Ping.exe

[livinginmtn]

BTW Webclient is continually "stopping", has that got anything to do with the problem?

[shelf life]

try this fix for the error message
You can transfer it to the computer then run it.

then:
Open the services panel again and right click on Network Location Awareness then properties. startup type set to: manual
Under service status click: start

The Webclient service can be safely stopped, change startup type to disable

reboot and cross fingers

[livinginmtn]

Hi,
Ran everything, even crossed my arms. No go.

SErvice status:
IPSEC won't start same error
RPC Started
RPC Locator Started
TCP/IP Netbios helper started
Disabled Web client

Rebooted several times still no change.

Where do we go from here?

[livinginmtn]

Netwoek Location Awareness set to manual, still won't start has a dependency error 1068.

Of course I ran the Microsoft Fix.

[shelf life]

Looks like we've gone from a simply ping.exe to other problems. You said you ran combofix twice, can you find the first log and post it? Since that was run before all the problems although theres no way combofix disabled all those services. Lets leave the services alone for now.

Go to start and type in: devmgmt.msc
device manager will open. At the top click on view and select; show hidden devices. Click the + Under non-plug and play drivers and see if there are any yellow ! next to anything.
There also another Fix It at the bottom of this page.

Do you have a XP install disk to do a repair of Windows?
Other option would be to uninstall then reinstall your NIC driver which you could get from your laptop vendors website. At this point its still a guess for the solution.

[livinginmtn]

Hi SL,
Here is my update.

Ran devmgmt.msc

IP network Address translator - Yellow
TCP/IP Protocol Driver - Yellow

Ran fix

No change
IP network Address translator - Yellow
TCP/IP Protocol Driver - Yellow

I also had Norton AVG latest version installed and uninstalled it, before this all began. I have read that this product can leave behind registry settings that affect the TCP/IP protocol. Is this possible?

Here is the first combofix text file, I believe

ComboFix 11-12-13.03 - tfarrell 12/14/2011 11:47:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1521 [GMT -7:00]
Running from: c:\documents and settings\tfarrell.LT-0603\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\documents and settings\Administrator.LT-0603\My Documents\winlogon.exe
c:\documents and settings\tfarrell.LT-0603\Desktop\Windows XP Restore.lnk
c:\windows\$NtUninstallKB23442$\1032873474\@
c:\windows\$NtUninstallKB23442$\1032873474\bckfg.tmp
c:\windows\$NtUninstallKB23442$\1032873474\cfg.ini
c:\windows\$NtUninstallKB23442$\1032873474\Desktop.ini
c:\windows\$NtUninstallKB23442$\1032873474\keywords
c:\windows\$NtUninstallKB23442$\1032873474\kwrd.dll
c:\windows\$NtUninstallKB23442$\1032873474\L\ptvvciim
c:\windows\$NtUninstallKB23442$\1032873474\lsflt7.ver
c:\windows\$NtUninstallKB23442$\1032873474\U\00000001.@
c:\windows\$NtUninstallKB23442$\1032873474\U\00000002.@
c:\windows\$NtUninstallKB23442$\1032873474\U\00000004.@
c:\windows\$NtUninstallKB23442$\1032873474\U\80000000.@
c:\windows\$NtUninstallKB23442$\1032873474\U\80000004.@
c:\windows\$NtUninstallKB23442$\1032873474\U\80000032.@
c:\windows\$NtUninstallKB23442$\576646912
c:\windows\CSC\d6
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\system32\6to4v32.dll
c:\windows\system32\certstore.dat
c:\windows\system32\sqlcsw32.dll
c:\windows\system32\sqlesw32.dll
F:\Autorun.inf
c:\windows\$NtUninstallKB23442$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_SqlCSS
-------\Service_SqlCSS
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 18:47 . 2011-12-14 18:47 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\ESET
2011-12-04 20:36 . 2011-12-04 20:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-04 17:31 . 2011-12-07 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-04 17:31 . 2011-12-04 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\Tific
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\Symantec
2011-12-03 20:17 . 2011-12-03 20:17 -------- d-----w- c:\program files\MSECache
2011-12-03 19:53 . 2011-12-03 20:04 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\NPE
2011-12-03 19:52 . 2011-12-03 19:52 -------- d-----w- c:\program files\Norton Power Eraser
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files\Windows Sidebar
2011-12-03 19:15 . 2011-12-06 22:25 -------- d-----w- c:\program files\SpyBot
2011-12-03 19:12 . 2011-12-03 19:12 388096 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-03 19:12 . 2011-12-03 19:12 -------- d-----w- c:\program files\Trend Micro
2011-12-03 19:11 . 2011-12-03 19:12 1402880 ----a-w- C:\HiJackThis.msi
2011-12-03 18:27 . 2011-12-03 18:27 -------- d--h--w- c:\windows\PIF
2011-12-03 10:11 . 2011-12-02 16:35 116224 ----a-w- c:\windows\system32\5T740.com
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\program files\IObit
2011-12-02 17:13 . 2011-12-02 17:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-02 17:11 . 2011-12-03 11:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-12-02 17:10 . 2011-12-02 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-01 21:08 . 2011-12-01 20:54 751616 ----a-w- C:\roguekiller.exe
2011-12-01 21:02 . 2011-12-01 21:02 -------- d-----w- C:\RK_Quarantine
2011-12-01 20:56 . 2011-12-01 20:56 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Search
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Apple Computer
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Apple Computer
2011-12-01 20:32 . 2011-12-01 20:32 709968 ----a-w- c:\windows\is-BVQM3.exe
2011-12-01 20:32 . 2011-12-01 20:32 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Malwarebytes
2011-12-01 20:31 . 2011-12-01 20:31 -------- d-sh--w- c:\documents and settings\Administrator.LT-0603\IECompatCache
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Identities
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Desktop Search
2011-11-30 23:38 . 2011-11-30 23:38 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\pdfforge
2011-11-30 23:38 . 2004-03-09 08:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-11-30 23:38 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-30 23:38 . 1998-06-24 08:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-11-30 23:38 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-11-29 21:27 . 2011-11-29 21:27 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Bluetooth Software
2011-11-19 20:44 . 2011-11-19 20:44 -------- d-----w- c:\program files\File Type Assistant
2011-11-19 20:40 . 2011-11-19 20:41 -------- d-----w- C:\Torrent
2011-11-17 19:21 . 2011-11-20 16:42 -------- d-----w- C:\Vail Resorts
2011-11-15 16:27 . 2011-11-15 16:27 -------- d-----w- C:\e
2011-11-15 00:15 . 2011-11-15 00:15 -------- d-----w- c:\program files\iPod
2011-11-15 00:15 . 2011-11-15 00:16 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 22:12 . 2011-06-05 23:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-27 19:22 . 2011-09-27 19:22 57344 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-09-27 19:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-09-21 22:31 . 2011-09-21 22:31 53248 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-19 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-26 677144]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-11-24 1660232]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\tfarrell.LT-0603\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\0\0]
"Script"=\\dmc-colorado.com\sysvol\dmc-colorado.com\scripts\DSC.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\1\0]
"Script"=MAS_90.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Reminder"=c:\windows\Creator\Remind_XP.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr --> c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [5/10/2011 8:06 AM 77824]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8/12/2010 2:16 PM 810144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/13/2011 2:04 PM 366152]
R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 2:10 PM 82944]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/8/2011 9:10 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 8:21 AM 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 2:04 PM 22216]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS --> c:\windows\system32\drivers\SMR210.SYS [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/3/2010 1:28 PM 95896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [5/10/2011 8:05 AM 58880]
S2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
S2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
S2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [5/10/2011 8:04 AM 3677616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 2:26 AM 22176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/15/2010 2:38 PM 174720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc53d7f5ef9036.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc53d7f5fb7bf8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-09-27 c:\windows\Tasks\photostageDowngrade.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-08 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-08 18:23]
.
2011-12-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-12-04 22:31]
.
2011-09-08 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-08 18:22]
.
2011-12-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-08 18:22]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://dscmtn4/vc/UltraMJCamX.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-Asynchronous - sqlesw32.dll
Notify-sqlesw32 - sqlesw32.dll
Notify-Sqlseses - sqlesw32.dll
Notify-}{|·¦w71@Úºÿ
Á - sqlesw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-14 12:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST910021 rev.3.12 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF72D3864
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\coldfusion9\solr\solr.exe
c:\coldfusion9\runtime\jre\bin\java.exe
c:\coldfusion9\jnbridge\JNBDotNetSide.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Sprint\Sprint SmartView\RcAppSvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Sprint\Sprint SmartView\bmctl.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-12-14 12:10:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-14 19:09
.
Pre-Run: 15,152,128,000 bytes free
Post-Run: 18,644,815,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 46F615E97AF6CDADD8B94304147A9FBF

[shelf life]

Thanks for the info. Can you get a copy of Tdsskiller and transfer it to your computer. Its small and will fit easily on a USB flash drive for transfer.

Theres no way Norton or AVG would have done all that damage to the tcp/ip stack. Its the result of a rootkit.

Please download TDSS Killer.exe and save it to your desktop

Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)

Please post the log report

After you run tdsskiller please run combofix one more time and post its log.

[livinginmtn]

Yay, SL... Home run. this is sent from my laptop....

TDSKiller Log:

16:43:59.0671 0224 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:43:59.0687 0224 ============================================================
16:43:59.0687 0224 Current date / time: 2011/12/19 16:43:59.0687
16:43:59.0687 0224 SystemInfo:
16:43:59.0687 0224
16:43:59.0687 0224 OS Version: 5.1.2600 ServicePack: 3.0
16:43:59.0687 0224 Product type: Workstation
16:43:59.0687 0224 ComputerName: LT-0603
16:43:59.0687 0224 UserName: tfarrell
16:43:59.0687 0224 Windows directory: C:\WINDOWS
16:43:59.0687 0224 System windows directory: C:\WINDOWS
16:43:59.0687 0224 Processor architecture: Intel x86
16:43:59.0687 0224 Number of processors: 2
16:43:59.0687 0224 Page size: 0x1000
16:43:59.0687 0224 Boot type: Normal boot
16:43:59.0687 0224 ============================================================
16:44:03.0968 0224 Initialize success
16:44:14.0296 0188 ============================================================
16:44:14.0296 0188 Scan started
16:44:14.0296 0188 Mode: Manual;
16:44:14.0296 0188 ============================================================
16:44:14.0546 0188 Abiosdsk - ok
16:44:14.0593 0188 abp480n5 - ok
16:44:14.0640 0188 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
16:44:14.0640 0188 Accelerometer - ok
16:44:14.0671 0188 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:14.0671 0188 ACPI - ok
16:44:14.0703 0188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:44:14.0703 0188 ACPIEC - ok
16:44:14.0734 0188 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:44:14.0734 0188 ADIHdAudAddService - ok
16:44:14.0750 0188 adpu160m - ok
16:44:14.0781 0188 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
16:44:14.0781 0188 AEAudio - ok
16:44:14.0796 0188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:44:14.0796 0188 aec - ok
16:44:14.0843 0188 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:44:14.0843 0188 AFD - ok
16:44:14.0890 0188 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:44:14.0953 0188 AgereSoftModem - ok
16:44:14.0968 0188 Aha154x - ok
16:44:14.0984 0188 aic78u2 - ok
16:44:15.0000 0188 aic78xx - ok
16:44:15.0015 0188 AliIde - ok
16:44:15.0015 0188 amsint - ok
16:44:15.0046 0188 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:44:15.0046 0188 Arp1394 - ok
16:44:15.0062 0188 asc - ok
16:44:15.0078 0188 asc3350p - ok
16:44:15.0078 0188 asc3550 - ok
16:44:15.0125 0188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:15.0125 0188 AsyncMac - ok
16:44:15.0156 0188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:15.0156 0188 atapi - ok
16:44:15.0156 0188 Atdisk - ok
16:44:15.0312 0188 ati2mtag (79e69e18960e8013840af2681c5e77ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:44:15.0343 0188 ati2mtag - ok
16:44:15.0375 0188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:15.0375 0188 Atmarpc - ok
16:44:15.0406 0188 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
16:44:15.0406 0188 ATSWPDRV - ok
16:44:15.0468 0188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:15.0468 0188 audstub - ok
16:44:15.0484 0188 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:44:15.0484 0188 b57w2k - ok
16:44:15.0515 0188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:44:15.0515 0188 Beep - ok
16:44:15.0562 0188 btaudio (df74d51ba41ad84d72b2cb844337d3ed) C:\WINDOWS\system32\drivers\btaudio.sys
16:44:15.0578 0188 btaudio - ok
16:44:15.0609 0188 BTDriver (048f90a830e4dfbe050ea9f4c9f98ae3) C:\WINDOWS\system32\DRIVERS\btport.sys
16:44:15.0609 0188 BTDriver - ok
16:44:15.0687 0188 BTKRNL (6b6ad8cbf3984c3b39d4d06c38f52010) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
16:44:15.0703 0188 BTKRNL - ok
16:44:15.0718 0188 BTWDNDIS (8aa19a3c1cbdfeef118f0e4ef874a8a7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
16:44:15.0718 0188 BTWDNDIS - ok
16:44:15.0765 0188 BTWUSB (00c8988da469e4ac087539bd77420123) C:\WINDOWS\system32\Drivers\btwusb.sys
16:44:15.0765 0188 BTWUSB - ok
16:44:15.0843 0188 catchme - ok
16:44:15.0875 0188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:15.0875 0188 cbidf2k - ok
16:44:15.0906 0188 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:44:15.0906 0188 CCDECODE - ok
16:44:15.0921 0188 cd20xrnt - ok
16:44:15.0968 0188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:15.0968 0188 Cdaudio - ok
16:44:16.0000 0188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:16.0000 0188 Cdfs - ok
16:44:16.0031 0188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:16.0031 0188 Cdrom - ok
16:44:16.0046 0188 Changer - ok
16:44:16.0078 0188 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:44:16.0078 0188 CmBatt - ok
16:44:16.0093 0188 CmdIde - ok
16:44:16.0109 0188 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:44:16.0109 0188 Compbatt - ok
16:44:16.0140 0188 CompFilter (bc6b87086ff0d99f87fe8af9a919a1e7) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
16:44:16.0156 0188 CompFilter - ok
16:44:16.0171 0188 Cpqarray - ok
16:44:16.0171 0188 dac2w2k - ok
16:44:16.0187 0188 dac960nt - ok
16:44:16.0203 0188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:16.0203 0188 Disk - ok
16:44:16.0250 0188 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:44:16.0265 0188 dmboot - ok
16:44:16.0281 0188 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:44:16.0281 0188 dmio - ok
16:44:16.0296 0188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:44:16.0296 0188 dmload - ok
16:44:16.0328 0188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:44:16.0328 0188 DMusic - ok
16:44:16.0343 0188 dpti2o - ok
16:44:16.0375 0188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:44:16.0375 0188 drmkaud - ok
16:44:16.0406 0188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:44:16.0406 0188 Fastfat - ok
16:44:16.0421 0188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:44:16.0421 0188 Fdc - ok
16:44:16.0437 0188 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:44:16.0437 0188 Fips - ok
16:44:16.0453 0188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:44:16.0453 0188 Flpydisk - ok
16:44:16.0500 0188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:44:16.0500 0188 FltMgr - ok
16:44:16.0515 0188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:44:16.0515 0188 Fs_Rec - ok
16:44:16.0515 0188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:44:16.0531 0188 Ftdisk - ok
16:44:16.0562 0188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:44:16.0562 0188 GEARAspiWDM - ok
16:44:16.0593 0188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:44:16.0593 0188 Gpc - ok
16:44:16.0625 0188 GTIPCI21 (cea72ac01892b12514d15e21ef1bc75d) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
16:44:16.0640 0188 GTIPCI21 - ok
16:44:16.0671 0188 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
16:44:16.0671 0188 HBtnKey - ok
16:44:16.0703 0188 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:44:16.0703 0188 HDAudBus - ok
16:44:16.0750 0188 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:44:16.0750 0188 HidUsb - ok
16:44:16.0781 0188 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
16:44:16.0781 0188 hpdskflt - ok
16:44:16.0796 0188 hpn - ok
16:44:16.0828 0188 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
16:44:16.0828 0188 HpqKbFiltr - ok
16:44:16.0875 0188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:44:16.0875 0188 HTTP - ok
16:44:16.0890 0188 i2omgmt - ok
16:44:16.0906 0188 i2omp - ok
16:44:16.0953 0188 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:44:16.0953 0188 i8042prt - ok
16:44:16.0984 0188 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
16:44:16.0984 0188 iaStor - ok
16:44:17.0031 0188 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
16:44:17.0031 0188 IFXTPM - ok
16:44:17.0078 0188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:44:17.0078 0188 Imapi - ok
16:44:17.0093 0188 ini910u - ok
16:44:17.0109 0188 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:44:17.0109 0188 IntelIde - ok
16:44:17.0140 0188 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:44:17.0140 0188 intelppm - ok
16:44:17.0156 0188 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:44:17.0156 0188 Ip6Fw - ok
16:44:17.0187 0188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:44:17.0187 0188 IpFilterDriver - ok
16:44:17.0218 0188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:44:17.0218 0188 IpInIp - ok
16:44:17.0234 0188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:44:17.0234 0188 IpNat - ok
16:44:17.0265 0188 IPSec (e13efecc2bd6718f9c4f6a7468ada1ff) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:44:17.0265 0188 IPSec ( Rootkit.Win32.ZAccess.k ) - infected
16:44:17.0265 0188 IPSec - detected Rootkit.Win32.ZAccess.k (0)
16:44:17.0281 0188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:44:17.0281 0188 IRENUM - ok
16:44:17.0312 0188 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:44:17.0312 0188 isapnp - ok
16:44:17.0328 0188 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:44:17.0328 0188 Kbdclass - ok
16:44:17.0343 0188 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:44:17.0343 0188 kbdhid - ok
16:44:17.0375 0188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:44:17.0375 0188 kmixer - ok
16:44:17.0421 0188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:44:17.0421 0188 KSecDD - ok
16:44:17.0437 0188 lbrtfdc - ok
16:44:17.0484 0188 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:44:17.0500 0188 LVRS - ok
16:44:17.0656 0188 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:44:17.0781 0188 LVUVC - ok
16:44:17.0796 0188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:44:17.0796 0188 mnmdd - ok
16:44:17.0843 0188 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:44:17.0843 0188 Modem - ok
16:44:17.0875 0188 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:44:17.0875 0188 Mouclass - ok
16:44:17.0906 0188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:44:17.0906 0188 mouhid - ok
16:44:17.0937 0188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:44:17.0937 0188 MountMgr - ok
16:44:17.0953 0188 mraid35x - ok
16:44:17.0968 0188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:44:17.0968 0188 MRxDAV - ok
16:44:18.0000 0188 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:44:18.0031 0188 MRxSmb - ok
16:44:18.0062 0188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:44:18.0062 0188 Msfs - ok
16:44:18.0109 0188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:44:18.0109 0188 MSKSSRV - ok
16:44:18.0140 0188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:44:18.0140 0188 MSPCLOCK - ok
16:44:18.0156 0188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:44:18.0156 0188 MSPQM - ok
16:44:18.0187 0188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:44:18.0187 0188 mssmbios - ok
16:44:18.0218 0188 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:44:18.0234 0188 MSTEE - ok
16:44:18.0265 0188 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:44:18.0265 0188 Mup - ok
16:44:18.0296 0188 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:44:18.0296 0188 NABTSFEC - ok
16:44:18.0343 0188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:44:18.0343 0188 NDIS - ok
16:44:18.0375 0188 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:44:18.0375 0188 NdisIP - ok
16:44:18.0390 0188 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:44:18.0390 0188 NdisTapi - ok
16:44:18.0406 0188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:44:18.0406 0188 Ndisuio - ok
16:44:18.0421 0188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:44:18.0421 0188 NdisWan - ok
16:44:18.0453 0188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:44:18.0453 0188 NDProxy - ok
16:44:18.0468 0188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:44:18.0468 0188 NetBIOS - ok
16:44:18.0484 0188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:44:18.0500 0188 NetBT - ok
16:44:18.0593 0188 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
16:44:18.0671 0188 NETw4x32 - ok
16:44:18.0796 0188 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
16:44:18.0906 0188 NETw5x32 - ok
16:44:18.0937 0188 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:44:18.0937 0188 NIC1394 - ok
16:44:18.0953 0188 Nmea - ok
16:44:18.0984 0188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:44:18.0984 0188 Npfs - ok
16:44:19.0000 0188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:44:19.0000 0188 Ntfs - ok
16:44:19.0031 0188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:44:19.0031 0188 Null - ok
16:44:19.0078 0188 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
16:44:19.0078 0188 NWADI - ok
16:44:19.0109 0188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:44:19.0109 0188 NwlnkFlt - ok
16:44:19.0125 0188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:44:19.0125 0188 NwlnkFwd - ok
16:44:19.0156 0188 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
16:44:19.0171 0188 NWUSBModem - ok
16:44:19.0171 0188 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
16:44:19.0187 0188 NWUSBPort - ok
16:44:19.0187 0188 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
16:44:19.0203 0188 NWUSBPort2 - ok
16:44:19.0218 0188 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:44:19.0234 0188 ohci1394 - ok
16:44:19.0250 0188 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:44:19.0250 0188 Parport - ok
16:44:19.0265 0188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:44:19.0265 0188 PartMgr - ok
16:44:19.0296 0188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:44:19.0296 0188 ParVdm - ok
16:44:19.0312 0188 PCASp50 - ok
16:44:19.0328 0188 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:44:19.0328 0188 PCI - ok
16:44:19.0343 0188 PCIDump - ok
16:44:19.0359 0188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:44:19.0359 0188 PCIIde - ok
16:44:19.0375 0188 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:44:19.0375 0188 Pcmcia - ok
16:44:19.0390 0188 PCTINDIS5 - ok
16:44:19.0406 0188 PDCOMP - ok
16:44:19.0406 0188 PDFRAME - ok
16:44:19.0421 0188 PDRELI - ok
16:44:19.0437 0188 PDRFRAME - ok
16:44:19.0437 0188 perc2 - ok
16:44:19.0453 0188 perc2hib - ok
16:44:19.0500 0188 PersonalSecureDrive (f21b077b1fba7aa331fa1087078d92e8) C:\WINDOWS\System32\drivers\psd.sys
16:44:19.0500 0188 PersonalSecureDrive - ok
16:44:19.0546 0188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:19.0546 0188 PptpMiniport - ok
16:44:19.0578 0188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:19.0578 0188 PSched - ok
16:44:19.0593 0188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:19.0593 0188 Ptilink - ok
16:44:19.0625 0188 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:44:19.0625 0188 PxHelp20 - ok
16:44:19.0640 0188 ql1080 - ok
16:44:19.0640 0188 Ql10wnt - ok
16:44:19.0656 0188 ql12160 - ok
16:44:19.0671 0188 ql1240 - ok
16:44:19.0671 0188 ql1280 - ok
16:44:19.0703 0188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:19.0703 0188 RasAcd - ok
16:44:19.0734 0188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:19.0734 0188 Rasl2tp - ok
16:44:19.0750 0188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:19.0750 0188 RasPppoe - ok
16:44:19.0796 0188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:19.0796 0188 Raspti - ok
16:44:19.0812 0188 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:19.0812 0188 Rdbss - ok
16:44:19.0843 0188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:19.0843 0188 RDPCDD - ok
16:44:19.0890 0188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:19.0890 0188 rdpdr - ok
16:44:19.0937 0188 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:19.0937 0188 RDPWD - ok
16:44:19.0968 0188 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:19.0968 0188 redbook - ok
16:44:20.0062 0188 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:44:20.0062 0188 sdbus - ok
16:44:20.0093 0188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:20.0093 0188 Secdrv - ok
16:44:20.0156 0188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:44:20.0156 0188 serenum - ok
16:44:20.0171 0188 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:44:20.0171 0188 Serial - ok
16:44:20.0203 0188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:20.0203 0188 Sfloppy - ok
16:44:20.0218 0188 Simbad - ok
16:44:20.0265 0188 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:44:20.0265 0188 SLIP - ok
16:44:20.0265 0188 SMR210 - ok
16:44:20.0281 0188 Sparrow - ok
16:44:20.0343 0188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:44:20.0343 0188 splitter - ok
16:44:20.0359 0188 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:44:20.0359 0188 sr - ok
16:44:20.0390 0188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:44:20.0406 0188 Srv - ok
16:44:20.0453 0188 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:44:20.0453 0188 streamip - ok
16:44:20.0484 0188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:44:20.0484 0188 swenum - ok
16:44:20.0515 0188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:44:20.0515 0188 swmidi - ok
16:44:20.0531 0188 symc810 - ok
16:44:20.0546 0188 symc8xx - ok
16:44:20.0546 0188 sym_hi - ok
16:44:20.0562 0188 sym_u3 - ok
16:44:20.0609 0188 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:44:20.0609 0188 SynTP - ok
16:44:20.0640 0188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:44:20.0640 0188 sysaudio - ok
16:44:20.0687 0188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:44:20.0703 0188 Tcpip - ok
16:44:20.0734 0188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:44:20.0734 0188 TDPIPE - ok
16:44:20.0750 0188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:44:20.0750 0188 TDTCP - ok
16:44:20.0781 0188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:44:20.0781 0188 TermDD - ok
16:44:20.0875 0188 tifm21 (c424f991494e5674f2e9b3cf9f5f55d1) C:\WINDOWS\system32\drivers\tifm21.sys
16:44:20.0875 0188 tifm21 - ok
16:44:20.0890 0188 TosIde - ok
16:44:20.0937 0188 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
16:44:20.0937 0188 tunmp - ok
16:44:20.0984 0188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:44:20.0984 0188 Udfs - ok
16:44:21.0000 0188 ultra - ok
16:44:21.0046 0188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:44:21.0046 0188 Update - ok
16:44:21.0093 0188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:44:21.0093 0188 USBAAPL - ok
16:44:21.0125 0188 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:44:21.0125 0188 usbaudio - ok
16:44:21.0140 0188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:44:21.0140 0188 usbccgp - ok
16:44:21.0171 0188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:44:21.0187 0188 usbehci - ok
16:44:21.0218 0188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:44:21.0218 0188 usbhub - ok
16:44:21.0250 0188 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:44:21.0250 0188 usbohci - ok
16:44:21.0281 0188 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:44:21.0281 0188 usbscan - ok
16:44:21.0312 0188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:44:21.0312 0188 USBSTOR - ok
16:44:21.0328 0188 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:44:21.0328 0188 usbuhci - ok
16:44:21.0359 0188 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
16:44:21.0359 0188 usbvideo - ok
16:44:21.0375 0188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:44:21.0375 0188 VgaSave - ok
16:44:21.0390 0188 ViaIde - ok
16:44:21.0421 0188 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:44:21.0421 0188 VolSnap - ok
16:44:21.0453 0188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:44:21.0453 0188 Wanarp - ok
16:44:21.0500 0188 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:44:21.0500 0188 Wdf01000 - ok
16:44:21.0500 0188 WDICA - ok
16:44:21.0546 0188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:44:21.0546 0188 wdmaud - ok
16:44:21.0609 0188 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:44:21.0609 0188 WmiAcpi - ok
16:44:21.0687 0188 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:44:21.0687 0188 WSTCODEC - ok
16:44:21.0734 0188 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:44:21.0734 0188 WudfPf - ok
16:44:21.0765 0188 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:44:21.0781 0188 WudfRd - ok
16:44:21.0828 0188 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:44:21.0937 0188 \Device\Harddisk0\DR0 - ok
16:44:21.0937 0188 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR6
16:44:21.0984 0188 \Device\Harddisk1\DR6 - ok
16:44:21.0984 0188 MBR (0x1B8) (feffdedea77250a6fcd92c304b49ace2) \Device\Harddisk2\DR3
16:44:22.0000 0188 \Device\Harddisk2\DR3 - ok
16:44:22.0000 0188 Boot (0x1200) (3c899688db440549033e83afa43376f5) \Device\Harddisk0\DR0\Partition0
16:44:22.0000 0188 \Device\Harddisk0\DR0\Partition0 - ok
16:44:22.0000 0188 Boot (0x1200) (ac8d0031468c418cdbf52e2e16470b9d) \Device\Harddisk1\DR6\Partition0
16:44:22.0000 0188 \Device\Harddisk1\DR6\Partition0 - ok
16:44:22.0015 0188 Boot (0x1200) (1b6d9072a94476583f08881e6e4c9e90) \Device\Harddisk2\DR3\Partition0
16:44:22.0015 0188 \Device\Harddisk2\DR3\Partition0 - ok
16:44:22.0015 0188 ============================================================
16:44:22.0015 0188 Scan finished
16:44:22.0015 0188 ============================================================
16:44:22.0015 4000 Detected object count: 1
16:44:22.0015 4000 Actual detected object count: 1
16:47:54.0437 4000 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
16:47:55.0875 4000 Backup copy found, using it..
16:47:55.0875 4000 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
16:47:57.0375 4000 IPSec ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
16:48:08.0421 1208 Deinitialize success


ComboFix Log:

ComboFix 11-12-19.03 - tfarrell 12/19/2011 16:56:10.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1075 [GMT -7:00]
Running from: c:\documents and settings\tfarrell.LT-0603\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-19 18:08 . 2011-12-19 18:08 -------- d-----w- c:\program files\Support Tools
2011-12-16 02:37 . 2011-12-16 02:37 -------- d-----w- C:\ERDNT
2011-12-14 22:31 . 2011-12-14 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2011-12-14 21:54 . 2011-12-14 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
2011-12-14 19:07 . 2011-12-14 19:07 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\ICAClient
2011-12-04 20:36 . 2011-12-04 20:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-12-04 17:31 . 2011-12-07 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-04 17:31 . 2011-12-04 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\Tific
2011-12-03 23:57 . 2011-12-03 23:57 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\Symantec
2011-12-03 20:17 . 2011-12-03 20:17 -------- d-----w- c:\program files\MSECache
2011-12-03 19:53 . 2011-12-03 20:04 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Local Settings\Application Data\NPE
2011-12-03 19:19 . 2011-12-03 19:19 -------- d-----w- c:\program files\Windows Sidebar
2011-12-03 19:15 . 2011-12-06 22:25 -------- d-----w- c:\program files\SpyBot
2011-12-03 19:12 . 2011-12-03 19:12 388096 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-03 19:12 . 2011-12-03 19:12 -------- d-----w- c:\program files\Trend Micro
2011-12-03 19:11 . 2011-12-03 19:12 1402880 ----a-w- C:\HiJackThis.msi
2011-12-03 18:27 . 2011-12-03 18:27 -------- d--h--w- c:\windows\PIF
2011-12-03 10:11 . 2011-12-02 16:35 116224 ----a-w- c:\windows\system32\5T740.com
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-12-03 07:39 . 2011-12-03 07:39 -------- d-----w- c:\program files\IObit
2011-12-02 17:13 . 2011-12-02 17:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-12-02 17:11 . 2011-12-03 11:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-12-02 17:10 . 2011-12-02 17:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-12-01 21:08 . 2011-12-01 20:54 751616 ----a-w- C:\roguekiller.exe
2011-12-01 21:02 . 2011-12-01 21:02 -------- d-----w- C:\RK_Quarantine
2011-12-01 20:56 . 2011-12-01 20:56 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Search
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Apple Computer
2011-12-01 20:40 . 2011-12-01 20:40 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Apple Computer
2011-12-01 20:32 . 2011-12-01 20:32 709968 ----a-w- c:\windows\is-BVQM3.exe
2011-12-01 20:32 . 2011-12-01 20:32 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Malwarebytes
2011-12-01 20:31 . 2011-12-01 20:31 -------- d-sh--w- c:\documents and settings\Administrator.LT-0603\IECompatCache
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Local Settings\Application Data\Identities
2011-12-01 20:29 . 2011-12-01 20:29 -------- d-----w- c:\documents and settings\Administrator.LT-0603\Application Data\Windows Desktop Search
2011-11-30 23:38 . 2011-11-30 23:38 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Application Data\pdfforge
2011-11-30 23:38 . 2004-03-09 08:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-11-30 23:38 . 2001-10-29 00:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-11-30 23:38 . 1998-06-24 08:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-11-30 23:38 . 1998-07-06 08:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-11-29 21:27 . 2011-11-29 21:27 -------- d-----w- c:\documents and settings\tfarrell.LT-0603\Bluetooth Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 23:48 . 2006-02-28 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-12 22:12 . 2011-06-05 23:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-09-27 19:22 . 2011-09-27 19:22 57344 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-09-27 19:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2011-09-21 22:31 . 2011-09-21 22:31 53248 ----a-r- c:\documents and settings\tfarrell.LT-0603\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_19.03.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-19 23:50 . 2011-12-19 23:50 16384 c:\windows\Temp\Perflib_Perfdata_bb8.dat
+ 2011-12-19 23:49 . 2011-12-19 23:49 16384 c:\windows\Temp\Perflib_Perfdata_948.dat
- 2004-08-03 23:08 . 2008-04-14 06:15 49408 c:\windows\system32\drivers\stream.sys
+ 2004-08-03 23:08 . 2008-04-14 07:15 49408 c:\windows\system32\drivers\stream.sys
- 2011-02-09 07:28 . 2008-04-14 06:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2011-02-09 07:28 . 2008-04-14 07:15 60160 c:\windows\system32\drivers\drmk.sys
+ 2004-08-03 23:08 . 2008-04-14 07:15 49408 c:\windows\system32\dllcache\stream.sys
- 2004-08-03 23:08 . 2008-04-14 06:15 49408 c:\windows\system32\dllcache\stream.sys
- 2011-02-09 07:28 . 2008-04-14 06:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2011-02-09 07:28 . 2008-04-14 07:15 60160 c:\windows\system32\dllcache\drmk.sys
+ 2011-02-09 03:31 . 2011-12-15 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-02-09 03:31 . 2011-12-10 18:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-15 16:29 . 2011-12-15 16:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-02-09 03:26 . 2011-02-09 07:20 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2011-02-09 03:26 . 2011-12-19 18:08 86327 c:\windows\pchealth\helpctr\OfflineCache\index.dat
+ 2011-02-12 00:33 . 2011-12-15 22:16 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 90112 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 45056 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 22528 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 30720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 16384 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 34304 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2011-02-11 23:20 . 2011-02-11 23:20 26694 c:\windows\Installer\{27DB209C-57D1-42BE-B547-8867B26FA480}\controlPanelIcon.exe
+ 2011-12-14 21:54 . 2011-12-14 21:54 26694 c:\windows\Installer\{27DB209C-57D1-42BE-B547-8867B26FA480}\controlPanelIcon.exe
+ 2011-02-09 03:26 . 2011-12-19 18:08 4008 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2011-02-12 00:33 . 2011-12-15 22:16 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 3584 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 8192 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 2560 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2011-12-16 01:10 . 2008-06-20 23:32 663552 c:\windows\system32\ReinstallBackups\0025\DriverFiles\NETw5c32.dll
- 2006-02-28 12:00 . 2011-12-03 20:01 544480 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-12-19 23:54 544480 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2011-12-19 23:54 103316 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-12-03 20:01 103316 c:\windows\system32\perfc009.dat
- 2011-02-09 07:28 . 2008-04-14 06:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2011-02-09 07:28 . 2008-04-14 07:49 146048 c:\windows\system32\drivers\portcls.sys
+ 2004-08-03 23:15 . 2008-04-14 07:46 141056 c:\windows\system32\drivers\ks.sys
- 2004-08-03 23:15 . 2008-04-14 06:46 141056 c:\windows\system32\drivers\ks.sys
- 2011-02-09 07:28 . 2008-04-14 06:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2011-02-09 07:28 . 2008-04-14 07:49 146048 c:\windows\system32\dllcache\portcls.sys
+ 2004-08-03 23:15 . 2008-04-14 07:46 141056 c:\windows\system32\dllcache\ks.sys
- 2004-08-03 23:15 . 2008-04-14 06:46 141056 c:\windows\system32\dllcache\ks.sys
+ 2011-12-19 18:08 . 2011-12-19 18:08 219136 c:\windows\Installer\253893.msi
+ 2011-02-12 00:33 . 2011-12-15 22:16 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 114688 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2011-02-12 00:33 . 2011-12-15 22:16 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2011-02-12 00:33 . 2011-09-09 19:45 167936 c:\windows\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2011-12-16 01:10 . 2008-11-17 21:23 3636864 c:\windows\system32\ReinstallBackups\0025\DriverFiles\NETw5x32.sys
+ 2011-12-16 01:10 . 2008-06-20 23:33 2756608 c:\windows\system32\ReinstallBackups\0025\DriverFiles\NETw5r32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-19 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-26 677144]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-11-24 1660232]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\documents and settings\tfarrell.LT-0603\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-8-8 977408]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office 2010\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Asynchronous]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sqlesw32]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sqlseses]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\0\0]
"Script"=\\dmc-colorado.com\sysvol\dmc-colorado.com\scripts\DSC.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1482476501-2049760794-682003330-1202\Scripts\Logon\1\0]
"Script"=MAS_90.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cpqset"=c:\program files\HPQ\Default Settings\cpqset.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Reminder"=c:\windows\Creator\Remind_XP.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
.
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R2 CF9Solr;ColdFusion 9 Solr Service;c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr --> c:\coldfusion9\solr\solr.exe -zglaxservice CF9Solr [?]
R2 ColdFusion 9 Application Server;ColdFusion 9 Application Server;c:\coldfusion9\runtime\bin\jrunsvc.exe [5/10/2011 8:05 AM 58880]
R2 ColdFusion 9 ODBC Agent;ColdFusion 9 ODBC Agent;c:\coldfusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent" --> c:\coldfusion9\db\slserver54\bin\swagent.exe ColdFusion 9 ODBC Agent [?]
R2 ColdFusion 9 ODBC Server;ColdFusion 9 ODBC Server;c:\coldfusion9\db\slserver54\bin\swstrtr.exe "ColdFusion 9 ODBC Server" --> c:\coldfusion9\db\slserver54\bin\swstrtr.exe ColdFusion 9 ODBC Server [?]
R2 ColdFusion 9 Search Server;ColdFusion 9 Search Server;c:\coldfusion9\verity\k2\_nti40\bin\k2admin.exe [5/10/2011 8:04 AM 3677616]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/8/2011 9:10 PM 97280]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/24/2007 8:21 AM 41216]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\system32\drivers\SMR210.SYS --> c:\windows\system32\drivers\SMR210.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 ColdFusion 9 .NET Service;ColdFusion 9 .NET Service;c:\coldfusion9\jnbridge\CFDotNetsvc.exe [5/10/2011 8:06 AM 77824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [8/19/2011 2:26 AM 22176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2011 9:29 AM 136176]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [12/15/2010 2:38 PM 174720]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46378578
*Deregistered* - 46378578
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 23:57]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc53d7f5ef9036.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc53d7f5fb7bf8.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 16:29]
.
2011-09-27 c:\windows\Tasks\photostageDowngrade.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-27 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-09-08 18:23]
.
2011-09-08 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-09-08 18:23]
.
2011-12-13 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-12-04 22:31]
.
2011-09-08 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-09-08 18:22]
.
2011-12-02 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-09-08 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mWindow Title =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://dscmtn4/vc/UltraMJCamX.ocx
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
Notify-}{|·¦w71@Úºÿ
Á - (no file)
SafeBoot-46378578.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 17:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,df,2a,61,69,74,e4,4e,8f,e0,23,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,a2,c5,da,08,ec,48,45,bd,bd,a4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5192)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-19 17:10:40
ComboFix-quarantined-files.txt 2011-12-20 00:10
ComboFix2.txt 2011-12-14 21:03
ComboFix3.txt 2011-12-14 19:10
.
Pre-Run: 18,837,798,912 bytes free
Post-Run: 18,870,661,120 bytes free
.
- - End Of File - - 6F7CB590B31AC229BF990FA151047EF2


Now that it is fixed: How do I protect myself in the future??

Thanks so much for your help. I will make a donation in your name. You rock...

[shelf life]

Your welcome. You had a variant of the zero access rootkit. My rootkit disclaimer:

You had a rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

The best source for information on how to do this would be the computer manufacturers website.

Could you check malwarebytes for updates and do a scan with it. Then we can finish it up.

[livinginmtn]

Hi SL.
I had to download malwarebytes. The log is below:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 6:14:32 PM
mbam-log-2011-12-19 (18-14-32).txt

Scan type: Quick scan
Objects scanned: 223559
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again...
Happy Holidays