Hi,
I would be grateful for any help you can offer. Ping.exe keeps starting up and is consuming system resources. Here is my DDS log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_12
Run by tfarrell at 10:46:12 on 2011-12-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.821 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\ColdFusion9\solr\solr.exe
C:\ColdFusion9\jnbridge\CFDotNetsvc.exe
C:\ColdFusion9\runtime\jre\bin\java.exe
C:\ColdFusion9\jnbridge\JNBDotNetSide.exe
C:\ColdFusion9\runtime\bin\jrunsvc.exe
C:\ColdFusion9\db\slserver54\bin\swagent.exe
C:\ColdFusion9\runtime\bin\jrun.exe
C:\ColdFusion9\db\slserver54\bin\swstrtr.exe
C:\ColdFusion9\db\slserver54\bin\swsoc.exe
C:\ColdFusion9\verity\k2\_nti40\bin\k2admin.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\System32\svchost.exe -k Sqlses
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\ColdFusion9\verity\k2\_nti40\bin\k2server.exe
C:\ColdFusion9\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office 2010\Office14\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe -m
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Microsoft Office 2010\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ping.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
mWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi7967~1\office14\URLREDIR.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [FRYMXINS] "c:\program files\ati technologies\fire gl 3d studio max\atiimxgl"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [BSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_12\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [BCSSync] "c:\program files\microsoft office 2010\office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotDeletingA1528] command.com /c del "c:\program files\free offers from freeze.com\control.txt"
mRunOnce: [SpybotDeletingC333] cmd.exe /c del "c:\program files\free offers from freeze.com\control.txt"
mRunOnce: [SpybotDeletingA6697] command.com /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
mRunOnce: [SpybotDeletingC3713] cmd.exe /c del "c:\program files\free offers from freeze.com\dolphinico.ico"
StartupFolder: c:\docume~1\tfarre~1.lt-\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\tfarre~1.lt-\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office 2010\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: DisableLocalMachineRunOnce = 1 (0x1)
mPolicies-explorer: DisableLocalMachineRun = 1 (0x1)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_12\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 2010\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2010\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297226283656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1312306304906
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://dscmtn4/vc/UltraMJCamX.ocx
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://dscmtn4/vc/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75
TCP: Interfaces\{5179EC27-0321-4423-852A-713092ABFA0D} : DhcpNameServer = 192.168.2.1 75.75.75.75
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: Asynchronous - sqlesw32.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: sqlesw32 - sqlesw32.dll
Notify: Sqlseses - sqlesw32.dll
Notify: }{|·¦w71@Úºÿ
Á - sqlesw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-7-24 38816]
R2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe -zglaxservice cf9solr --> c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [2011-5-10 77824]
R2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [2011-5-10 58880]
R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe "coldfusion 9 odbc agent" --> c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe "coldfusion 9 odbc server" --> c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [2011-5-10 3677616]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-13 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R2 SqlCSS;SQL Server EXPRESS;c:\windows\system32\svchost.exe -k Sqlses [2006-2-28 14336]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2011-2-8 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-7-24 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 22216]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\smr210.sys --> c:\windows\system32\drivers\SMR210.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2011-8-19 22176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-14 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2010-12-15 174720]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-04 17:31:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-04 17:31:29 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-03 23:57:53 -------- d-----w- c:\documents and settings\tfarrell.lt-0603\application data\Tific
2011-12-03 23:57:52 -------- d-----w- c:\documents and settings\tfarrell.lt-0603\local settings\application data\Symantec
2011-12-03 20:18:50 14744 ----a-w- c:\documents and settings\tfarrell.lt-0603\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2011-12-03 20:17:34 -------- d-----w- c:\program files\MSECache
2011-12-03 19:53:05 -------- d-----w- c:\documents and settings\tfarrell.lt-0603\local settings\application data\NPE
2011-12-03 19:52:25 -------- d-----w- c:\program files\Norton Power Eraser
2011-12-03 19:15:22 -------- d-----w- c:\program files\SpyBot
2011-12-03 19:12:18 388096 ----a-r- c:\documents and settings\tfarrell.lt-0603\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-03 19:12:18 -------- d-----w- c:\program files\Trend Micro
2011-12-03 19:11:49 1402880 ----a-w- C:\HiJackThis.msi
2011-12-03 18:27:51 -------- d--h--w- c:\windows\PIF
2011-12-03 17:56:43 53248 ----a-w- c:\windows\system32\6to4v32.dll
2011-12-03 17:56:42 37888 ----a-w- c:\windows\system32\sqlesw32.dll
2011-12-03 17:56:42 156672 ----a-w- c:\windows\system32\sqlcsw32.dll
2011-12-03 10:11:22 116224 ----a-w- c:\windows\system32\5T740.com
2011-12-03 07:39:45 -------- d-----w- c:\documents and settings\all users\application data\IObit
2011-12-03 07:39:41 -------- d-----w- c:\program files\IObit
2011-12-02 17:13:53 116224 ----a-w- c:\windows\system32\5T740.com_
2011-12-01 21:08:35 751616 ----a-w- C:\roguekiller.exe
2011-12-01 21:02:33 -------- d-----w- C:\RK_Quarantine
2011-12-01 20:32:59 709968 ----a-w- c:\windows\is-BVQM3.exe
2011-11-30 23:38:39 -------- d-----w- c:\documents and settings\tfarrell.lt-0603\application data\pdfforge
2011-11-30 23:38:34 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-11-30 23:38:34 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-11-30 23:38:34 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-30 23:38:33 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-11-29 21:27:08 -------- d-----w- c:\documents and settings\tfarrell.lt-0603\Bluetooth Software
2011-11-19 20:44:44 -------- d-----w- c:\program files\File Type Assistant
2011-11-19 20:40:18 -------- d-----w- C:\Torrent
2011-11-17 19:21:52 -------- d-----w- C:\Vail Resorts
2011-11-15 16:27:05 -------- d-----w- C:\e
2011-11-15 16:27:05 -------- d-----w- C:\Data
2011-11-15 00:15:29 -------- d-----w- c:\program files\iPod
2011-11-15 00:15:24 -------- d-----w- c:\program files\iTunes
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-07 21:17:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-07 21:03:43 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-11-12 22:12:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-27 19:21:33 106496 ----a-w- c:\windows\system32\ATL71.DLL
.
============= FINISH: 10:48:23.57 ===============

hi livinginmtn,

Your post is a few days old. If you still need help simply reply back.

Hi, i have been travelling. Yes, I still need help. My situation is that i became infected with the 2012 Xp security virus. I downloaded spybot and hijack this. I was successful in removing the security virus but I bel;ieve that it was masking my real problem. I think i have a hijack virus. Some of my hotmail contacts have received spurious emails from that account. Now ping.exe is continually launching, gradually consuming memory and system resources until my laptop ginnds to a halt. Spybot seems to be blocking the access to the internet.

The last statement may be misleading. Spybot is preventing the virus from access the internet. I have just removed ping.exe with taskmgr and it was over 400k in resources after being connected via wifi for 5 minutes.

Thanks for any help you can offer.

This is what netstat show after 10 minutes of connection.

TCP lt-0603:30606 www.007guard.com:2449 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2455 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2459 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2461 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2463 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2467 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2473 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2477 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2479 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2481 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2483 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2485 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2487 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2491 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2493 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2501 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2503 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2509 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2511 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2513 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2515 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2519 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2521 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2524 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2526 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2530 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2532 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2536 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2538 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2542 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2544 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2546 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2548 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2550 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2552 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2554 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2556 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2558 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2560 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2562 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2564 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2566 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2568 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2570 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2572 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2574 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2576 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2578 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2580 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2586 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2588 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2590 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2592 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2594 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2596 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2598 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2606 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2608 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2610 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2612 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2614 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2616 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2618 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2624 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2626 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2628 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2630 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2634 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2638 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2642 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2644 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2646 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2648 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2654 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2656 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2660 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2662 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2664 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2666 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2668 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2670 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2672 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2678 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2680 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2682 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2684 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2688 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2690 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2692 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2694 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2696 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2698 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2700 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2706 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2712 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2714 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2716 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2718 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2720 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2726 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2728 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2730 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2732 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2734 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2736 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2738 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2742 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2744 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2758 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2760 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2766 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2772 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2774 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2776 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2778 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2780 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2782 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2784 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2786 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2788 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2790 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2792 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2798 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2802 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2804 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2808 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2810 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2812 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2814 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2816 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2818 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2820 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2822 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2824 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2826 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2828 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2830 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2832 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2834 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2836 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2838 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2846 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2848 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2850 TIME_WAIT
TCP lt-0603:30606 www.007guard.com:2854 FIN_WAIT_2
TCP lt-0603:30606 www.007guard.com:2858 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2860 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2862 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2868 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2870 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2872 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2880 ESTABLISHED
TCP lt-0603:30606 www.007guard.com:2890 ESTABLISHED
TCP lt-0603:2268 72.32.153.177:http LAST_ACK
TCP lt-0603:2319 211-111-162-69.static.reverse.lstn.net:http CLO
SE_WAIT
TCP lt-0603:2328 .:http TIME_WAIT
TCP lt-0603:2330 199.59.241.250:http TIME_WAIT
TCP lt-0603:2334 68.169.92.55:http TIME_WAIT
TCP lt-0603:2342 ec2-50-19-109-125.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2344 ec2-107-20-156-112.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2346 .:http TIME_WAIT
TCP lt-0603:2350 pz-in-f95.1e100.net:http ESTABLISHED
TCP lt-0603:2354 nuq04s06-in-f13.1e100.net:http ESTABLISHED
TCP lt-0603:2356 nuq04s06-in-f13.1e100.net:http ESTABLISHED
TCP lt-0603:2358 www-da1.adobe.com:http ESTABLISHED
TCP lt-0603:2360 a23-3-68-107.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2366 .:http TIME_WAIT
TCP lt-0603:2368 199.59.241.250:http TIME_WAIT
TCP lt-0603:2376 a96-17-239-139.deploy.akamaitechnologies.com:htt
ps ESTABLISHED
TCP lt-0603:2378 www-11-05-prn1.facebook.com:https ESTABLISHED
TCP lt-0603:2410 208.81.191.113:http ESTABLISHED
TCP lt-0603:2428 a23-3-68-107.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2450 a23-3-68-114.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2460 74.114.28.200:http ESTABLISHED
TCP lt-0603:2462 nuq04s07-in-f27.1e100.net:http ESTABLISHED
TCP lt-0603:2464 www-11-05-prn1.facebook.com:http ESTABLISHED
TCP lt-0603:2478 nuq04s07-in-f27.1e100.net:http ESTABLISHED
TCP lt-0603:2480 208.81.191.113:http ESTABLISHED
TCP lt-0603:2482 nuq04s06-in-f27.1e100.net:http ESTABLISHED
TCP lt-0603:2484 nuq04s06-in-f27.1e100.net:http ESTABLISHED
TCP lt-0603:2486 a96-17-227-24.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2492 ec2-184-73-247-213.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2494 a23-3-68-136.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2496 .:http TIME_WAIT
TCP lt-0603:2498 parkwebwin-v02.prod.mesa1.secureserver.net:http
CLOSING
TCP lt-0603:2504 66.150.149.23:http ESTABLISHED
TCP lt-0603:2510 66.150.149.23:http ESTABLISHED
TCP lt-0603:2512 98.129.232.76:http ESTABLISHED
TCP lt-0603:2514 ec2-184-73-170-119.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2516 a23-3-68-136.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2539 a23-3-68-114.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2551 a23-3-68-112.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2553 a23-3-68-112.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2565 ec2-107-22-189-186.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2567 a23-3-68-123.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2569 a23-3-68-123.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2575 ec2-107-22-189-186.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2587 a23-3-68-145.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2591 74.200.209.252:http ESTABLISHED
TCP lt-0603:2599 a23-3-68-146.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2607 a23-3-68-113.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2627 a23-3-68-145.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2637 .:http TIME_WAIT
TCP lt-0603:2641 213.174.148.3:http TIME_WAIT
TCP lt-0603:2655 ec2-50-19-225-159.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2665 76.74.136.93:http ESTABLISHED
TCP lt-0603:2673 76.74.136.96:http ESTABLISHED
TCP lt-0603:2679 a23-3-68-99.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2681 a23-3-68-145.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2683 a23-3-68-145.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2685 a23-3-68-99.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2689 a23-3-68-99.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2693 a23-3-68-145.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2695 a23-3-68-99.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2697 a23-3-68-130.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2699 a23-3-68-130.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2707 a23-3-68-115.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2713 a23-3-12-202.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2715 64.210.61.140:http CLOSE_WAIT
TCP lt-0603:2717 mpr2.ngd.vip.bf1.yahoo.com:http ESTABLISHED
TCP lt-0603:2719 64.210.61.140:http CLOSE_WAIT
TCP lt-0603:2723 64.210.61.136:http CLOSE_WAIT
TCP lt-0603:2727 64.210.61.136:http CLOSE_WAIT
TCP lt-0603:2729 mpr2.ngd.vip.bf1.yahoo.com:http ESTABLISHED
TCP lt-0603:2731 ec2-174-129-203-211.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2735 js-pd03.revsci.net:http ESTABLISHED
TCP lt-0603:2737 a23-3-68-138.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2739 a23-3-68-145.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2741 208.71.125.1:http TIME_WAIT
TCP lt-0603:2759 cust-69.194.143.60.switchnap.com:http ESTABLISH
ED
TCP lt-0603:2761 cust-69.194.143.60.switchnap.com:http ESTABLISH
ED
TCP lt-0603:2769 208.71.125.1:http TIME_WAIT
TCP lt-0603:2779 ec2-174-129-203-211.compute-1.amazonaws.com:http
ESTABLISHED
TCP lt-0603:2787 crispwireless.net:http ESTABLISHED
TCP lt-0603:2801 .:http TIME_WAIT
TCP lt-0603:2807 213.174.148.3:http TIME_WAIT
TCP lt-0603:2815 74.217.78.140:http ESTABLISHED
TCP lt-0603:2825 74.217.78.140:http ESTABLISHED
TCP lt-0603:2827 crispwireless.net:http ESTABLISHED
TCP lt-0603:2829 93.184.216.169:http ESTABLISHED
TCP lt-0603:2831 93.184.216.169:http ESTABLISHED
TCP lt-0603:2833 72.21.91.19:http CLOSE_WAIT
TCP lt-0603:2837 66.45.56.124:http CLOSE_WAIT
TCP lt-0603:2839 66.45.56.124:http CLOSE_WAIT
TCP lt-0603:2849 138.108.6.20:http ESTABLISHED
TCP lt-0603:2855 www.meebo.com:http CLOSE_WAIT
TCP lt-0603:2859 93.184.216.119:http ESTABLISHED
TCP lt-0603:2861 93.184.216.119:http ESTABLISHED
TCP lt-0603:2863 93.184.216.119:http ESTABLISHED
TCP lt-0603:2869 93.184.216.119:http ESTABLISHED
TCP lt-0603:2871 93.184.216.119:http ESTABLISHED
TCP lt-0603:2873 93.184.216.119:http ESTABLISHED
TCP lt-0603:2881 a23-3-68-136.deploy.akamaitechnologies.com:http
ESTABLISHED
TCP lt-0603:2891 216-18-215-4.hosted.static.webnx.com:http ESTAB
LISHED

C:\Documents and Settings\tfarrell.LT-0603>

I believe your host file is missing a line. Those 007guard entries happen to be the first ones in Spybots host file. You can ignore it for now, we will come back to it. If you disable the feature in Spybot then you shoudnt see them.

You said you killed ping.exe in task manager, does it return on reboot? Is a updated malwarebytes coming up clean after a scan. Is your ESET AV up to date?
We will get download to use, its called combofix. There is a guide to read first, read through the guide then apply the directions on your own machine. Post the combofix log.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

When I kill Ping.exe in taskMgr it comes back within 2 to 3 minutes. I will download combofix and send you the log. ESET does not prevent the ping.exe relaunching.

Hi shelf life,
I ran combo fix and it created the txt file. However now I cannot attach to the Internet. My wifi shows it is connected but the stats show that no data is transmitting. Ipconfig will not run. I connected by cable to my router same result. In both normal and safe mode same result. My wireless connection status shows no data for address type, ip address , subnet mask and default gateway.
Help!!!

Sent from my iPhone....

Have you rebooted both the computer and router?

I have rebooted my computer and verified that my router is connecting to the internet. I ran netsh to rebuild my TCP/IP stack as my laptop is showing that it is connected to the internet via wifi. However, no data is being transmitted. Netsh did not do any good. I have an old PC which I am now using connected through the same router which I am using to communicate with you.
I will transfer the combofix.txt file to you. I ran it twice so may not be what u want.

ComboFix 11-12-13.03 - tfarrell 12/14/2011 13:53:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1286 [GMT -7:00]
Running from: c:\documents and settings\tfarrell.LT-0603\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 19:07 . 2011-12-14 19:07 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\ICAClient
2011-12-04 20:36 . 2011-12-04 20:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-04 17:31 . 2011-12-07 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-04 17:31 . 2011-12-04 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\Tific
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\Symantec
2011-12-03 20:17 . 2011-12-03 20:17 -------- d-----w- c:\program files\MSECache
2011-12-03 19:53 . 2011-12-03 20:04 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\NPE
2011-12-03 19:52 . 2011-12-03 19:52 -------- d-----w- c:\program files\Norton Power Eraser
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files\Windows Sidebar
2011-12-03 19:15 . 2011-12-06 22:25 -------- d-----w- c:\program files\SpyBot
2011-12-03 19:12 . 2011-12-03 19:12 388096 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-03 19:12 . 2011-12-03 19:12 -------- d-----w- c:\program files\Trend Micro
2011-12-03 19:11 . 2011-12-03 19:12 1402880 ----a-w- C:\HiJackThis.msi
2011-12-03 18:27 . 2011-12-03 18:27 -------- d--h--w- c:\windows\PIF
2011-12-03 10:11 . 2011-12-02 16:35 116224 ----a-w- c:\windows\system32\5T740.com
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\program files\IObit
2011-12-02 17:13 . 2011-12-02 17:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-02 17:11 . 2011-12-03 11:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-12-02 17:10 . 2011-12-02 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-01 21:08 . 2011-12-01 20:54 751616 ----a-w- C:\roguekiller.exe
2011-12-01 21:02 . 2011-12-01 21:02 -------- d-----w- C:\RK_Quarantine
2011-12-01 20:56 . 2011-12-01 20:56 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Search
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Apple Computer
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Apple Computer
2011-12-01 20:32 . 2011-12-01 20:32 709968 ----a-w- c:\windows\is-BVQM3.exe
2011-12-01 20:32 . 2011-12-01 20:32 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Malwarebytes
2011-12-01 20:31 . 2011-12-01 20:31 -------- d-sh--w- c:\documents and settings\Administrator.LT-0603\IECompatCache
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Identities
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Desktop Search
2011-11-30 23:38 . 2011-11-30 23:38 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\pdfforge
2011-11-30 23:38 . 2004-03-09 08:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-11-30 23:38 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-30 23:38 . 1998-06-24 08:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-11-30 23:38 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-11-29 21:27 . 2011-11-29 21:27 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Bluetooth Software
2011-11-19 20:44 . 2011-11-19 20:44 -------- d-----w- c:\program files\File Type Assistant
2011-11-19 20:40 . 2011-11-19 20:41 -------- d-----w- C:\Torrent
2011-11-17 19:21 . 2011-11-20 16:42 -------- d-----w- C:\Vail Resorts
2011-11-15 16:27 . 2011-11-15 16:27 -------- d-----w- C:\e
2011-11-15 00:15 . 2011-11-15 00:15 -------- d-----w- c:\program files\iPod
2011-11-15 00:15 . 2011-11-15 00:16 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 22:12 . 2011-06-05 23:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-27 19:22 . 2011-09-27 19:22 57344 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-09-27 19:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-09-21 22:31 . 2011-09-21 22:31 53248 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_19.03.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-14 20:39 . 2011-12-14 20:39 16384 c:\windows\Temp\Perflib_Perfdata_6a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-19 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-26 677144]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-11-24 1660232]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\documents and settings\tfarrell.LT-0603\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Asynchronous]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sqlesw32]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sqlseses]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\0\0]
"Script"=\\dmc-colorado.com\sysvol\dmc-colorado.com\scripts\DSC.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\1\0]
"Script"=MAS_90.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Reminder"=c:\windows\Creator\Remind_XP.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr --> c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 2:10 PM 82944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/8/2011 9:10 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 8:21 AM 41216]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS --> c:\windows\system32\drivers\SMR210.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [5/10/2011 8:06 AM 77824]
S2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [5/10/2011 8:05 AM 58880]
S2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
S2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
S2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [5/10/2011 8:04 AM 3677616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 2:26 AM 22176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/15/2010 2:38 PM 174720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc53d7f5ef9036.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc53d7f5fb7bf8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-09-27 c:\windows\Tasks\photostageDowngrade.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-08 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-08 18:23]
.
2011-12-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-12-04 22:31]
.
2011-09-08 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-08 18:22]
.
2011-12-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-08 18:22]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://dscmtn4/vc/UltraMJCamX.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Notify-}{|·¦w71@Úºÿ
Á - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 14:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3068)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-14 14:03:31
ComboFix-quarantined-files.txt 2011-12-14 21:03
ComboFix2.txt 2011-12-14 19:10
.
Pre-Run: 18,746,347,520 bytes free
Post-Run: 18,720,206,848 bytes free
.
- - End Of File - - 1D4D7CB8F54BC1AF56C79EDD18B9617A

BTW Ipconfig will not run. Error is "an internal error occured. The request is not supported."

BTW after 10 mins the wifi disconnects and will not reconnect. You have to reboot to get it to hook up, but no data packets are transmitting.

I also have no internal ip address

Go here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) and way down at the bottom are instruction for manually restoring the connection, although this pretty much does what you already did manually.
Also look in device manager for your network adapter and make sure its not disabled.

My network adaptor is enabled. I have checked all the connections both cable and wifi. Did u see that Ipconfig does not run and I have no IP address.
Thanks

I have gone through all those steps and this is what I see in the wifi connection. I have attached two screenshots that show the status of the wifi connection. As you can see there are no packets being transmitted and no IP address.

I stried to use net stop tcpip to stop my tcpip service. The response is "Service is not running".

When I use net start tcpip i get an error code 2.

You can try this:
Open a cmd (run>start>cmd) prompt and type in: ping localhost
to see if you get a reply

Start>settings>double click the connection icon which will open the Local area Connection Properties Window
Click on TCP/IP and select properties
Make sure Obtain an IP address automatically is checked
and
Obtain DNS server address automatically is checked

go to start>run and type in services.msc
Windows service panel will open
check the status of these: under Status it should say "started"

DHCP Client
DNS Client
Network Connections
Network Location Awareness
Remote Procedure Call (RPC)
TCP/IP Netbios helper

See answers below

You can try this:
Open a cmd (run>start>cmd) prompt and type in: ping localhost
to see if you get a reply. - Unable to contact IP Driver Error 2

Start>settings>double click the connection icon which will open the Local area Connection Properties Window
Click on TCP/IP and select properties
Make sure Obtain an IP address automatically is checked
and
Obtain DNS server address automatically is checked - Both checked...

go to start>run and type in services.msc
Windows service panel will open
check the status of these: under Status it should say "started"

DHCP Client - Automatic - Not started - when tried to start - Error 1068
DNS Client - Automatic - Not started - when tried to start - Error 1068Network Connections - Manual - started
Network Location Awareness - Manual - not started
Remote Procedure Call (RPC) - Automatic - Started
TCP/IP Netbios helper - Automatic - Started

BTW Webclient is continually "stopping", has that got anything to do with the problem?

try this fix for the error message (http://support.microsoft.com/kb/827328)
You can transfer it to the computer then run it.

then:
Open the services panel again and right click on Network Location Awareness then properties. startup type set to: manual
Under service status click: start

The Webclient service can be safely stopped, change startup type to disable

reboot and cross fingers

Hi,
Ran everything, even crossed my arms. No go.

SErvice status:
IPSEC won't start same error
RPC Started
RPC Locator Started
TCP/IP Netbios helper started
Disabled Web client

Rebooted several times still no change.

Where do we go from here?

Netwoek Location Awareness set to manual, still won't start has a dependency error 1068.

Of course I ran the Microsoft Fix.

Looks like we've gone from a simply ping.exe to other problems. You said you ran combofix twice, can you find the first log and post it? Since that was run before all the problems although theres no way combofix disabled all those services. Lets leave the services alone for now.

Go to start and type in: devmgmt.msc
device manager will open. At the top click on view and select; show hidden devices. Click the + Under non-plug and play drivers and see if there are any yellow ! next to anything.
There also another Fix It at the bottom of this (http://support.microsoft.com/kb/811259) page.

Do you have a XP install disk to do a repair of Windows?
Other option would be to uninstall then reinstall your NIC driver which you could get from your laptop vendors website. At this point its still a guess for the solution.

Hi SL,
Here is my update.

Ran devmgmt.msc

IP network Address translator - Yellow
TCP/IP Protocol Driver - Yellow

Ran fix

No change
IP network Address translator - Yellow
TCP/IP Protocol Driver - Yellow

I also had Norton AVG latest version installed and uninstalled it, before this all began. I have read that this product can leave behind registry settings that affect the TCP/IP protocol. Is this possible?

Here is the first combofix text file, I believe

ComboFix 11-12-13.03 - tfarrell 12/14/2011 11:47:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1521 [GMT -7:00]
Running from: c:\documents and settings\tfarrell.LT-0603\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\Administrator.LT-0603\My Documents\winlogon.exe
c:\documents and settings\tfarrell.LT-0603\Desktop\Windows XP Restore.lnk
c:\windows\$NtUninstallKB23442$\1032873474\@
c:\windows\$NtUninstallKB23442$\1032873474\bckfg.tmp
c:\windows\$NtUninstallKB23442$\1032873474\cfg.ini
c:\windows\$NtUninstallKB23442$\1032873474\Desktop.ini
c:\windows\$NtUninstallKB23442$\1032873474\keywords
c:\windows\$NtUninstallKB23442$\1032873474\kwrd.dll
c:\windows\$NtUninstallKB23442$\1032873474\L\ptvvciim
c:\windows\$NtUninstallKB23442$\1032873474\lsflt7.ver
c:\windows\$NtUninstallKB23442$\1032873474\U\00000001.@
c:\windows\$NtUninstallKB23442$\1032873474\U\00000002.@
c:\windows\$NtUninstallKB23442$\1032873474\U\00000004.@
c:\windows\$NtUninstallKB23442$\1032873474\U\80000000.@
c:\windows\$NtUninstallKB23442$\1032873474\U\80000004.@
c:\windows\$NtUninstallKB23442$\1032873474\U\80000032.@
c:\windows\$NtUninstallKB23442$\576646912
c:\windows\CSC\d6
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\sqlcsw32.dll
c:\windows\system32\sqlesw32.dll
F:\Autorun.inf
c:\windows\$NtUninstallKB23442$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_SqlCSS
-------\Service_SqlCSS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 18:47 . 2011-12-14 18:47 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\ESET
2011-12-04 20:36 . 2011-12-04 20:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-04 17:31 . 2011-12-07 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-04 17:31 . 2011-12-04 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\Tific
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\Symantec
2011-12-03 20:17 . 2011-12-03 20:17 -------- d-----w- c:\program files\MSECache
2011-12-03 19:53 . 2011-12-03 20:04 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\NPE
2011-12-03 19:52 . 2011-12-03 19:52 -------- d-----w- c:\program files\Norton Power Eraser
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files\Windows Sidebar
2011-12-03 19:15 . 2011-12-06 22:25 -------- d-----w- c:\program files\SpyBot
2011-12-03 19:12 . 2011-12-03 19:12 388096 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-03 19:12 . 2011-12-03 19:12 -------- d-----w- c:\program files\Trend Micro
2011-12-03 19:11 . 2011-12-03 19:12 1402880 ----a-w- C:\HiJackThis.msi
2011-12-03 18:27 . 2011-12-03 18:27 -------- d--h--w- c:\windows\PIF
2011-12-03 10:11 . 2011-12-02 16:35 116224 ----a-w- c:\windows\system32\5T740.com
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\program files\IObit
2011-12-02 17:13 . 2011-12-02 17:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-02 17:11 . 2011-12-03 11:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-12-02 17:10 . 2011-12-02 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-01 21:08 . 2011-12-01 20:54 751616 ----a-w- C:\roguekiller.exe
2011-12-01 21:02 . 2011-12-01 21:02 -------- d-----w- C:\RK_Quarantine
2011-12-01 20:56 . 2011-12-01 20:56 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Search
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Apple Computer
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Apple Computer
2011-12-01 20:32 . 2011-12-01 20:32 709968 ----a-w- c:\windows\is-BVQM3.exe
2011-12-01 20:32 . 2011-12-01 20:32 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Malwarebytes
2011-12-01 20:31 . 2011-12-01 20:31 -------- d-sh--w- c:\documents and settings\Administrator.LT-0603\IECompatCache
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Identities
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Desktop Search
2011-11-30 23:38 . 2011-11-30 23:38 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\pdfforge
2011-11-30 23:38 . 2004-03-09 08:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-11-30 23:38 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-30 23:38 . 1998-06-24 08:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-11-30 23:38 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-11-29 21:27 . 2011-11-29 21:27 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Bluetooth Software
2011-11-19 20:44 . 2011-11-19 20:44 -------- d-----w- c:\program files\File Type Assistant
2011-11-19 20:40 . 2011-11-19 20:41 -------- d-----w- C:\Torrent
2011-11-17 19:21 . 2011-11-20 16:42 -------- d-----w- C:\Vail Resorts
2011-11-15 16:27 . 2011-11-15 16:27 -------- d-----w- C:\e
2011-11-15 00:15 . 2011-11-15 00:15 -------- d-----w- c:\program files\iPod
2011-11-15 00:15 . 2011-11-15 00:16 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 22:12 . 2011-06-05 23:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-27 19:22 . 2011-09-27 19:22 57344 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-09-27 19:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-09-21 22:31 . 2011-09-21 22:31 53248 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-19 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-26 677144]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-11-24 1660232]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\tfarrell.LT-0603\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\0\0]
"Script"=\\dmc-colorado.com\sysvol\dmc-colorado.com\scripts\DSC.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\1\0]
"Script"=MAS_90.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Reminder"=c:\windows\Creator\Remind_XP.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr --> c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [5/10/2011 8:06 AM 77824]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8/12/2010 2:16 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/13/2011 2:04 PM 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 2:10 PM 82944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/8/2011 9:10 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 8:21 AM 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 2:04 PM 22216]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS --> c:\windows\system32\drivers\SMR210.SYS [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [5/10/2011 8:05 AM 58880]
S2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
S2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
S2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [5/10/2011 8:04 AM 3677616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 2:26 AM 22176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/15/2010 2:38 PM 174720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc53d7f5ef9036.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc53d7f5fb7bf8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-09-27 c:\windows\Tasks\photostageDowngrade.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-08 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-08 18:23]
.
2011-12-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-12-04 22:31]
.
2011-09-08 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-08 18:22]
.
2011-12-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-08 18:22]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://dscmtn4/vc/UltraMJCamX.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-Asynchronous - sqlesw32.dll
Notify-sqlesw32 - sqlesw32.dll
Notify-Sqlseses - sqlesw32.dll
Notify-}{|·¦w71@Úºÿ
Á - sqlesw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 12:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST910021 rev.3.12 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF72D3864
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\coldfusion9\solr\solr.exe
c:\coldfusion9\runtime\jre\bin\java.exe
c:\coldfusion9\jnbridge\JNBDotNetSide.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sprint\Sprint SmartView\RcAppSvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Sprint\Sprint SmartView\bmctl.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-12-14 12:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 19:09
.
Pre-Run: 15,152,128,000 bytes free
Post-Run: 18,644,815,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 46F615E97AF6CDADD8B94304147A9FBF

Thanks for the info. Can you get a copy of Tdsskiller and transfer it to your computer. Its small and will fit easily on a USB flash drive for transfer.

Theres no way Norton or AVG would have done all that damage to the tcp/ip stack. Its the result of a rootkit.

Please download TDSS Killer.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your desktop

Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)

Please post the log report

After you run tdsskiller please run combofix one more time and post its log.

Yay, SL... Home run. this is sent from my laptop....

TDSKiller Log:

16:43:59.0671 0224 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:43:59.0687 0224 ============================================================
16:43:59.0687 0224 Current date / time: 2011/12/19 16:43:59.0687
16:43:59.0687 0224 SystemInfo:
16:43:59.0687 0224
16:43:59.0687 0224 OS Version: 5.1.2600 ServicePack: 3.0
16:43:59.0687 0224 Product type: Workstation
16:43:59.0687 0224 ComputerName: LT-0603
16:43:59.0687 0224 UserName: tfarrell
16:43:59.0687 0224 Windows directory: C:\WINDOWS
16:43:59.0687 0224 System windows directory: C:\WINDOWS
16:43:59.0687 0224 Processor architecture: Intel x86
16:43:59.0687 0224 Number of processors: 2
16:43:59.0687 0224 Page size: 0x1000
16:43:59.0687 0224 Boot type: Normal boot
16:43:59.0687 0224 ============================================================
16:44:03.0968 0224 Initialize success
16:44:14.0296 0188 ============================================================
16:44:14.0296 0188 Scan started
16:44:14.0296 0188 Mode: Manual;
16:44:14.0296 0188 ============================================================
16:44:14.0546 0188 Abiosdsk - ok
16:44:14.0593 0188 abp480n5 - ok
16:44:14.0640 0188 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
16:44:14.0640 0188 Accelerometer - ok
16:44:14.0671 0188 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:14.0671 0188 ACPI - ok
16:44:14.0703 0188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:44:14.0703 0188 ACPIEC - ok
16:44:14.0734 0188 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:44:14.0734 0188 ADIHdAudAddService - ok
16:44:14.0750 0188 adpu160m - ok
16:44:14.0781 0188 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
16:44:14.0781 0188 AEAudio - ok
16:44:14.0796 0188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:44:14.0796 0188 aec - ok
16:44:14.0843 0188 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:44:14.0843 0188 AFD - ok
16:44:14.0890 0188 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:44:14.0953 0188 AgereSoftModem - ok
16:44:14.0968 0188 Aha154x - ok
16:44:14.0984 0188 aic78u2 - ok
16:44:15.0000 0188 aic78xx - ok
16:44:15.0015 0188 AliIde - ok
16:44:15.0015 0188 amsint - ok
16:44:15.0046 0188 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:44:15.0046 0188 Arp1394 - ok
16:44:15.0062 0188 asc - ok
16:44:15.0078 0188 asc3350p - ok
16:44:15.0078 0188 asc3550 - ok
16:44:15.0125 0188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:15.0125 0188 AsyncMac - ok
16:44:15.0156 0188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:15.0156 0188 atapi - ok
16:44:15.0156 0188 Atdisk - ok
16:44:15.0312 0188 ati2mtag (79e69e18960e8013840af2681c5e77ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:44:15.0343 0188 ati2mtag - ok
16:44:15.0375 0188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:15.0375 0188 Atmarpc - ok
16:44:15.0406 0188 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
16:44:15.0406 0188 ATSWPDRV - ok
16:44:15.0468 0188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:15.0468 0188 audstub - ok
16:44:15.0484 0188 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:44:15.0484 0188 b57w2k - ok
16:44:15.0515 0188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:44:15.0515 0188 Beep - ok
16:44:15.0562 0188 btaudio (df74d51ba41ad84d72b2cb844337d3ed) C:\WINDOWS\system32\drivers\btaudio.sys
16:44:15.0578 0188 btaudio - ok
16:44:15.0609 0188 BTDriver (048f90a830e4dfbe050ea9f4c9f98ae3) C:\WINDOWS\system32\DRIVERS\btport.sys
16:44:15.0609 0188 BTDriver - ok
16:44:15.0687 0188 BTKRNL (6b6ad8cbf3984c3b39d4d06c38f52010) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:44:15.0703 0188 BTKRNL - ok
16:44:15.0718 0188 BTWDNDIS (8aa19a3c1cbdfeef118f0e4ef874a8a7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:44:15.0718 0188 BTWDNDIS - ok
16:44:15.0765 0188 BTWUSB (00c8988da469e4ac087539bd77420123) C:\WINDOWS\system32\Drivers\btwusb.sys
16:44:15.0765 0188 BTWUSB - ok
16:44:15.0843 0188 catchme - ok
16:44:15.0875 0188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:15.0875 0188 cbidf2k - ok
16:44:15.0906 0188 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:44:15.0906 0188 CCDECODE - ok
16:44:15.0921 0188 cd20xrnt - ok
16:44:15.0968 0188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:15.0968 0188 Cdaudio - ok
16:44:16.0000 0188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:16.0000 0188 Cdfs - ok
16:44:16.0031 0188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:16.0031 0188 Cdrom - ok
16:44:16.0046 0188 Changer - ok
16:44:16.0078 0188 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:44:16.0078 0188 CmBatt - ok
16:44:16.0093 0188 CmdIde - ok
16:44:16.0109 0188 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:44:16.0109 0188 Compbatt - ok
16:44:16.0140 0188 CompFilter (bc6b87086ff0d99f87fe8af9a919a1e7) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
16:44:16.0156 0188 CompFilter - ok
16:44:16.0171 0188 Cpqarray - ok
16:44:16.0171 0188 dac2w2k - ok
16:44:16.0187 0188 dac960nt - ok
16:44:16.0203 0188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:16.0203 0188 Disk - ok
16:44:16.0250 0188 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:44:16.0265 0188 dmboot - ok
16:44:16.0281 0188 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:44:16.0281 0188 dmio - ok
16:44:16.0296 0188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:44:16.0296 0188 dmload - ok
16:44:16.0328 0188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:44:16.0328 0188 DMusic - ok
16:44:16.0343 0188 dpti2o - ok
16:44:16.0375 0188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:44:16.0375 0188 drmkaud - ok
16:44:16.0406 0188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:44:16.0406 0188 Fastfat - ok
16:44:16.0421 0188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:44:16.0421 0188 Fdc - ok
16:44:16.0437 0188 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:44:16.0437 0188 Fips - ok
16:44:16.0453 0188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:44:16.0453 0188 Flpydisk - ok
16:44:16.0500 0188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:44:16.0500 0188 FltMgr - ok
16:44:16.0515 0188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:44:16.0515 0188 Fs_Rec - ok
16:44:16.0515 0188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:44:16.0531 0188 Ftdisk - ok
16:44:16.0562 0188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:44:16.0562 0188 GEARAspiWDM - ok
16:44:16.0593 0188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:44:16.0593 0188 Gpc - ok
16:44:16.0625 0188 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
16:44:16.0640 0188 GTIPCI21 - ok
16:44:16.0671 0188 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
16:44:16.0671 0188 HBtnKey - ok
16:44:16.0703 0188 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:44:16.0703 0188 HDAudBus - ok
16:44:16.0750 0188 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:44:16.0750 0188 HidUsb - ok
16:44:16.0781 0188 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
16:44:16.0781 0188 hpdskflt - ok
16:44:16.0796 0188 hpn - ok
16:44:16.0828 0188 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
16:44:16.0828 0188 HpqKbFiltr - ok
16:44:16.0875 0188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:44:16.0875 0188 HTTP - ok
16:44:16.0890 0188 i2omgmt - ok
16:44:16.0906 0188 i2omp - ok
16:44:16.0953 0188 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:44:16.0953 0188 i8042prt - ok
16:44:16.0984 0188 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:44:16.0984 0188 iaStor - ok
16:44:17.0031 0188 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
16:44:17.0031 0188 IFXTPM - ok
16:44:17.0078 0188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:44:17.0078 0188 Imapi - ok
16:44:17.0093 0188 ini910u - ok
16:44:17.0109 0188 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:44:17.0109 0188 IntelIde - ok
16:44:17.0140 0188 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:44:17.0140 0188 intelppm - ok
16:44:17.0156 0188 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:44:17.0156 0188 Ip6Fw - ok
16:44:17.0187 0188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:44:17.0187 0188 IpFilterDriver - ok
16:44:17.0218 0188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:44:17.0218 0188 IpInIp - ok
16:44:17.0234 0188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:44:17.0234 0188 IpNat - ok
16:44:17.0265 0188 IPSec (e13efecc2bd6718f9c4f6a7468ada1ff) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:44:17.0265 0188 IPSec ( Rootkit.Win32.ZAccess.k ) - infected
16:44:17.0265 0188 IPSec - detected Rootkit.Win32.ZAccess.k (0)
16:44:17.0281 0188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:44:17.0281 0188 IRENUM - ok
16:44:17.0312 0188 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:44:17.0312 0188 isapnp - ok
16:44:17.0328 0188 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:44:17.0328 0188 Kbdclass - ok
16:44:17.0343 0188 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:44:17.0343 0188 kbdhid - ok
16:44:17.0375 0188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:44:17.0375 0188 kmixer - ok
16:44:17.0421 0188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:44:17.0421 0188 KSecDD - ok
16:44:17.0437 0188 lbrtfdc - ok
16:44:17.0484 0188 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:44:17.0500 0188 LVRS - ok
16:44:17.0656 0188 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:44:17.0781 0188 LVUVC - ok
16:44:17.0796 0188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:44:17.0796 0188 mnmdd - ok
16:44:17.0843 0188 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:44:17.0843 0188 Modem - ok
16:44:17.0875 0188 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:44:17.0875 0188 Mouclass - ok
16:44:17.0906 0188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:44:17.0906 0188 mouhid - ok
16:44:17.0937 0188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:44:17.0937 0188 MountMgr - ok
16:44:17.0953 0188 mraid35x - ok
16:44:17.0968 0188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:44:17.0968 0188 MRxDAV - ok
16:44:18.0000 0188 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:44:18.0031 0188 MRxSmb - ok
16:44:18.0062 0188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:44:18.0062 0188 Msfs - ok
16:44:18.0109 0188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:44:18.0109 0188 MSKSSRV - ok
16:44:18.0140 0188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:44:18.0140 0188 MSPCLOCK - ok
16:44:18.0156 0188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:44:18.0156 0188 MSPQM - ok
16:44:18.0187 0188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:44:18.0187 0188 mssmbios - ok
16:44:18.0218 0188 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:44:18.0234 0188 MSTEE - ok
16:44:18.0265 0188 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:44:18.0265 0188 Mup - ok
16:44:18.0296 0188 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:44:18.0296 0188 NABTSFEC - ok
16:44:18.0343 0188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:44:18.0343 0188 NDIS - ok
16:44:18.0375 0188 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:44:18.0375 0188 NdisIP - ok
16:44:18.0390 0188 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:44:18.0390 0188 NdisTapi - ok
16:44:18.0406 0188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:44:18.0406 0188 Ndisuio - ok
16:44:18.0421 0188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:44:18.0421 0188 NdisWan - ok
16:44:18.0453 0188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:44:18.0453 0188 NDProxy - ok
16:44:18.0468 0188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:44:18.0468 0188 NetBIOS - ok
16:44:18.0484 0188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:44:18.0500 0188 NetBT - ok
16:44:18.0593 0188 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
16:44:18.0671 0188 NETw4x32 - ok
16:44:18.0796 0188 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:44:18.0906 0188 NETw5x32 - ok
16:44:18.0937 0188 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:44:18.0937 0188 NIC1394 - ok
16:44:18.0953 0188 Nmea - ok
16:44:18.0984 0188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:44:18.0984 0188 Npfs - ok
16:44:19.0000 0188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:44:19.0000 0188 Ntfs - ok
16:44:19.0031 0188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:44:19.0031 0188 Null - ok
16:44:19.0078 0188 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
16:44:19.0078 0188 NWADI - ok
16:44:19.0109 0188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:44:19.0109 0188 NwlnkFlt - ok
16:44:19.0125 0188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:44:19.0125 0188 NwlnkFwd - ok
16:44:19.0156 0188 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
16:44:19.0171 0188 NWUSBModem - ok
16:44:19.0171 0188 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
16:44:19.0187 0188 NWUSBPort - ok
16:44:19.0187 0188 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
16:44:19.0203 0188 NWUSBPort2 - ok
16:44:19.0218 0188 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:44:19.0234 0188 ohci1394 - ok
16:44:19.0250 0188 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:44:19.0250 0188 Parport - ok
16:44:19.0265 0188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:44:19.0265 0188 PartMgr - ok
16:44:19.0296 0188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:44:19.0296 0188 ParVdm - ok
16:44:19.0312 0188 PCASp50 - ok
16:44:19.0328 0188 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:44:19.0328 0188 PCI - ok
16:44:19.0343 0188 PCIDump - ok
16:44:19.0359 0188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:44:19.0359 0188 PCIIde - ok
16:44:19.0375 0188 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:44:19.0375 0188 Pcmcia - ok
16:44:19.0390 0188 PCTINDIS5 - ok
16:44:19.0406 0188 PDCOMP - ok
16:44:19.0406 0188 PDFRAME - ok
16:44:19.0421 0188 PDRELI - ok
16:44:19.0437 0188 PDRFRAME - ok
16:44:19.0437 0188 perc2 - ok
16:44:19.0453 0188 perc2hib - ok
16:44:19.0500 0188 PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\WINDOWS\System32\drivers\psd.sys
16:44:19.0500 0188 PersonalSecureDrive - ok
16:44:19.0546 0188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:19.0546 0188 PptpMiniport - ok
16:44:19.0578 0188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:19.0578 0188 PSched - ok
16:44:19.0593 0188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:19.0593 0188 Ptilink - ok
16:44:19.0625 0188 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:44:19.0625 0188 PxHelp20 - ok
16:44:19.0640 0188 ql1080 - ok
16:44:19.0640 0188 Ql10wnt - ok
16:44:19.0656 0188 ql12160 - ok
16:44:19.0671 0188 ql1240 - ok
16:44:19.0671 0188 ql1280 - ok
16:44:19.0703 0188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:19.0703 0188 RasAcd - ok
16:44:19.0734 0188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:19.0734 0188 Rasl2tp - ok
16:44:19.0750 0188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:19.0750 0188 RasPppoe - ok
16:44:19.0796 0188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:19.0796 0188 Raspti - ok
16:44:19.0812 0188 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:19.0812 0188 Rdbss - ok
16:44:19.0843 0188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:19.0843 0188 RDPCDD - ok
16:44:19.0890 0188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:19.0890 0188 rdpdr - ok
16:44:19.0937 0188 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:19.0937 0188 RDPWD - ok
16:44:19.0968 0188 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:19.0968 0188 redbook - ok
16:44:20.0062 0188 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:44:20.0062 0188 sdbus - ok
16:44:20.0093 0188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:20.0093 0188 Secdrv - ok
16:44:20.0156 0188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:44:20.0156 0188 serenum - ok
16:44:20.0171 0188 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:44:20.0171 0188 Serial - ok
16:44:20.0203 0188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:20.0203 0188 Sfloppy - ok
16:44:20.0218 0188 Simbad - ok
16:44:20.0265 0188 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:44:20.0265 0188 SLIP - ok
16:44:20.0265 0188 SMR210 - ok
16:44:20.0281 0188 Sparrow - ok
16:44:20.0343 0188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:44:20.0343 0188 splitter - ok
16:44:20.0359 0188 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:44:20.0359 0188 sr - ok
16:44:20.0390 0188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:44:20.0406 0188 Srv - ok
16:44:20.0453 0188 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:44:20.0453 0188 streamip - ok
16:44:20.0484 0188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:44:20.0484 0188 swenum - ok
16:44:20.0515 0188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:44:20.0515 0188 swmidi - ok
16:44:20.0531 0188 symc810 - ok
16:44:20.0546 0188 symc8xx - ok
16:44:20.0546 0188 sym_hi - ok
16:44:20.0562 0188 sym_u3 - ok
16:44:20.0609 0188 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:44:20.0609 0188 SynTP - ok
16:44:20.0640 0188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:44:20.0640 0188 sysaudio - ok
16:44:20.0687 0188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:44:20.0703 0188 Tcpip - ok
16:44:20.0734 0188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:44:20.0734 0188 TDPIPE - ok
16:44:20.0750 0188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:44:20.0750 0188 TDTCP - ok
16:44:20.0781 0188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:44:20.0781 0188 TermDD - ok
16:44:20.0875 0188 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\WINDOWS\system32\drivers\tifm21.sys
16:44:20.0875 0188 tifm21 - ok
16:44:20.0890 0188 TosIde - ok
16:44:20.0937 0188 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
16:44:20.0937 0188 tunmp - ok
16:44:20.0984 0188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:44:20.0984 0188 Udfs - ok
16:44:21.0000 0188 ultra - ok
16:44:21.0046 0188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:44:21.0046 0188 Update - ok
16:44:21.0093 0188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:44:21.0093 0188 USBAAPL - ok
16:44:21.0125 0188 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:44:21.0125 0188 usbaudio - ok
16:44:21.0140 0188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:44:21.0140 0188 usbccgp - ok
16:44:21.0171 0188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:44:21.0187 0188 usbehci - ok
16:44:21.0218 0188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:44:21.0218 0188 usbhub - ok
16:44:21.0250 0188 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:44:21.0250 0188 usbohci - ok
16:44:21.0281 0188 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:44:21.0281 0188 usbscan - ok
16:44:21.0312 0188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:44:21.0312 0188 USBSTOR - ok
16:44:21.0328 0188 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:44:21.0328 0188 usbuhci - ok
16:44:21.0359 0188 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:44:21.0359 0188 usbvideo - ok
16:44:21.0375 0188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:44:21.0375 0188 VgaSave - ok
16:44:21.0390 0188 ViaIde - ok
16:44:21.0421 0188 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:44:21.0421 0188 VolSnap - ok
16:44:21.0453 0188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:44:21.0453 0188 Wanarp - ok
16:44:21.0500 0188 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:44:21.0500 0188 Wdf01000 - ok
16:44:21.0500 0188 WDICA - ok
16:44:21.0546 0188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:44:21.0546 0188 wdmaud - ok
16:44:21.0609 0188 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:44:21.0609 0188 WmiAcpi - ok
16:44:21.0687 0188 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:44:21.0687 0188 WSTCODEC - ok
16:44:21.0734 0188 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:44:21.0734 0188 WudfPf - ok
16:44:21.0765 0188 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:44:21.0781 0188 WudfRd - ok
16:44:21.0828 0188 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:44:21.0937 0188 \Device\Harddisk0\DR0 - ok
16:44:21.0937 0188 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6
16:44:21.0984 0188 \Device\Harddisk1\DR6 - ok
16:44:21.0984 0188 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk2\DR3
16:44:22.0000 0188 \Device\Harddisk2\DR3 - ok
16:44:22.0000 0188 Boot (0x1200) (3c899688db440549033e83afa43376f5) \Device\Harddisk0\DR0\Partition0
16:44:22.0000 0188 \Device\Harddisk0\DR0\Partition0 - ok
16:44:22.0000 0188 Boot (0x1200) (ac8d0031468c418cdbf52e2e16470b9d) \Device\Harddisk1\DR6\Partition0
16:44:22.0000 0188 \Device\Harddisk1\DR6\Partition0 - ok
16:44:22.0015 0188 Boot (0x1200) (1b6d9072a94476583f08881e6e4c9e90) \Device\Harddisk2\DR3\Partition0
16:44:22.0015 0188 \Device\Harddisk2\DR3\Partition0 - ok
16:44:22.0015 0188 ============================================================
16:44:22.0015 0188 Scan finished
16:44:22.0015 0188 ============================================================
16:44:22.0015 4000 Detected object count: 1
16:44:22.0015 4000 Actual detected object count: 1
16:47:54.0437 4000 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
16:47:55.0875 4000 Backup copy found, using it..
16:47:55.0875 4000 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
16:47:57.0375 4000 IPSec ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
16:48:08.0421 1208 Deinitialize success


ComboFix Log:

ComboFix 11-12-19.03 - tfarrell 12/19/2011 16:56:10.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1075 [GMT -7:00]
Running from: c:\documents and settings\tfarrell.LT-0603\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-19 18:08 . 2011-12-19 18:08 -------- d-----w- c:\program files\Support Tools
2011-12-16 02:37 . 2011-12-16 02:37 -------- d-----w- C:\ERDNT
2011-12-14 22:31 . 2011-12-14 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2011-12-14 21:54 . 2011-12-14 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2011-12-14 19:07 . 2011-12-14 19:07 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\ICAClient
2011-12-04 20:36 . 2011-12-04 20:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-04 17:31 . 2011-12-07 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-04 17:31 . 2011-12-04 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\Tific
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\Symantec
2011-12-03 20:17 . 2011-12-03 20:17 -------- d-----w- c:\program files\MSECache
2011-12-03 19:53 . 2011-12-03 20:04 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\NPE
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files\Windows Sidebar
2011-12-03 19:15 . 2011-12-06 22:25 -------- d-----w- c:\program files\SpyBot
2011-12-03 19:12 . 2011-12-03 19:12 388096 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-03 19:12 . 2011-12-03 19:12 -------- d-----w- c:\program files\Trend Micro
2011-12-03 19:11 . 2011-12-03 19:12 1402880 ----a-w- C:\HiJackThis.msi
2011-12-03 18:27 . 2011-12-03 18:27 -------- d--h--w- c:\windows\PIF
2011-12-03 10:11 . 2011-12-02 16:35 116224 ----a-w- c:\windows\system32\5T740.com
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\program files\IObit
2011-12-02 17:13 . 2011-12-02 17:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-02 17:11 . 2011-12-03 11:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-12-02 17:10 . 2011-12-02 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-01 21:08 . 2011-12-01 20:54 751616 ----a-w- C:\roguekiller.exe
2011-12-01 21:02 . 2011-12-01 21:02 -------- d-----w- C:\RK_Quarantine
2011-12-01 20:56 . 2011-12-01 20:56 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Search
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Apple Computer
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Apple Computer
2011-12-01 20:32 . 2011-12-01 20:32 709968 ----a-w- c:\windows\is-BVQM3.exe
2011-12-01 20:32 . 2011-12-01 20:32 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Malwarebytes
2011-12-01 20:31 . 2011-12-01 20:31 -------- d-sh--w- c:\documents and settings\Administrator.LT-0603\IECompatCache
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Identities
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Desktop Search
2011-11-30 23:38 . 2011-11-30 23:38 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\pdfforge
2011-11-30 23:38 . 2004-03-09 08:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-11-30 23:38 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-30 23:38 . 1998-06-24 08:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-11-30 23:38 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-11-29 21:27 . 2011-11-29 21:27 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Bluetooth Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 23:48 . 2006-02-28 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-12 22:12 . 2011-06-05 23:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-27 19:22 . 2011-09-27 19:22 57344 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-09-27 19:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-09-21 22:31 . 2011-09-21 22:31 53248 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_19.03.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 23:50 . 2011-12-19 23:50 16384 c:\windows\Temp\Perflib_Perfdata_bb8.dat
+ 2011-12-19 23:49 . 2011-12-19 23:49 16384 c:\windows\Temp\Perflib_Perfdata_948.dat
- 2004-08-03 23:08 . 2008-04-14 06:15 49408 c:\windows\system32\drivers\stream.sys
+ 2004-08-03 23:08 . 2008-04-14 07:15 49408 c:\windows\system32\drivers\stream.sys
- 2011-02-09 07:28 . 2008-04-14 06:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2011-02-09 07:28 . 2008-04-14 07:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2004-08-03 23:08 . 2008-04-14 07:15 49408 c:\windows\system32\dllcache\stream.sys
- 2004-08-03 23:08 . 2008-04-14 06:15 49408 c:\windows\system32\dllcache\stream.sys
- 2011-02-09 07:28 . 2008-04-14 06:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2011-02-09 07:28 . 2008-04-14 07:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2011-02-09 03:31 . 2011-12-15 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-02-09 03:31 . 2011-12-10 18:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-15 16:29 . 2011-12-15 16:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-02-09 03:26 . 2011-02-09 07:20 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2011-02-09 03:26 . 2011-12-19 18:08 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2011-02-12 00:33 . 2011-12-15 22:16 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-02-11 23:20 . 2011-02-11 23:20 26694 c:\windows\Installer\{27DB209C-57D1-42BE-B547-8867B26FA480}\controlPanelIcon.exe
+ 2011-12-14 21:54 . 2011-12-14 21:54 26694 c:\windows\Installer\{27DB209C-57D1-42BE-B547-8867B26FA480}\controlPanelIcon.exe
+ 2011-02-09 03:26 . 2011-12-19 18:08 4008 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2011-02-12 00:33 . 2011-12-15 22:16 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-12-16 01:10 . 2008-06-20 23:32 663552 c:\windows\system32\ReinstallBackups\0025\DriverFiles\NETw5c32.dll
- 2006-02-28 12:00 . 2011-12-03 20:01 544480 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-12-19 23:54 544480 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-12-19 23:54 103316 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-12-03 20:01 103316 c:\windows\system32\perfc009.dat
- 2011-02-09 07:28 . 2008-04-14 06:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2011-02-09 07:28 . 2008-04-14 07:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-08-03 23:15 . 2008-04-14 07:46 141056 c:\windows\system32\drivers\ks.sys
- 2004-08-03 23:15 . 2008-04-14 06:46 141056 c:\windows\system32\drivers\ks.sys
- 2011-02-09 07:28 . 2008-04-14 06:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2011-02-09 07:28 . 2008-04-14 07:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-03 23:15 . 2008-04-14 07:46 141056 c:\windows\system32\dllcache\ks.sys
- 2004-08-03 23:15 . 2008-04-14 06:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2011-12-19 18:08 . 2011-12-19 18:08 219136 c:\windows\Installer\253893.msi
+ 2011-02-12 00:33 . 2011-12-15 22:16 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-12-16 01:10 . 2008-11-17 21:23 3636864 c:\windows\system32\ReinstallBackups\0025\DriverFiles\NETw5x32.sys
+ 2011-12-16 01:10 . 2008-06-20 23:33 2756608 c:\windows\system32\ReinstallBackups\0025\DriverFiles\NETw5r32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-19 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-26 677144]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-11-24 1660232]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\documents and settings\tfarrell.LT-0603\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Asynchronous]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sqlesw32]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sqlseses]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\0\0]
"Script"=\\dmc-colorado.com\sysvol\dmc-colorado.com\scripts\DSC.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\1\0]
"Script"=MAS_90.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Reminder"=c:\windows\Creator\Remind_XP.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
.
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr --> c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [5/10/2011 8:05 AM 58880]
R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [5/10/2011 8:04 AM 3677616]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/8/2011 9:10 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 8:21 AM 41216]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS --> c:\windows\system32\drivers\SMR210.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [5/10/2011 8:06 AM 77824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 2:26 AM 22176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/15/2010 2:38 PM 174720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46378578
*Deregistered* - 46378578
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc53d7f5ef9036.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc53d7f5fb7bf8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-09-27 c:\windows\Tasks\photostageDowngrade.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-08 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-08 18:23]
.
2011-12-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-12-04 22:31]
.
2011-09-08 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-08 18:22]
.
2011-12-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-08 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://dscmtn4/vc/UltraMJCamX.ocx
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
Notify-}{|·¦w71@Úºÿ
Á - (no file)
SafeBoot-46378578.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 17:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5192)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-19 17:10:40
ComboFix-quarantined-files.txt 2011-12-20 00:10
ComboFix2.txt 2011-12-14 21:03
ComboFix3.txt 2011-12-14 19:10
.
Pre-Run: 18,837,798,912 bytes free
Post-Run: 18,870,661,120 bytes free
.
- - End Of File - - 6F7CB590B31AC229BF990FA151047EF2


Now that it is fixed: How do I protect myself in the future??

Thanks so much for your help. I will make a donation in your name. You rock...

Your welcome. You had a variant of the zero access rootkit. My rootkit disclaimer:

You had a rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

The best source for information on how to do this would be the computer manufacturers website.

Could you check malwarebytes for updates and do a scan with it. Then we can finish it up.

Hi SL.
I had to download malwarebytes. The log is below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 6:14:32 PM
mbam-log-2011-12-19 (18-14-32).txt

Scan type: Quick scan
Objects scanned: 223559
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again...
Happy Holidays

hi,

Just about done, couple things to do: you can remove combofix like this:
start>run and type in:
combofix /uninstall
click ok or enter
note the space after the x and before the /

You can also remove tdsskiller from the desktop.
You can make a new restore point: the why and the how:

One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.



To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.


2. Reboot.


3. Turn ON System Restore.(creates a new restore points on a clean system)

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check *Turn off System Restore*.

Click Apply, and then click OK, then reboot



And last, for your reference:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:


1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes, media players, browser plugins and add-ons. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)


2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.


3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.


4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).


5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.


6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?


7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.


8) Install and understand the *limitations* of a software firewall.


9) The why and how to secure (http://www.cert.org/tech_tips/securing_browser/) your browser for safer surfing.


10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. A file can be named anything, be nothing but malware or have malware bundled in it.
Do you really trust the source?

More info/tips with pictures in links below.

Happy Safe Surfing.