patient. :)
success in downloading and installing service pack 3 along with essentials. deleted essentials since I could not turn it off. updates successfuls as well.
Success with removing old java rte, however it will not update. I get error code "internal error 2753, regutils.dll".
Also, Spybot is not completely deleted. A short cut icon remains on desktop as well as on all programs list.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 22:55:17 on 2011-10-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.941 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?s=https&r0=1276167334
uDefault_Search_URL =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page =
mSearch Bar =
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
TCP: Interfaces\{60578A1D-F672-4C15-B767-65A2E2E0CF00} : DhcpNameServer = 192.168.60.2 192.168.60.3 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2005-6-3 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2005-6-3 3904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-10 99376]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
.
=============== Created Last 30 ================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/2/2004 1:46:47 PM
System Uptime: 10/1/2011 10:53:07 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Diablo
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 754 | 1995/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 148 GiB total, 123.272 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.947 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Acrobat.com
Acronis*PrivacyExpert
Active@ Password Changer Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album Starter Edition
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.1)
AiO_Scan
AIOMinimal
AiOSoftware
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft ShowBiz 2
ArcSoft Software Suite
CafeScribe Offline
Calculator Powertoy for Windows XP
CCleaner
CheckIt Diagnostics
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Compaq Connections
Compatibility Pack for the 2007 Office system
Copy
CreativeProjects
Director
DocProc
Enhanced Multimedia Keyboard Solution
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ERUNT 1.1j
ESET Online Scanner v3
Fax
Free Window Registry Repair
GdiplusUpgrade
GoToMeeting 4.1.0.366
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 Runtime Environment, SE v1.4.2_18
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Macromedia Shockwave Player
Mah Jong Tiles Deluxe
Malwarebytes' Anti-Malware version 1.51.2.1300
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 1.2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office PowerPoint 2003 Template Creation Wizard
Microsoft Office PowerPoint 2003 Template Pack 1
Microsoft Office PowerPoint 2003 Template Pack 2
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Producer for Microsoft Office PowerPoint 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MS Access 97 SP2
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyScribe
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PerformanceTest v5.0
PhotoGallery
PhotoshopdotcomInspirationBrowser
Photosmart 140,240,7200,7600,7700,7900 Series
Pop-Up Stopper Free Edition
PrintScreen
Professor Answers
Professor Teaches Excel 2003
Professor Teaches PowerPoint 2003
Professor Teaches Word 2003
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
Readme
RealPlayer
RecordNow!
RegCure
Registrar Registry Manager 4.03
Registrar Registry Manager 4.03 (Lite Edition)
Scan
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Series 6 Drill and Practice
SkinsHP1
SkinsHP2
Sonic Update Manager
Sybase SQL Anywhere 7 Personal Server
Symantec KB-DocID:2003093015493306
System Security Suite 1.04
Top Comp Calculator
TrayApp
TrojanHunter 5.3
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
Virtual Magnifying Glass v3.4
WebFldrs XP
WebReg
Westell Firmware Upgrade
Westwood Shared Internet Components
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinPatrol 2009
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
9/26/2011 1:31:28 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/25/2011 3:49:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The PC Tools Spyware Doctor service failed to start due to the following error: The system cannot find the path specified.
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The NVIDIA Driver Helper Service service failed to start due to the following error: The system cannot find the path specified.
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
9/25/2011 3:49:16 AM, error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================
Hi there,
Great job getting this done. You are doing very well. :)
Lets deal with the Java error. Please use the following instructions and it should fix that up.
Let's try to get Java uninstalled comepletely and install the newest version.
If you are able, uninstall all previous versions of Java in Add/Remove Programs in your Control Panel.
Next, you may download the current version of Java here: http://java.com/en/download/manual.jsp
(I recommend that you use the offline installer version.)
Please download and run this automated tool to fix the Java MSI problem on all versions of windows: JavaMSIFix (http://forums.whatthetech.com/index.php?autocom=downloads&showfile=41)
Now you may install the version of Java that you had downloaded in the previous steps.
----------
Let me know how that works for you. :bigthumb:
Jeff, I cannot delte the following:
Java 2c runtime Environment, SE v1.4.2_06
Java Auto Updater
Java(TM) 6 Update 20
therefor I cannot use the connections that you suggest
Hi wmbeyer,
Sometimes Java can be tough to uninstall. Lets try this...
Download Revo Uninstaller (http://www.revouninstaller.com/revo_uninstaller_free_download.html)
Double click the installation file on the desktop to run the installer.
Let it install to the default location.
Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.
Locate the program you are uninstalling
<Java 2c runtime Environment, SE v1.4.2_06
Java Auto Updater
Java(TM) 6 Update 20>
Right Click the Icon then choose Uninstall.
Click yes to the warning and choose the Uninstall Mode
Choose the Advanced option and then click Next.
This will launch the programs built in uninstaller. Be patient it can take several seconds.
Once the uninstaller is done click Next.
Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
Once this scan is done click Next.
You will then be presented of the leftover entries found by Revo Uninstaller
Look at ALL of the entries to ensure they relate to the uninstall.
Next click Select All > Delete to remove the entries.
Click Next.
If there are any program file folders left over you will be presented with a list to be removed.
Again look at ALL of the entries to ensure they are related to the uninstall.
Click Select All > Delete to remove the entries.
Click Finish to go back to the uninstall list.
Close the program
----------
Let me know how that works. :)
After the cleaner, I was able to get the latest version of JRE installed. Whats next?
How is your system running now? Your logs are looking good. Are there any remaining issues that you are experiencing?
3 things.
1st, May I delete the MBR.dat shortcut from my desktop. What is it?
2nd, May I delete Hijack this
3rd, My internet slows down quickly. When it does, I am using 99% of my CPU capacity according to the task manager. I would love to know why that happens.
Hi wmbeyer,
MBR.dat is from one of the tools that we had run earlier. We need to keep that for now. That file along with HijackThis will be removed when we clean our tools off later. :)
To be quite honest, the infection that you had is one of the worst ones we have seen running right now and is very difficult to remove.
Please attempt to run aswMBR.exe again and post the new log into your next reply. Believe me things are looking better than they were before. We just have some items wanting to hang on. :)
Hi Jeff, I know that this is a tough one. I can usually deal with the run of the mill crap, but this one I am worried that I will eventually have to re-install my OS. I really appreciate everything that you are doing.
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-04 00:05:13
-----------------------------
00:05:13.078 OS Version: Windows 5.1.2600 Service Pack 3
00:05:13.078 Number of processors: 1 586 0x408
00:05:13.078 ComputerName: BILLSR UserName: Owner
00:05:13.421 Initialize success
00:08:46.828 AVAST engine defs: 11100301
00:09:14.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:09:14.234 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
00:09:16.250 Disk 0 MBR read successfully
00:09:16.250 Disk 0 MBR scan
00:09:16.281 Disk 0 unknown MBR code
00:09:16.281 Disk 0 scanning sectors +320150880
00:09:16.375 Disk 0 scanning C:\WINDOWS\system32\drivers
00:09:27.546 Service scanning
00:09:28.703 Modules scanning
00:09:36.968 Disk 0 trace - called modules:
00:09:36.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:09:36.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3d3ab8]
00:09:36.984 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a3ec598]
00:09:37.484 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a3d5940]
00:09:37.859 AVAST engine scan C:\WINDOWS
00:09:42.328 AVAST engine scan C:\WINDOWS\system32
00:11:26.187 AVAST engine scan C:\WINDOWS\system32\drivers
00:11:38.906 AVAST engine scan C:\Documents and Settings\Owner
00:14:46.171 AVAST engine scan C:\Documents and Settings\All Users
00:16:58.000 Scan finished successfully
00:17:49.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
00:17:49.953 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Hi wmbeyer,
Please download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
----------
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:Files
ipconfig /flushdns /c
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
@=""
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
In your next reply please post the logs created by MBRCheck and OTL. :)
There was an unknown code
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000bd
Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9F0E000 fasttx2k.sys
0xB9EF6000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB9ED6000 fltmgr.sys
0xB9EC4000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EAD000 KSecDD.sys
0xB9E20000 Ntfs.sys
0xB9DF3000 NDIS.sys
0xBA338000 viaagp1.sys
0xB9DE2000 snapman.sys
0xBA108000 SISAGPX.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xBA340000 nv_agp.sys
0xB9DC8000 Mup.sys
0xBA138000 agp440.sys
0xBA360000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB9D36000 \SystemRoot\System32\DRIVERS\parport.sys
0xBA168000 \SystemRoot\System32\DRIVERS\serial.sys
0xBA54C000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA178000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xBA378000 \SystemRoot\System32\DRIVERS\PS2.sys
0xBA380000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xBA390000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB9D12000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xBA398000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBA188000 \SystemRoot\System32\DRIVERS\NVENET.sys
0xB9AE5000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xB9AC1000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xB9A9E000 \SystemRoot\system32\drivers\ks.sys
0xBA1A8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xBA3A8000 \SystemRoot\system32\drivers\Afc.sys
0xBA3B8000 \SystemRoot\System32\Drivers\MxlW2k.SYS
0xBA1B8000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xBA564000 \SystemRoot\system32\drivers\pfc.sys
0xBA1C8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB9A03000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xBA3D8000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1E8000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xB982B000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB9817000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBA1F8000 \SystemRoot\System32\DRIVERS\processr.sys
0xBA741000 \SystemRoot\System32\DRIVERS\audstub.sys
0xBA208000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xBA578000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB9800000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xBA218000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xBA228000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xBA400000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB97C7000 \SystemRoot\System32\DRIVERS\psched.sys
0xBA238000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xBA410000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xBA420000 \SystemRoot\System32\DRIVERS\raspti.sys
0xBA248000 \SystemRoot\System32\DRIVERS\termdd.sys
0xBA428000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xBA5B0000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB9769000 \SystemRoot\System32\DRIVERS\update.sys
0xBA58C000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA268000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xBA5B4000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xBA440000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xBA5C0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA787000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5C4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA460000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xBA468000 \SystemRoot\System32\drivers\vga.sys
0xBA5C8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA488000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB97DC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB0569000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB0510000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB04E8000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB04C2000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB0610000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB04A0000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB0608000 \SystemRoot\System32\DRIVERS\srvkp.sys
0xB03D5000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB0365000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0307000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xBA4A8000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xB02C3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB029E000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xBA388000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xBA318000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB99F3000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB05C4000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB99E3000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB05BC000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xB05B4000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB0252000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB023A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5DC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB059C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6EA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3D0000 \SystemRoot\System32\ATMFD.DLL
0xAFC64000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xAF48F000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA2F8000 \SystemRoot\system32\drivers\sysaudio.sys
0xAFBD8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA64E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xAFA30000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xBA7EA000 \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
0xAF032000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA699000 \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
0xAFDE2000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xBA358000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xAEE9A000 \SystemRoot\System32\DRIVERS\srv.sys
0xAEAFF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 21):
0 System Idle Process
4 System
408 C:\WINDOWS\system32\smss.exe
656 csrss.exe
680 C:\WINDOWS\system32\winlogon.exe
728 C:\WINDOWS\system32\services.exe
740 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1112 C:\WINDOWS\system32\svchost.exe
1192 svchost.exe
1224 svchost.exe
1460 C:\WINDOWS\system32\spoolsv.exe
1528 C:\WINDOWS\explorer.exe
1724 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1740 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1872 C:\WINDOWS\system32\svchost.exe
1956 C:\WINDOWS\system32\svchost.exe
444 wmpnetwk.exe
1892 alg.exe
2828 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`49754000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41BW0
Size Device Name MBR Status
--------------------------------------------
152 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6661067B21B4865F9CDD7839FBE84588AEDD87C4
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\@|"" /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 46148330 bytes
->Temporary Internet Files folder emptied: 206190 bytes
->Java cache emptied: 1120760 bytes
->Flash cache emptied: 57858 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39667546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8228 bytes
Total Files Cleaned = 83.00 mb
OTL by OldTimer - Version 3.2.29.1 log created on 10042011_164609
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Hi wmbeyer,
The MBR code that was found looks like it is going to be a custom MBR from maybe HP. It is ok though. :bigthumb:
----------
You are using Internet Explorer 7 and the most recent is Internet Explorer 9. I would recommend updating your Internet Explorer to version 8 as version 9 still seems to have some bugs in it. You can update it by going here (http://www.microsoft.com/download/en/details.aspx?id=43).
----------
After running that last OTL fix how is your system running? I am not seeing anymore malware in your logs. :)
It seems to run ok except when I go to some sites for instance. My howe page is Yahoo. When I go to the news stories, it takes longer and longer to load. On some sites my computer practcally freezes. If I go to Fox news, the ame thing happens. Is it my computer, or is it the site? I can update to 8, I just don't like the way it works. But if I have to, I will
BTW, I used Malware bytes flie assasin to delete the Hijack this file. I was not able to open it, or delete it. Not even with Revo Uninstaller. I did it before I ran OTL.
If you think that everything is ok now, I am going to get some new AV software. Is there one that you like better than another, or are you allowed to give those kinds of opinions?
Hi,
When I go to the news stories, it takes longer and longer to load.Is this happening with all of your browsers? If you only use Internet Explorer try Firefox or Google Chrome and see if the same is happening there as well.
----------
Yes updating your Internet Explorer is very important. Your Windows updates go through Windows Explorer and if it is out of date it could leave security vulnerabilities on your system that could lead to later infection.
----------
I notice that you have used Norton products before and there are some remnants on your system that we could remove. Sometimes that will effect the performance of your system. You can run the tool found here (ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe) and it will remove all of those extra files.
----------
When I was looking over your logs that you posted originally I noticed that you were using an outdated version of Vipre Antivirus. You need to update that or you can try either of these that are very low on using your system's resources:
Microsoft Security Essentials (http://www.microsoft.com/security/pc-security/mse.aspx)
Avast (http://www.avast.com/en-au/free-antivirus-download)
If you decide to use one of these from above be sure to uninstall Vipre Antivirus before installing either of these.
----------
Let's get one more scan to be sure this infection is gone shall we...
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
02:44:47.0390 0488 TDSS rootkit removing tool 2.6.5.0 Oct 5 2011 20:52:46
02:44:47.0718 0488 ============================================================
02:44:47.0718 0488 Current date / time: 2011/10/06 02:44:47.0718
02:44:47.0718 0488 SystemInfo:
02:44:47.0718 0488
02:44:47.0718 0488 OS Version: 5.1.2600 ServicePack: 3.0
02:44:47.0718 0488 Product type: Workstation
02:44:47.0718 0488 ComputerName: BILLSR
02:44:47.0718 0488 UserName: Owner
02:44:47.0718 0488 Windows directory: C:\WINDOWS
02:44:47.0718 0488 System windows directory: C:\WINDOWS
02:44:47.0718 0488 Processor architecture: Intel x86
02:44:47.0718 0488 Number of processors: 1
02:44:47.0718 0488 Page size: 0x1000
02:44:47.0718 0488 Boot type: Normal boot
02:44:47.0718 0488 ============================================================
02:44:49.0453 0488 Initialize success
02:44:51.0359 0616 ============================================================
02:44:51.0359 0616 Scan started
02:44:51.0359 0616 Mode: Manual;
02:44:51.0359 0616 ============================================================
02:44:52.0359 0616 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
02:44:52.0359 0616 Aavmker4 - ok
02:44:52.0437 0616 Abiosdsk - ok
02:44:52.0484 0616 abp480n5 - ok
02:44:52.0562 0616 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:44:52.0562 0616 ACPI - ok
02:44:52.0656 0616 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:44:52.0656 0616 ACPIEC - ok
02:44:52.0703 0616 adpu160m - ok
02:44:52.0781 0616 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:44:52.0781 0616 aec - ok
02:44:52.0859 0616 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
02:44:52.0859 0616 Afc - ok
02:44:52.0921 0616 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
02:44:52.0921 0616 AFD - ok
02:44:53.0031 0616 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
02:44:53.0031 0616 AFS2K - ok
02:44:53.0156 0616 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
02:44:53.0156 0616 agp440 - ok
02:44:53.0203 0616 Aha154x - ok
02:44:53.0296 0616 aic78u2 - ok
02:44:53.0343 0616 aic78xx - ok
02:44:53.0515 0616 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:44:53.0609 0616 ALCXWDM - ok
02:44:53.0750 0616 AliIde - ok
02:44:53.0953 0616 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:44:53.0953 0616 AmdK7 - ok
02:44:53.0984 0616 amsint - ok
02:44:54.0062 0616 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:44:54.0062 0616 Arp1394 - ok
02:44:54.0109 0616 asc - ok
02:44:54.0156 0616 asc3350p - ok
02:44:54.0187 0616 asc3550 - ok
02:44:54.0531 0616 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
02:44:54.0531 0616 Aspi32 - ok
02:44:54.0609 0616 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
02:44:54.0609 0616 aswFsBlk - ok
02:44:54.0703 0616 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
02:44:54.0703 0616 aswMon2 - ok
02:44:54.0781 0616 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
02:44:54.0781 0616 aswRdr - ok
02:44:54.0843 0616 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
02:44:54.0843 0616 aswSnx - ok
02:44:54.0921 0616 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
02:44:54.0921 0616 aswSP - ok
02:44:54.0984 0616 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
02:44:54.0984 0616 aswTdi - ok
02:44:55.0046 0616 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:44:55.0046 0616 AsyncMac - ok
02:44:55.0140 0616 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:44:55.0140 0616 atapi - ok
02:44:55.0171 0616 Atdisk - ok
02:44:55.0234 0616 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:44:55.0234 0616 Atmarpc - ok
02:44:55.0312 0616 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:44:55.0312 0616 audstub - ok
02:44:55.0406 0616 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
02:44:55.0406 0616 BCMNTIO - ok
02:44:55.0671 0616 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:44:55.0671 0616 Beep - ok
02:44:55.0765 0616 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:44:55.0765 0616 cbidf2k - ok
02:44:55.0859 0616 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:44:55.0859 0616 CCDECODE - ok
02:44:55.0890 0616 cd20xrnt - ok
02:44:55.0953 0616 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:44:55.0953 0616 Cdaudio - ok
02:44:56.0031 0616 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:44:56.0031 0616 Cdfs - ok
02:44:56.0125 0616 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:44:56.0125 0616 Cdrom - ok
02:44:56.0156 0616 Changer - ok
02:44:56.0203 0616 CmdIde - ok
02:44:56.0250 0616 Cpqarray - ok
02:44:56.0281 0616 dac2w2k - ok
02:44:56.0312 0616 dac960nt - ok
02:44:56.0390 0616 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:44:56.0390 0616 Disk - ok
02:44:56.0500 0616 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:44:56.0515 0616 dmboot - ok
02:44:56.0828 0616 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:44:56.0828 0616 dmio - ok
02:44:56.0921 0616 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:44:56.0921 0616 dmload - ok
02:44:56.0968 0616 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:44:56.0968 0616 DMusic - ok
02:44:57.0000 0616 dpti2o - ok
02:44:57.0046 0616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:44:57.0046 0616 drmkaud - ok
02:44:57.0109 0616 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:44:57.0125 0616 Fastfat - ok
02:44:57.0171 0616 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
02:44:57.0171 0616 fasttx2k - ok
02:44:57.0218 0616 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:44:57.0218 0616 Fdc - ok
02:44:57.0250 0616 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:44:57.0250 0616 Fips - ok
02:44:57.0281 0616 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:44:57.0281 0616 Flpydisk - ok
02:44:57.0343 0616 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:44:57.0359 0616 FltMgr - ok
02:44:57.0421 0616 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:44:57.0421 0616 Fs_Rec - ok
02:44:57.0468 0616 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:44:57.0468 0616 Ftdisk - ok
02:44:57.0515 0616 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:44:57.0515 0616 Gpc - ok
02:44:57.0562 0616 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:44:57.0562 0616 HidUsb - ok
02:44:57.0578 0616 hpn - ok
02:44:57.0640 0616 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:44:57.0640 0616 HTTP - ok
02:44:57.0671 0616 i2omgmt - ok
02:44:57.0687 0616 i2omp - ok
02:44:57.0718 0616 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:44:57.0734 0616 i8042prt - ok
02:44:57.0765 0616 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
02:44:57.0765 0616 ialm - ok
02:44:57.0812 0616 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:44:57.0812 0616 Imapi - ok
02:44:57.0843 0616 ini910u - ok
02:44:57.0890 0616 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
02:44:57.0890 0616 IntelIde - ok
02:44:57.0921 0616 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:44:57.0937 0616 ip6fw - ok
02:44:57.0968 0616 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:44:57.0984 0616 IpFilterDriver - ok
02:44:58.0015 0616 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:44:58.0015 0616 IpInIp - ok
02:44:58.0078 0616 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:44:58.0078 0616 IpNat - ok
02:44:58.0125 0616 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:44:58.0125 0616 IPSec - ok
02:44:58.0156 0616 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:44:58.0156 0616 IRENUM - ok
02:44:58.0203 0616 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:44:58.0203 0616 isapnp - ok
02:44:58.0234 0616 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:44:58.0234 0616 Kbdclass - ok
02:44:58.0265 0616 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:44:58.0265 0616 kbdhid - ok
02:44:58.0328 0616 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:44:58.0343 0616 kmixer - ok
02:44:58.0390 0616 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:44:58.0390 0616 KSecDD - ok
02:44:58.0421 0616 lbrtfdc - ok
02:44:58.0484 0616 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
02:44:58.0484 0616 ltmodem5 - ok
02:44:58.0593 0616 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
02:44:58.0593 0616 MAPMEM - ok
02:44:58.0875 0616 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:44:58.0875 0616 mnmdd - ok
02:44:58.0953 0616 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:44:58.0953 0616 Modem - ok
02:44:59.0015 0616 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:44:59.0015 0616 Mouclass - ok
02:44:59.0078 0616 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:44:59.0078 0616 mouhid - ok
02:44:59.0140 0616 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:44:59.0140 0616 MountMgr - ok
02:44:59.0187 0616 mraid35x - ok
02:44:59.0265 0616 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:44:59.0265 0616 MRxDAV - ok
02:44:59.0328 0616 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:44:59.0359 0616 MRxSmb - ok
02:44:59.0437 0616 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:44:59.0437 0616 Msfs - ok
02:44:59.0484 0616 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:44:59.0500 0616 MSKSSRV - ok
02:44:59.0531 0616 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:44:59.0531 0616 MSPCLOCK - ok
02:44:59.0578 0616 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:44:59.0578 0616 MSPQM - ok
02:44:59.0671 0616 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:44:59.0671 0616 mssmbios - ok
02:44:59.0718 0616 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:44:59.0718 0616 MSTEE - ok
02:44:59.0796 0616 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:44:59.0796 0616 Mup - ok
02:44:59.0859 0616 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
02:44:59.0859 0616 MxlW2k - ok
02:44:59.0921 0616 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:44:59.0921 0616 NABTSFEC - ok
02:45:00.0015 0616 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:45:00.0015 0616 NDIS - ok
02:45:00.0078 0616 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:45:00.0078 0616 NdisIP - ok
02:45:00.0156 0616 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:45:00.0156 0616 NdisTapi - ok
02:45:00.0203 0616 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:45:00.0218 0616 Ndisuio - ok
02:45:00.0281 0616 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:45:00.0296 0616 NdisWan - ok
02:45:00.0359 0616 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:45:00.0359 0616 NDProxy - ok
02:45:00.0437 0616 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:45:00.0437 0616 NetBIOS - ok
02:45:00.0500 0616 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:45:00.0500 0616 NetBT - ok
02:45:00.0578 0616 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:45:00.0593 0616 NIC1394 - ok
02:45:00.0671 0616 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:45:00.0671 0616 Npfs - ok
02:45:00.0750 0616 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:45:00.0781 0616 Ntfs - ok
02:45:00.0890 0616 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:45:00.0890 0616 Null - ok
02:45:00.0984 0616 nv (c36066ec30521cebaf52127027755798) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:45:01.0000 0616 nv - ok
02:45:01.0062 0616 nvax (b72cb24bb0e6b1ce17ee3e23946409b3) C:\WINDOWS\system32\drivers\nvax.sys
02:45:01.0078 0616 nvax - ok
02:45:01.0125 0616 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
02:45:01.0125 0616 nvcap - ok
02:45:01.0203 0616 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
02:45:01.0203 0616 NVENET - ok
02:45:01.0281 0616 nvnforce (8780eb5b1c5252993032988250beea8a) C:\WINDOWS\system32\drivers\nvapu.sys
02:45:01.0296 0616 nvnforce - ok
02:45:01.0375 0616 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
02:45:01.0375 0616 NVXBAR - ok
02:45:01.0453 0616 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
02:45:01.0453 0616 nv_agp - ok
02:45:01.0515 0616 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:45:01.0515 0616 NwlnkFlt - ok
02:45:01.0562 0616 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:45:01.0578 0616 NwlnkFwd - ok
02:45:01.0703 0616 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:45:01.0718 0616 ohci1394 - ok
02:45:01.0812 0616 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:45:01.0812 0616 Parport - ok
02:45:01.0890 0616 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:45:01.0890 0616 PartMgr - ok
02:45:01.0984 0616 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:45:01.0984 0616 ParVdm - ok
02:45:02.0062 0616 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:45:02.0062 0616 PCI - ok
02:45:02.0093 0616 PCIDump - ok
02:45:02.0156 0616 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:45:02.0171 0616 PCIIde - ok
02:45:02.0250 0616 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:45:02.0250 0616 Pcmcia - ok
02:45:02.0296 0616 PDCOMP - ok
02:45:02.0328 0616 PDFRAME - ok
02:45:02.0359 0616 PDRELI - ok
02:45:02.0390 0616 PDRFRAME - ok
02:45:02.0421 0616 perc2 - ok
02:45:02.0453 0616 perc2hib - ok
02:45:02.0531 0616 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
02:45:02.0546 0616 pfc - ok
02:45:02.0609 0616 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:45:02.0609 0616 PptpMiniport - ok
02:45:02.0703 0616 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:45:02.0703 0616 Processor - ok
02:45:02.0796 0616 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
02:45:02.0796 0616 Ps2 - ok
02:45:02.0906 0616 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:45:02.0906 0616 PSched - ok
02:45:02.0968 0616 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:45:02.0968 0616 PSI - ok
02:45:03.0062 0616 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:45:03.0062 0616 Ptilink - ok
02:45:03.0156 0616 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
02:45:03.0156 0616 PxHelp20 - ok
02:45:03.0203 0616 ql1080 - ok
02:45:03.0250 0616 Ql10wnt - ok
02:45:03.0296 0616 ql12160 - ok
02:45:03.0343 0616 ql1240 - ok
02:45:03.0390 0616 ql1280 - ok
02:45:03.0500 0616 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:45:03.0500 0616 RasAcd - ok
02:45:03.0625 0616 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:45:03.0625 0616 Rasl2tp - ok
02:45:03.0703 0616 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:45:03.0703 0616 RasPppoe - ok
02:45:03.0796 0616 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:45:03.0796 0616 Raspti - ok
02:45:03.0906 0616 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:45:03.0921 0616 Rdbss - ok
02:45:04.0015 0616 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:45:04.0015 0616 RDPCDD - ok
02:45:04.0109 0616 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
02:45:04.0109 0616 RDPWD - ok
02:45:04.0218 0616 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:45:04.0218 0616 redbook - ok
02:45:04.0312 0616 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
02:45:04.0312 0616 Revoflt - ok
02:45:04.0375 0616 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
02:45:04.0390 0616 rtl8139 - ok
02:45:04.0453 0616 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
02:45:04.0453 0616 S3Psddr - ok
02:45:04.0546 0616 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:45:04.0546 0616 Secdrv - ok
02:45:04.0609 0616 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:45:04.0609 0616 Serenum - ok
02:45:04.0703 0616 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:45:04.0703 0616 Serial - ok
02:45:04.0765 0616 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:45:04.0765 0616 Sfloppy - ok
02:45:04.0812 0616 Simbad - ok
02:45:04.0875 0616 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
02:45:04.0875 0616 SiS315 - ok
02:45:04.0953 0616 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
02:45:04.0953 0616 SISAGP - ok
02:45:05.0015 0616 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
02:45:05.0015 0616 SiSkp - ok
02:45:05.0078 0616 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:45:05.0078 0616 SLIP - ok
02:45:05.0140 0616 snapman (12176466f20b8568b6ea8622362e14c0) C:\WINDOWS\system32\DRIVERS\snapman.sys
02:45:05.0140 0616 snapman - ok
02:45:05.0187 0616 Sparrow - ok
02:45:05.0234 0616 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:45:05.0234 0616 splitter - ok
02:45:05.0312 0616 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:45:05.0312 0616 sr - ok
02:45:05.0390 0616 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:45:05.0390 0616 Srv - ok
02:45:05.0468 0616 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:45:05.0468 0616 streamip - ok
02:45:05.0531 0616 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:45:05.0531 0616 swenum - ok
02:45:05.0593 0616 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:45:05.0609 0616 swmidi - ok
02:45:05.0656 0616 symc810 - ok
02:45:05.0687 0616 symc8xx - ok
02:45:05.0718 0616 sym_hi - ok
02:45:05.0765 0616 sym_u3 - ok
02:45:05.0828 0616 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:45:05.0828 0616 sysaudio - ok
02:45:05.0906 0616 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:45:05.0921 0616 Tcpip - ok
02:45:05.0984 0616 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:45:05.0984 0616 TDPIPE - ok
02:45:06.0062 0616 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:45:06.0062 0616 TDTCP - ok
02:45:06.0125 0616 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:45:06.0125 0616 TermDD - ok
02:45:06.0156 0616 TosIde - ok
02:45:06.0203 0616 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:45:06.0203 0616 Udfs - ok
02:45:06.0234 0616 ultra - ok
02:45:06.0343 0616 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:45:06.0359 0616 Update - ok
02:45:06.0640 0616 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:45:06.0640 0616 usbccgp - ok
02:45:06.0750 0616 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:45:06.0750 0616 usbehci - ok
02:45:06.0859 0616 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:45:06.0859 0616 usbhub - ok
02:45:06.0921 0616 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:45:06.0921 0616 usbohci - ok
02:45:06.0984 0616 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:45:06.0984 0616 usbprint - ok
02:45:07.0031 0616 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:45:07.0031 0616 usbscan - ok
02:45:07.0093 0616 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:45:07.0093 0616 USBSTOR - ok
02:45:07.0156 0616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:45:07.0156 0616 usbuhci - ok
02:45:07.0203 0616 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:45:07.0203 0616 VgaSave - ok
02:45:07.0265 0616 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
02:45:07.0265 0616 viaagp1 - ok
02:45:07.0328 0616 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
02:45:07.0343 0616 viagfx - ok
02:45:07.0406 0616 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
02:45:07.0406 0616 ViaIde - ok
02:45:07.0468 0616 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:45:07.0468 0616 VolSnap - ok
02:45:07.0578 0616 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:45:07.0578 0616 Wanarp - ok
02:45:07.0609 0616 WDICA - ok
02:45:07.0703 0616 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:45:07.0703 0616 wdmaud - ok
02:45:07.0828 0616 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:45:07.0828 0616 WS2IFSL - ok
02:45:07.0906 0616 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:45:07.0906 0616 WSTCODEC - ok
02:45:07.0968 0616 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:45:07.0984 0616 WudfPf - ok
02:45:08.0078 0616 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
02:45:08.0078 0616 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
02:45:08.0140 0616 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
02:45:08.0140 0616 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
02:45:08.0156 0616 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
02:45:08.0171 0616 \Device\Harddisk0\DR0 - ok
02:45:08.0171 0616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
02:45:11.0625 0616 \Device\Harddisk1\DR3 - ok
02:45:11.0625 0616 Boot (0x1200) (3a0aae89c3228518566909278e6a6f7f) \Device\Harddisk0\DR0\Partition0
02:45:11.0625 0616 \Device\Harddisk0\DR0\Partition0 - ok
02:45:11.0640 0616 Boot (0x1200) (713ebd1d854715e92e9637cc3f6a93c1) \Device\Harddisk0\DR0\Partition1
02:45:11.0640 0616 \Device\Harddisk0\DR0\Partition1 - ok
02:45:11.0656 0616 Boot (0x1200) (737b075324a4f46ab50b0f930199e3b1) \Device\Harddisk1\DR3\Partition0
02:45:11.0656 0616 \Device\Harddisk1\DR3\Partition0 - ok
02:45:11.0656 0616 ============================================================
02:45:11.0656 0616 Scan finished
02:45:11.0656 0616 ============================================================
02:45:11.0671 0644 Detected object count: 0
02:45:11.0671 0644 Actual detected object count: 0
02:45:15.0015 0748 ============================================================
02:45:15.0015 0748 Scan started
02:45:15.0015 0748 Mode: Manual;
02:45:15.0015 0748 ============================================================
02:45:15.0328 0748 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
02:45:15.0328 0748 Aavmker4 - ok
02:45:15.0375 0748 Abiosdsk - ok
02:45:15.0406 0748 abp480n5 - ok
02:45:15.0484 0748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:45:15.0484 0748 ACPI - ok
02:45:15.0546 0748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:45:15.0546 0748 ACPIEC - ok
02:45:15.0593 0748 adpu160m - ok
02:45:15.0703 0748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:45:15.0703 0748 aec - ok
02:45:15.0765 0748 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
02:45:15.0765 0748 Afc - ok
02:45:15.0828 0748 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
02:45:15.0843 0748 AFD - ok
02:45:15.0890 0748 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
02:45:15.0890 0748 AFS2K - ok
02:45:15.0968 0748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
02:45:15.0968 0748 agp440 - ok
02:45:16.0000 0748 Aha154x - ok
02:45:16.0046 0748 aic78u2 - ok
02:45:16.0078 0748 aic78xx - ok
02:45:16.0203 0748 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
02:45:16.0234 0748 ALCXWDM - ok
02:45:16.0265 0748 AliIde - ok
02:45:16.0343 0748 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
02:45:16.0343 0748 AmdK7 - ok
02:45:16.0390 0748 amsint - ok
02:45:16.0453 0748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:45:16.0453 0748 Arp1394 - ok
02:45:16.0484 0748 asc - ok
02:45:16.0531 0748 asc3350p - ok
02:45:16.0562 0748 asc3550 - ok
02:45:16.0656 0748 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
02:45:16.0656 0748 Aspi32 - ok
02:45:16.0734 0748 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
02:45:16.0734 0748 aswFsBlk - ok
02:45:16.0828 0748 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
02:45:16.0828 0748 aswMon2 - ok
02:45:16.0890 0748 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
02:45:16.0906 0748 aswRdr - ok
02:45:16.0953 0748 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
02:45:16.0968 0748 aswSnx - ok
02:45:17.0031 0748 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
02:45:17.0031 0748 aswSP - ok
02:45:17.0093 0748 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
02:45:17.0093 0748 aswTdi - ok
02:45:17.0156 0748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:45:17.0156 0748 AsyncMac - ok
02:45:17.0250 0748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:45:17.0250 0748 atapi - ok
02:45:17.0281 0748 Atdisk - ok
02:45:17.0343 0748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:45:17.0343 0748 Atmarpc - ok
02:45:17.0406 0748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:45:17.0406 0748 audstub - ok
02:45:17.0515 0748 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
02:45:17.0515 0748 BCMNTIO - ok
02:45:17.0781 0748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:45:17.0781 0748 Beep - ok
02:45:17.0843 0748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:45:17.0843 0748 cbidf2k - ok
02:45:17.0906 0748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:45:17.0906 0748 CCDECODE - ok
02:45:17.0953 0748 cd20xrnt - ok
02:45:18.0000 0748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:45:18.0000 0748 Cdaudio - ok
02:45:18.0078 0748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:45:18.0078 0748 Cdfs - ok
02:45:18.0140 0748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:45:18.0156 0748 Cdrom - ok
02:45:18.0187 0748 Changer - ok
02:45:18.0234 0748 CmdIde - ok
02:45:18.0265 0748 Cpqarray - ok
02:45:18.0296 0748 dac2w2k - ok
02:45:18.0343 0748 dac960nt - ok
02:45:18.0421 0748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:45:18.0421 0748 Disk - ok
02:45:18.0531 0748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:45:18.0531 0748 dmboot - ok
02:45:18.0687 0748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:45:18.0687 0748 dmio - ok
02:45:18.0750 0748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:45:18.0750 0748 dmload - ok
02:45:18.0828 0748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:45:18.0828 0748 DMusic - ok
02:45:18.0875 0748 dpti2o - ok
02:45:18.0921 0748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:45:18.0921 0748 drmkaud - ok
02:45:19.0031 0748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:45:19.0031 0748 Fastfat - ok
02:45:19.0093 0748 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
02:45:19.0093 0748 fasttx2k - ok
02:45:19.0156 0748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:45:19.0156 0748 Fdc - ok
02:45:19.0203 0748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:45:19.0218 0748 Fips - ok
02:45:19.0265 0748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:45:19.0265 0748 Flpydisk - ok
02:45:19.0343 0748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
02:45:19.0343 0748 FltMgr - ok
02:45:19.0421 0748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:45:19.0421 0748 Fs_Rec - ok
02:45:19.0500 0748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:45:19.0500 0748 Ftdisk - ok
02:45:19.0562 0748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:45:19.0562 0748 Gpc - ok
02:45:19.0640 0748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:45:19.0640 0748 HidUsb - ok
02:45:19.0687 0748 hpn - ok
02:45:19.0750 0748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:45:19.0750 0748 HTTP - ok
02:45:19.0796 0748 i2omgmt - ok
02:45:19.0828 0748 i2omp - ok
02:45:19.0906 0748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:45:19.0906 0748 i8042prt - ok
02:45:19.0968 0748 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
02:45:19.0968 0748 ialm - ok
02:45:20.0046 0748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:45:20.0046 0748 Imapi - ok
02:45:20.0093 0748 ini910u - ok
02:45:20.0140 0748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
02:45:20.0140 0748 IntelIde - ok
02:45:20.0218 0748 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
02:45:20.0218 0748 ip6fw - ok
02:45:20.0281 0748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:45:20.0281 0748 IpFilterDriver - ok
02:45:20.0343 0748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:45:20.0343 0748 IpInIp - ok
02:45:20.0437 0748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:45:20.0437 0748 IpNat - ok
02:45:20.0484 0748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:45:20.0484 0748 IPSec - ok
02:45:20.0546 0748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:45:20.0546 0748 IRENUM - ok
02:45:20.0640 0748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:45:20.0640 0748 isapnp - ok
02:45:20.0703 0748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:45:20.0703 0748 Kbdclass - ok
02:45:20.0765 0748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:45:20.0765 0748 kbdhid - ok
02:45:20.0843 0748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:45:20.0843 0748 kmixer - ok
02:45:20.0906 0748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:45:20.0906 0748 KSecDD - ok
02:45:20.0953 0748 lbrtfdc - ok
02:45:21.0046 0748 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
02:45:21.0046 0748 ltmodem5 - ok
02:45:21.0156 0748 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
02:45:21.0156 0748 MAPMEM - ok
02:45:21.0406 0748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:45:21.0406 0748 mnmdd - ok
02:45:21.0484 0748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:45:21.0484 0748 Modem - ok
02:45:21.0546 0748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:45:21.0546 0748 Mouclass - ok
02:45:21.0625 0748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:45:21.0625 0748 mouhid - ok
02:45:21.0718 0748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:45:21.0718 0748 MountMgr - ok
02:45:21.0765 0748 mraid35x - ok
02:45:21.0875 0748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:45:21.0875 0748 MRxDAV - ok
02:45:21.0968 0748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:45:21.0968 0748 MRxSmb - ok
02:45:22.0046 0748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:45:22.0046 0748 Msfs - ok
02:45:22.0125 0748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:45:22.0125 0748 MSKSSRV - ok
02:45:22.0187 0748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:45:22.0187 0748 MSPCLOCK - ok
02:45:22.0250 0748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:45:22.0250 0748 MSPQM - ok
02:45:22.0312 0748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:45:22.0312 0748 mssmbios - ok
02:45:22.0375 0748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:45:22.0375 0748 MSTEE - ok
02:45:22.0453 0748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:45:22.0453 0748 Mup - ok
02:45:22.0515 0748 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
02:45:22.0515 0748 MxlW2k - ok
02:45:22.0578 0748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:45:22.0593 0748 NABTSFEC - ok
02:45:22.0671 0748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:45:22.0671 0748 NDIS - ok
02:45:22.0734 0748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:45:22.0734 0748 NdisIP - ok
02:45:22.0796 0748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:45:22.0796 0748 NdisTapi - ok
02:45:22.0859 0748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:45:22.0859 0748 Ndisuio - ok
02:45:22.0937 0748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:45:22.0937 0748 NdisWan - ok
02:45:23.0000 0748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:45:23.0000 0748 NDProxy - ok
02:45:23.0078 0748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:45:23.0078 0748 NetBIOS - ok
02:45:23.0140 0748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:45:23.0156 0748 NetBT - ok
02:45:23.0234 0748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:45:23.0234 0748 NIC1394 - ok
02:45:23.0296 0748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:45:23.0296 0748 Npfs - ok
02:45:23.0375 0748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:45:23.0375 0748 Ntfs - ok
02:45:23.0453 0748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:45:23.0453 0748 Null - ok
02:45:23.0546 0748 nv (c36066ec30521cebaf52127027755798) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:45:23.0546 0748 nv - ok
02:45:23.0640 0748 nvax (b72cb24bb0e6b1ce17ee3e23946409b3) C:\WINDOWS\system32\drivers\nvax.sys
02:45:23.0640 0748 nvax - ok
02:45:23.0703 0748 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys
02:45:23.0703 0748 nvcap - ok
02:45:23.0781 0748 NVENET (2afa043b0243137d0edc8cfb8305551b) C:\WINDOWS\system32\DRIVERS\NVENET.sys
02:45:23.0781 0748 NVENET - ok
02:45:23.0859 0748 nvnforce (8780eb5b1c5252993032988250beea8a) C:\WINDOWS\system32\drivers\nvapu.sys
02:45:23.0859 0748 nvnforce - ok
02:45:23.0937 0748 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys
02:45:23.0937 0748 NVXBAR - ok
02:45:24.0015 0748 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
02:45:24.0015 0748 nv_agp - ok
02:45:24.0078 0748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:45:24.0078 0748 NwlnkFlt - ok
02:45:24.0125 0748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:45:24.0125 0748 NwlnkFwd - ok
02:45:24.0218 0748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:45:24.0218 0748 ohci1394 - ok
02:45:24.0296 0748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:45:24.0296 0748 Parport - ok
02:45:24.0359 0748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:45:24.0359 0748 PartMgr - ok
02:45:24.0421 0748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:45:24.0421 0748 ParVdm - ok
02:45:24.0515 0748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:45:24.0515 0748 PCI - ok
02:45:24.0546 0748 PCIDump - ok
02:45:24.0609 0748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:45:24.0609 0748 PCIIde - ok
02:45:24.0718 0748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:45:24.0718 0748 Pcmcia - ok
02:45:24.0765 0748 PDCOMP - ok
02:45:24.0796 0748 PDFRAME - ok
02:45:24.0828 0748 PDRELI - ok
02:45:24.0859 0748 PDRFRAME - ok
02:45:24.0890 0748 perc2 - ok
02:45:24.0921 0748 perc2hib - ok
02:45:25.0000 0748 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
02:45:25.0015 0748 pfc - ok
02:45:25.0093 0748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:45:25.0093 0748 PptpMiniport - ok
02:45:25.0156 0748 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
02:45:25.0156 0748 Processor - ok
02:45:25.0234 0748 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
02:45:25.0234 0748 Ps2 - ok
02:45:25.0312 0748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:45:25.0312 0748 PSched - ok
02:45:25.0390 0748 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
02:45:25.0390 0748 PSI - ok
02:45:25.0453 0748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:45:25.0453 0748 Ptilink - ok
02:45:25.0531 0748 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
02:45:25.0531 0748 PxHelp20 - ok
02:45:25.0562 0748 ql1080 - ok
02:45:25.0593 0748 Ql10wnt - ok
02:45:25.0640 0748 ql12160 - ok
02:45:25.0687 0748 ql1240 - ok
02:45:25.0718 0748 ql1280 - ok
02:45:25.0765 0748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:45:25.0765 0748 RasAcd - ok
02:45:25.0859 0748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:45:25.0859 0748 Rasl2tp - ok
02:45:25.0921 0748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:45:25.0921 0748 RasPppoe - ok
02:45:26.0000 0748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:45:26.0000 0748 Raspti - ok
02:45:26.0078 0748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:45:26.0078 0748 Rdbss - ok
02:45:26.0156 0748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:45:26.0156 0748 RDPCDD - ok
02:45:26.0234 0748 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
02:45:26.0234 0748 RDPWD - ok
02:45:26.0312 0748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:45:26.0312 0748 redbook - ok
02:45:26.0390 0748 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
02:45:26.0390 0748 Revoflt - ok
02:45:26.0453 0748 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
02:45:26.0453 0748 rtl8139 - ok
02:45:26.0515 0748 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
02:45:26.0531 0748 S3Psddr - ok
02:45:26.0640 0748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:45:26.0640 0748 Secdrv - ok
02:45:26.0703 0748 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:45:26.0703 0748 Serenum - ok
02:45:26.0796 0748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:45:26.0796 0748 Serial - ok
02:45:26.0875 0748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:45:26.0875 0748 Sfloppy - ok
02:45:26.0921 0748 Simbad - ok
02:45:26.0984 0748 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
02:45:27.0000 0748 SiS315 - ok
02:45:27.0062 0748 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
02:45:27.0062 0748 SISAGP - ok
02:45:27.0125 0748 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
02:45:27.0125 0748 SiSkp - ok
02:45:27.0187 0748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:45:27.0187 0748 SLIP - ok
02:45:27.0265 0748 snapman (12176466f20b8568b6ea8622362e14c0) C:\WINDOWS\system32\DRIVERS\snapman.sys
02:45:27.0265 0748 snapman - ok
02:45:27.0312 0748 Sparrow - ok
02:45:27.0359 0748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:45:27.0359 0748 splitter - ok
02:45:27.0437 0748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:45:27.0437 0748 sr - ok
02:45:27.0515 0748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:45:27.0515 0748 Srv - ok
02:45:27.0593 0748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:45:27.0593 0748 streamip - ok
02:45:27.0656 0748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:45:27.0656 0748 swenum - ok
02:45:27.0734 0748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:45:27.0734 0748 swmidi - ok
02:45:27.0781 0748 symc810 - ok
02:45:27.0812 0748 symc8xx - ok
02:45:27.0843 0748 sym_hi - ok
02:45:27.0875 0748 sym_u3 - ok
02:45:27.0937 0748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:45:27.0937 0748 sysaudio - ok
02:45:28.0031 0748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:45:28.0031 0748 Tcpip - ok
02:45:28.0109 0748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:45:28.0109 0748 TDPIPE - ok
02:45:28.0156 0748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:45:28.0156 0748 TDTCP - ok
02:45:28.0234 0748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:45:28.0234 0748 TermDD - ok
02:45:28.0281 0748 TosIde - ok
02:45:28.0343 0748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:45:28.0359 0748 Udfs - ok
02:45:28.0390 0748 ultra - ok
02:45:28.0500 0748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:45:28.0500 0748 Update - ok
02:45:28.0609 0748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:45:28.0609 0748 usbccgp - ok
02:45:28.0687 0748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:45:28.0687 0748 usbehci - ok
02:45:28.0750 0748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:45:28.0765 0748 usbhub - ok
02:45:28.0828 0748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:45:28.0828 0748 usbohci - ok
02:45:28.0875 0748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:45:28.0875 0748 usbprint - ok
02:45:28.0937 0748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:45:28.0937 0748 usbscan - ok
02:45:29.0000 0748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:45:29.0000 0748 USBSTOR - ok
02:45:29.0046 0748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:45:29.0046 0748 usbuhci - ok
02:45:29.0109 0748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:45:29.0109 0748 VgaSave - ok
02:45:29.0187 0748 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
02:45:29.0187 0748 viaagp1 - ok
02:45:29.0250 0748 viagfx (e8c619c6c6bde90d130dda87150e1944) C:\WINDOWS\system32\DRIVERS\vtmini.sys
02:45:29.0250 0748 viagfx - ok
02:45:29.0312 0748 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
02:45:29.0312 0748 ViaIde - ok
02:45:29.0390 0748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:45:29.0390 0748 VolSnap - ok
02:45:29.0484 0748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:45:29.0484 0748 Wanarp - ok
02:45:29.0515 0748 WDICA - ok
02:45:29.0593 0748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:45:29.0593 0748 wdmaud - ok
02:45:29.0703 0748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:45:29.0718 0748 WS2IFSL - ok
02:45:29.0781 0748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:45:29.0781 0748 WSTCODEC - ok
02:45:29.0843 0748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:45:29.0859 0748 WudfPf - ok
02:45:29.0921 0748 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
02:45:29.0937 0748 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
02:45:30.0000 0748 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
02:45:30.0000 0748 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
02:45:30.0031 0748 MBR (0x1B8) (8cc68602644010dfdb2a22cb60ddf258) \Device\Harddisk0\DR0
02:45:30.0031 0748 \Device\Harddisk0\DR0 - ok
02:45:30.0046 0748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
02:45:33.0468 0748 \Device\Harddisk1\DR3 - ok
02:45:33.0484 0748 Boot (0x1200) (3a0aae89c3228518566909278e6a6f7f) \Device\Harddisk0\DR0\Partition0
02:45:33.0484 0748 \Device\Harddisk0\DR0\Partition0 - ok
02:45:33.0484 0748 Boot (0x1200) (713ebd1d854715e92e9637cc3f6a93c1) \Device\Harddisk0\DR0\Partition1
02:45:33.0500 0748 \Device\Harddisk0\DR0\Partition1 - ok
02:45:33.0500 0748 Boot (0x1200) (737b075324a4f46ab50b0f930199e3b1) \Device\Harddisk1\DR3\Partition0
02:45:33.0500 0748 \Device\Harddisk1\DR3\Partition0 - ok
02:45:33.0500 0748 ============================================================
02:45:33.0500 0748 Scan finished
02:45:33.0500 0748 ============================================================
02:45:33.0515 0744 Detected object count: 0
02:45:33.0515 0744 Actual detected object count: 0
02:45:41.0921 0484 Deinitialize success
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
(Note: There is a space between the ..X and the /U that needs to be there.)
http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
----------
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and Update an Anti-Virus Software - I can not overemphasize the need for you to use and update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
**Do not install more than one firewall program because they will conflict with each other**
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Filehippo's Update Checker (http://www.filehippo.com/updatechecker/). It is free utilitiy that scan your computer for installed software, checks the versions and then sends this information to see if there are any newer releases. Available software updates are displayed and you can decide which ones to download and install. Among many other types of programs, they includes a number of the Anti-Spyware, Firewall/Security and Anti-Virus programs that have been recommended (though not all of them). Note: Definition files should be updated from within the programs themselves. The Update Checker look for newer versions of the software program, not definition files.
7. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
8. WOT (http://www.mywot.com/), Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
9. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware (http://forum.malwareremoval.com/viewtopic.php?t=13)
10. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
I have taken your suggestions and installed, and or changed things. I am having difficulty in deciding yas or no with respect to ougoing traffic. Most are easy to understand, but some just have alpha numeric designations that I have no clue as to what or why I need to allow as outbound. Some I can post on the internet to see if others consider them to be a problem. But that is only as good as the site. Last question for you than is this; How do I know what is valid?
Hi wmbeyer,
If there is some outbound traffic that you can not decide whether or not it is ok you should definitely block it until you find out for sure. From a malware standpoint I am not seeing anything on your logs that is showing malware though.
Dakeyras
2011-10-09, 14:47
Hi. :)
Your helper is currently unavailable so I will be assisting you if that is acceptable.
Are you experiencing any further issues with the machine and did you install a third party software firewall or not?
I am using Zone alarm. My machine is running better now than it has in a long time. Also, I no longer get a message from the university telling me that I have a Bot. Thanks for everything.
Dakeyras
2011-10-10, 17:43
OK and on behalf of jeffce/Safer Networking, you're welcome!
--------------
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.