Jump to content

sconrad308

Members
  • Content Count

    22
  • Joined

  • Last visited

About sconrad308

  • Rank
    Member
  • Birthday 03/08/1973

Profile Information

  • Gender
    Male

Previous Fields

  • Teams:
    Nothing Selected
  1. I've installed both of those and an anti-redirector. I've also gotten rid of Microsoft Security Essentials and have installed the COMODO Internet Security. It includes for FREE an Anti-virus, anti-malware and firewall. It also has a defender program as well. So far I like it really well. Hopefully with all of these changes I won't get hijacked again. Once is to often. Thanks again for your assistance.
  2. Thanks again for your help on this matter. Last night I had already Installed Comodo Firewall. It did not like the uninstall process of ComboFix, but it did it. lol. I took care of the other things that said to do as well. I was also going to install the Comodo Anti-Virus and BHO process, instead of running Microsoft Security Essentials, but they aren't installing for some reason. Something about needing "Internet Security 4.0 or something like that. I'll get on their forum and see what they can do for me. I have also installed Comodo Verification Engine and WOT on Firefox. Is there any changes you would recommend for me to make to Firefox for security.
  3. The ESET scan I could not copy, it came up with no threats though.
  4. DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 17:19:58.92 on Tue 06/22/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.251 [GMT -4:00] AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Admin\Desktop\Downloads\dds.scr ============== Pseudo HJT Report =============== TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697 DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {66658DB4-57F6-41BD-8809-5E2C5801BB7D} = 198.153.192.1,198.153.194.1 Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\mxakhnew.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\mxakhnew.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040] R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [2008-10-27 266496] R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [2008-10-27 107904] R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [2008-10-27 21888] S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-16 291328] S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-16 244608] S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-5-16 16512] S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [2008-10-27 52864] S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\system~1\mailscan.sys --> c:\progra~1\avanqu~1\system~1\MailScan.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-14 27064] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2010-06-22 19:06:11 0 d-----w- c:\program files\ESET 2010-06-22 19:02:19 0 d-sh--w- c:\documents and settings\admin\PrivacIE 2010-06-17 16:15:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop 2010-06-17 16:01:45 0 d-----w- c:\program files\PCPitstop 2010-06-17 04:04:56 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-06-17 04:03:32 0 d-----w- c:\program files\Registrar Registry Manager 2010-06-17 02:29:39 59392 --sha-w- c:\windows\Thumbs.db 2010-06-17 01:25:02 0 d-sha-r- C:\cmdcons 2010-06-17 01:16:47 98816 ----a-w- c:\windows\sed.exe 2010-06-17 01:16:47 77312 ----a-w- c:\windows\MBR.exe 2010-06-17 01:16:47 256512 ----a-w- c:\windows\PEV.exe 2010-06-17 01:16:47 161792 ----a-w- c:\windows\SWREG.exe 2010-06-14 18:44:40 0 d-sh--w- c:\documents and settings\admin\IECompatCache 2010-06-14 18:36:17 0 d-----w- c:\windows\SxsCaPendDel 2010-06-14 04:19:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2010-06-14 04:19:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 04:19:09 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 04:19:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2010-06-14 04:19:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2010-06-14 04:19:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 04:18:49 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2010-06-14 04:18:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 04:18:16 0 d-----w- c:\program files\Spyware Doctor 2010-06-14 04:18:16 0 d-----w- c:\program files\common files\PC Tools 2010-06-14 04:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-06-14 04:18:16 0 d-----w- c:\docume~1\admin\applic~1\PC Tools 2010-06-14 01:39:17 0 d-----w- c:\documents and settings\admin\Tracing 2010-06-14 01:00:59 0 d-----w- c:\windows\system32\NtmsData 2010-06-13 18:44:49 0 d-----w- c:\docume~1\admin\applic~1\Styler 2010-06-13 17:08:24 0 d-----w- c:\docume~1\admin\applic~1\IconTweaker 2010-06-13 16:23:14 218624 ----a-w- c:\windows\system32\uxtheme.uxtender 2010-06-13 02:39:14 0 d-----r- C:\_Backup.RC 2010-06-13 02:39:08 0 d-----w- C:\_Backup 2010-06-13 02:27:00 0 d-----w- c:\docume~1\admin\applic~1\Avanquest 2010-06-13 02:21:25 0 d-----w- c:\program files\Avanquest 2010-06-13 00:15:36 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes 2010-06-12 23:55:54 0 d-----w- c:\docume~1\admin\applic~1\Teleca 2010-06-12 23:53:28 0 d-sh--w- c:\documents and settings\admin\IETldCache 2010-06-12 23:44:33 0 d-----w- c:\docume~1\admin\applic~1\Symantec 2010-06-12 04:39:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 22:21:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-11 22:21:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-06-11 17:29:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 17:29:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-11 17:29:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 00:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan 2010-06-09 13:46:12 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker 2010-06-09 03:36:27 0 d-----w- c:\program files\Styler 2010-06-07 02:07:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-07 01:54:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-07 01:23:51 0 d-----w- c:\program files\Microsoft 2010-06-07 01:21:49 0 d-----w- c:\program files\Windows Live SkyDrive 2010-06-07 00:59:58 0 d-----w- c:\program files\common files\Windows Live 2010-06-05 16:54:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 00:53:46 0 d-----w- c:\program files\Microsoft Security Essentials 2010-06-04 23:00:29 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-04 22:58:25 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC 2010-06-04 22:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca 2010-06-04 22:57:42 0 d-----w- c:\program files\common files\Teleca Shared 2010-06-04 22:48:13 0 d-----w- c:\windows\LastGood(2) 2010-06-04 22:48:05 0 d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP 2010-06-04 15:44:49 0 d-----w- c:\program files\Microsoft Security Essentials(2) ==================== Find3M ==================== 2010-06-22 13:35:13 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys 2010-06-13 19:20:47 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-04 17:17:02 411368 ----a-w- c:\windows\system32\deploytk.dll 2008-10-29 05:19:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat ============= FINISH: 17:20:29.41 ===============
  5. CFScript ComboFix Log ComboFix 10-06-22.01 - Admin 06/22/2010 14:23:00.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.255 [GMT -4:00] Running from: c:\documents and settings\Admin\Desktop\Malware\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FILE :: "c:\windows\system32\drivers\caepweic.sys" "c:\windows\system32\drivers\pvikzsrv.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_caepweic -------\Service_pvikzsrv ((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 ))))))))))))))))))))))))))))))) . 2010-06-22 01:22 . 2010-06-22 01:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead 2010-06-21 18:33 . 2010-06-21 18:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Opera 2010-06-17 16:15 . 2010-06-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-06-17 16:01 . 2010-06-22 01:20 -------- d-----w- c:\program files\PCPitstop 2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager 2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache 2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel 2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 04:18 . 2010-06-21 03:19 -------- d-----w- c:\program files\Spyware Doctor 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools 2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing 2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData 2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler 2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker 2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group 2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS 2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest 2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC 2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup 2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest 2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest 2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe 2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla 2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca 2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache 2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-12 04:39 . 2010-06-17 06:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker 2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker 2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler 2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler 2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft 2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live 2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live 2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC 2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2) 2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP 2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-22 13:35 . 2002-08-29 02:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys 2010-06-21 03:22 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-18 00:04 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works 2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center 2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search 2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll 2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll 2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe 2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe 2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-04 22:55 . 2010-05-22 13:38 -------- d-----w- c:\program files\ZooskMessenger(2) 2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader 2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC 2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca 2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group 2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian 2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-29 12:53 . 2010-06-13 03:44 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2010-03-29 12:53 . 2010-06-13 03:43 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] "QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086] wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432] c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592] R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496] R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904] R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888] S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328] S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608] S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512] S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864] S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02] 2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] 2010-06-22 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18] . . ------- Supplementary Scan ------- . TCP: {66658DB4-57F6-41BD-8809-5E2C5801BB7D} = 198.153.192.1,198.153.194.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-22 14:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1492) c:\windows\system32\Ati2evxx.dll c:\progra~1\COMMON~1\Stardock\mcpstub.dll - - - - - - - > 'explorer.exe'(2448) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\progra~1\COMMON~1\stardock\MCPCore.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\System32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\Ati2evxx.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\progra~1\COMMON~1\Stardock\SDMCP.exe c:\windows\system32\Ati2evxx.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\windows\system32\HPConfig.exe c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-06-22 14:56:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-22 18:56 ComboFix2.txt 2010-06-22 14:53 ComboFix3.txt 2010-06-17 06:15 ComboFix4.txt 2010-06-17 02:27 Pre-Run: 20,049,752,064 bytes free Post-Run: 20,038,885,376 bytes free - - End Of File - - 9F3F9F2503A23A741B73CCBCC04E6079
  6. Blade, Thank you. It appears to be corrected. Microsoft Security Essentials updated today by itself and I've done a couple of Google searches and was able to go to the right site.
  7. DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 11:21:22.71 on Tue 06/22/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.219 [GMT -4:00] AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Admin\Desktop\Downloads\dds.scr ============== Pseudo HJT Report =============== TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697 DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\mxakhnew.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\mxakhnew.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040] R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [2008-10-27 266496] R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [2008-10-27 107904] R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [2008-10-27 21888] S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?] S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?] S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-16 291328] S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-16 244608] S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-5-16 16512] S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [2008-10-27 52864] S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\system~1\mailscan.sys --> c:\progra~1\avanqu~1\system~1\MailScan.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-14 27064] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2010-06-17 16:15:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop 2010-06-17 16:01:45 0 d-----w- c:\program files\PCPitstop 2010-06-17 04:04:56 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-06-17 04:03:32 0 d-----w- c:\program files\Registrar Registry Manager 2010-06-17 02:29:39 59392 --sha-w- c:\windows\Thumbs.db 2010-06-17 01:25:02 0 d-sha-r- C:\cmdcons 2010-06-17 01:16:47 98816 ----a-w- c:\windows\sed.exe 2010-06-17 01:16:47 77312 ----a-w- c:\windows\MBR.exe 2010-06-17 01:16:47 256512 ----a-w- c:\windows\PEV.exe 2010-06-17 01:16:47 161792 ----a-w- c:\windows\SWREG.exe 2010-06-14 18:44:40 0 d-sh--w- c:\documents and settings\admin\IECompatCache 2010-06-14 18:36:17 0 d-----w- c:\windows\SxsCaPendDel 2010-06-14 04:19:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2010-06-14 04:19:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 04:19:09 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 04:19:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2010-06-14 04:19:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2010-06-14 04:19:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 04:18:49 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2010-06-14 04:18:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 04:18:16 0 d-----w- c:\program files\Spyware Doctor 2010-06-14 04:18:16 0 d-----w- c:\program files\common files\PC Tools 2010-06-14 04:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-06-14 04:18:16 0 d-----w- c:\docume~1\admin\applic~1\PC Tools 2010-06-14 01:39:17 0 d-----w- c:\documents and settings\admin\Tracing 2010-06-14 01:00:59 0 d-----w- c:\windows\system32\NtmsData 2010-06-13 18:44:49 0 d-----w- c:\docume~1\admin\applic~1\Styler 2010-06-13 17:08:24 0 d-----w- c:\docume~1\admin\applic~1\IconTweaker 2010-06-13 16:23:14 218624 ----a-w- c:\windows\system32\uxtheme.uxtender 2010-06-13 02:39:14 0 d-----r- C:\_Backup.RC 2010-06-13 02:39:08 0 d-----w- C:\_Backup 2010-06-13 02:27:00 0 d-----w- c:\docume~1\admin\applic~1\Avanquest 2010-06-13 02:21:25 0 d-----w- c:\program files\Avanquest 2010-06-13 00:15:36 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes 2010-06-12 23:55:54 0 d-----w- c:\docume~1\admin\applic~1\Teleca 2010-06-12 23:53:28 0 d-sh--w- c:\documents and settings\admin\IETldCache 2010-06-12 23:44:33 0 d-----w- c:\docume~1\admin\applic~1\Symantec 2010-06-12 04:39:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 22:21:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-11 22:21:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-06-11 17:29:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 17:29:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-11 17:29:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 00:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan 2010-06-09 13:46:12 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker 2010-06-09 03:36:27 0 d-----w- c:\program files\Styler 2010-06-07 02:07:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-07 01:54:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-07 01:23:51 0 d-----w- c:\program files\Microsoft 2010-06-07 01:21:49 0 d-----w- c:\program files\Windows Live SkyDrive 2010-06-07 00:59:58 0 d-----w- c:\program files\common files\Windows Live 2010-06-05 16:54:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 00:53:46 0 d-----w- c:\program files\Microsoft Security Essentials 2010-06-04 23:00:29 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-04 22:58:25 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC 2010-06-04 22:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca 2010-06-04 22:57:42 0 d-----w- c:\program files\common files\Teleca Shared 2010-06-04 22:48:13 0 d-----w- c:\windows\LastGood(2) 2010-06-04 22:48:05 0 d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP 2010-06-04 15:44:49 0 d-----w- c:\program files\Microsoft Security Essentials(2) ==================== Find3M ==================== 2010-06-22 13:35:13 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys 2010-06-13 19:20:47 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-04 17:17:02 411368 ----a-w- c:\windows\system32\deploytk.dll 2008-10-29 05:19:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat ============= FINISH: 11:22:30.15 ===============
  8. ComboFix 10-06-21.03 - Admin 06/22/2010 10:28:42.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.258 [GMT -4:00] Running from: c:\documents and settings\Admin\Desktop\Malware\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 ))))))))))))))))))))))))))))))) . 2010-06-22 13:42 . 2010-06-22 13:42 -------- d-----w- c:\windows\LastGood 2010-06-22 01:22 . 2010-06-22 01:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Ahead 2010-06-21 18:33 . 2010-06-21 18:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Opera 2010-06-17 16:15 . 2010-06-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-06-17 16:01 . 2010-06-22 01:20 -------- d-----w- c:\program files\PCPitstop 2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager 2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache 2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel 2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 04:18 . 2010-06-21 03:19 -------- d-----w- c:\program files\Spyware Doctor 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools 2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing 2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData 2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler 2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker 2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group 2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS 2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest 2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC 2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup 2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest 2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest 2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe 2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla 2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca 2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache 2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-12 04:39 . 2010-06-17 06:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker 2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker 2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler 2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler 2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft 2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live 2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live 2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC 2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2) 2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP 2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-22 13:35 . 2002-08-29 02:00 11648 ----a-w- c:\windows\system32\drivers\acpiec.sys 2010-06-21 03:22 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-18 00:04 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works 2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center 2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search 2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll 2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll 2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe 2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe 2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-04 22:55 . 2010-05-22 13:38 -------- d-----w- c:\program files\ZooskMessenger(2) 2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader 2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC 2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca 2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group 2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian 2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-10 21:05 . 2010-04-10 21:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll 2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-29 12:53 . 2010-06-13 03:44 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2010-03-29 12:53 . 2010-06-13 03:43 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] "QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086] wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432] c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592] R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496] R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904] R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888] S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?] S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?] S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328] S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608] S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512] S3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864] S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840] --- Other Services/Drivers In Memory --- *NewlyCreated* - KLMDB *Deregistered* - klmd23 *Deregistered* - klmdb [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-22 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02] 2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] 2010-06-22 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18] . . ------- Supplementary Scan ------- . DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-22 10:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1464) c:\windows\system32\Ati2evxx.dll c:\progra~1\COMMON~1\Stardock\mcpstub.dll . Completion time: 2010-06-22 10:52:57 ComboFix-quarantined-files.txt 2010-06-22 14:52 ComboFix2.txt 2010-06-17 06:15 ComboFix3.txt 2010-06-17 02:27 Pre-Run: 20,042,227,712 bytes free Post-Run: 20,052,746,240 bytes free - - End Of File - - 40B9DC0B46FF39606D686A8A0AA78DB4
  9. 09:30:55:040 1688 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 09:30:55:040 1688 ================================================================================ 09:30:55:040 1688 SystemInfo: 09:30:55:040 1688 OS Version: 5.1.2600 ServicePack: 3.0 09:30:55:040 1688 Product type: Workstation 09:30:55:040 1688 ComputerName: SEAN 09:30:55:040 1688 UserName: Admin 09:30:55:040 1688 Windows directory: C:\WINDOWS 09:30:55:040 1688 Processor architecture: Intel x86 09:30:55:040 1688 Number of processors: 1 09:30:55:040 1688 Page size: 0x1000 09:30:55:040 1688 Boot type: Normal boot 09:30:55:040 1688 ================================================================================ 09:30:55:971 1688 Initialize success 09:30:55:971 1688 09:30:55:971 1688 Scanning Services ... 09:30:57:423 1688 Raw services enum returned 400 services 09:30:57:443 1688 09:30:57:443 1688 Scanning Drivers ... 09:31:00:177 1688 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 09:31:00:708 1688 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:31:01:209 1688 ACPIEC (a53f38653dc6ad8ad15879581e5d9984) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 09:31:01:209 1688 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPIEC.sys. Real md5: a53f38653dc6ad8ad15879581e5d9984, Fake md5: 6e657f8e96444b545d34e3f613c2c0e7 09:31:01:209 1688 File "C:\WINDOWS\system32\DRIVERS\ACPIEC.sys" infected by TDSS rootkit ... 09:31:10:652 1688 Backup copy found, using it.. 09:31:10:863 1688 will be cured on next reboot 09:31:11:794 1688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 09:31:12:405 1688 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 09:31:12:906 1688 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 09:31:14:378 1688 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 09:31:14:859 1688 allegro (bc129f409af5fcf46e978c1c144e31be) C:\WINDOWS\system32\drivers\es198x.sys 09:31:15:509 1688 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys 09:31:18:534 1688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:31:19:075 1688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 09:31:20:236 1688 ati2mtag (dd3802e25a9ef4e55eee9a0fc2151611) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 09:31:21:378 1688 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys 09:31:22:109 1688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:31:22:560 1688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 09:31:23:040 1688 BCM43XX (c8106396df180b901a33f0f135c51ac1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 09:31:23:591 1688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 09:31:24:542 1688 BTKRNL (66adefde602046786cc44fa5471ee8db) C:\WINDOWS\system32\drivers\btkrnl.sys 09:31:25:684 1688 caboagp (e3d35fe1ed9ace83b7728040cd634aa3) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys 09:31:26:635 1688 CALIAUD (ecdde6089b366b7e6c8f3e7119c60040) C:\WINDOWS\system32\drivers\caliaud.sys 09:31:27:256 1688 CALIHALA (fa2f5dbe2804803972052636693e80a1) C:\WINDOWS\system32\drivers\calihal.sys 09:31:27:907 1688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 09:31:28:308 1688 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 09:31:29:329 1688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 09:31:30:120 1688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 09:31:30:731 1688 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:31:31:252 1688 CE3 (6d63e366d96494336f375ff155d47ab3) C:\WINDOWS\system32\DRIVERS\ce3n5.sys 09:31:31:993 1688 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 09:31:32:945 1688 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 09:31:33:786 1688 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys 09:31:34:997 1688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 09:31:35:478 1688 DKbFltr (2aebf5150b5761f19e48b587b3ac8842) C:\WINDOWS\system32\Drivers\DKbFltr.SYS 09:31:36:279 1688 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 09:31:37:201 1688 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 09:31:37:671 1688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 09:31:38:212 1688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 09:31:38:723 1688 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys 09:31:39:244 1688 DP83815 (f590b709660401e69f9bace9860a397c) C:\WINDOWS\system32\DRIVERS\DP83815.SYS 09:31:39:975 1688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 09:31:40:515 1688 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 09:31:41:146 1688 ElbyCDFL (59c9e1336a4508f059827d638e924c62) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 09:31:41:457 1688 ElbyCDIO (389823db299b350f2ee830d47376eeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 09:31:41:907 1688 ElbyVCD (c4143fc2f7d39a5a8b1cfe0bc4bd8a9e) C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys 09:31:42:298 1688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 09:31:42:829 1688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 09:31:43:309 1688 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 09:31:43:790 1688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 09:31:44:201 1688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 09:31:44:701 1688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:31:45:112 1688 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:31:45:593 1688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:31:46:214 1688 GT43XX (c3db46765f31e9fafb98c5642365c988) C:\WINDOWS\system32\DRIVERS\gtwl5.sys 09:31:46:824 1688 GTEDGWModem (a1459f7c1824c539d56e3f84ea749eb1) C:\WINDOWS\system32\DRIVERS\GTEDG.sys 09:31:47:375 1688 GTEDGWWNIC (b89d4b0520b31946f1302bd6bd4f3517) C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys 09:31:47:876 1688 HPCI (708f5d243ce450bc937dedabd39d3600) C:\WINDOWS\system32\DRIVERS\hpci.sys 09:31:48:657 1688 HSFHWALI (c98fe9b4843888e153526c3f184fcc8d) C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys 09:31:49:548 1688 HSF_DP (fe4eb683439bac32fb3126ebdd7b3927) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 09:31:50:540 1688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 09:31:52:002 1688 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:31:52:463 1688 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys 09:31:52:783 1688 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys 09:31:53:274 1688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 09:31:55:136 1688 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 09:31:55:667 1688 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:31:56:218 1688 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 09:31:56:659 1688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:31:57:119 1688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:31:57:630 1688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:31:58:161 1688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:31:58:712 1688 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 09:31:59:202 1688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 09:31:59:593 1688 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:31:59:973 1688 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:32:00:464 1688 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 09:32:01:075 1688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 09:32:01:696 1688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 09:32:02:717 1688 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys 09:32:03:518 1688 mdmxsdk (a1e9d936eac07ee9386e87bac1377fad) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 09:32:03:969 1688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 09:32:04:440 1688 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 09:32:04:890 1688 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 09:32:05:381 1688 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:32:05:912 1688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 09:32:06:503 1688 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 09:32:07:364 1688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:32:08:075 1688 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:32:08:716 1688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 09:32:09:157 1688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:32:09:607 1688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:32:10:048 1688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 09:32:10:509 1688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:32:11:119 1688 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 09:32:11:600 1688 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 09:32:12:101 1688 MxlW2k (63d074073d5fda93163517c2a8f2ba5a) C:\WINDOWS\system32\drivers\MxlW2k.sys 09:32:12:582 1688 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 09:32:13:142 1688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 09:32:13:733 1688 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 09:32:14:094 1688 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:32:14:534 1688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:32:14:885 1688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:32:15:376 1688 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 09:32:15:906 1688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 09:32:16:507 1688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 09:32:17:048 1688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 09:32:17:529 1688 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys 09:32:18:190 1688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 09:32:18:831 1688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 09:32:19:221 1688 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 09:32:19:742 1688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:32:20:182 1688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:32:20:693 1688 OptionWWSC (eeae713c70c53bdd8d3f6584804d0f79) C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys 09:32:21:264 1688 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys 09:32:21:775 1688 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 09:32:22:326 1688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 09:32:22:766 1688 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 09:32:23:077 1688 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys 09:32:23:567 1688 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 09:32:24:308 1688 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 09:32:24:789 1688 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 09:32:25:360 1688 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys 09:32:26:101 1688 PCTINDIS5 (d6da0b85889d8236e2a3e80826ad104b) C:\WINDOWS\system32\PCTINDIS5.SYS 09:32:28:705 1688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:32:29:195 1688 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 09:32:29:716 1688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 09:32:30:167 1688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:32:31:038 1688 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 09:32:33:121 1688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:32:33:622 1688 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 09:32:34:102 1688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:32:34:643 1688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:32:35:104 1688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 09:32:35:605 1688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:32:36:195 1688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:32:36:746 1688 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:32:37:307 1688 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 09:32:37:828 1688 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 09:32:38:309 1688 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys 09:32:38:769 1688 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys 09:32:39:250 1688 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 09:32:39:791 1688 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 09:32:40:171 1688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:32:40:592 1688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 09:32:40:892 1688 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 09:32:41:483 1688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 09:32:41:864 1688 SI3112 (f459dd5ee69d4b68cb6767c9731b5faf) C:\WINDOWS\system32\DRIVERS\SI3112.sys 09:32:42:304 1688 SiFilter (96b43459e9bd1dad1873a47ddde9bdf4) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 09:32:43:045 1688 SiRemFil (40f3babe67c1c51fbb3ee64ea9209e1f) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys 09:32:43:496 1688 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 09:32:48:894 1688 SNPSTD3 (a37e84eb12c39d36eddeb7966429e75f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys 09:32:53:651 1688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 09:32:54:151 1688 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 09:32:54:852 1688 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 09:32:55:603 1688 StreamDispatcher (3caf8a823d46bb9b739068f173e98f51) C:\WINDOWS\system32\DRIVERS\strmdisp.sys 09:32:56:415 1688 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 09:32:57:216 1688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 09:32:57:867 1688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 09:32:58:558 1688 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys 09:33:01:362 1688 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys 09:33:02:343 1688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 09:33:03:214 1688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:33:04:096 1688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 09:33:05:127 1688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 09:33:05:818 1688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 09:33:07:110 1688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 09:33:08:512 1688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 09:33:09:393 1688 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 09:33:10:134 1688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:33:10:745 1688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:33:11:596 1688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:33:12:478 1688 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 09:33:13:229 1688 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:33:13:870 1688 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:33:14:561 1688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 09:33:15:121 1688 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 09:33:15:592 1688 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 09:33:16:113 1688 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys 09:33:16:944 1688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:33:17:725 1688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 09:33:18:426 1688 winachsf (dc3f6288a33bcfa43402f1593321b44a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 09:33:19:107 1688 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 09:33:19:538 1688 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 09:33:20:039 1688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:33:20:579 1688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:33:20:629 1688 Reboot required for cure complete.. 09:33:22:222 1688 Cure on reboot scheduled successfully 09:33:22:222 1688 09:33:22:222 1688 Completed 09:33:22:222 1688 09:33:22:222 1688 Results: 09:33:22:222 1688 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 09:33:22:222 1688 File objects infected / cured / cured on reboot: 1 / 0 / 1 09:33:22:222 1688 09:33:22:232 1688 KLMD(ARK) unloaded successfully
  10. DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 13:52:49.25 on Mon 06/21/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.161 [GMT -4:00] AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Admin\Desktop\Malware\dds.com ============== Pseudo HJT Report =============== TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225136699697 DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\mxakhnew.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\documents and settings\admin\application data\mozilla\firefox\profiles\mxakhnew.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040] R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [2008-10-27 266496] R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [2008-10-27 107904] R3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [2008-10-27 52864] R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [2008-10-27 21888] S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?] S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?] S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2003-5-16 291328] S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2003-5-16 244608] S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [2003-5-16 16512] S3 MailScan;MailScan;\??\c:\progra~1\avanqu~1\system~1\mailscan.sys --> c:\progra~1\avanqu~1\system~1\MailScan.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-14 27064] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] =============== Created Last 30 ================ 2010-06-17 16:15:12 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop 2010-06-17 16:01:45 0 d-----w- c:\program files\PCPitstop 2010-06-17 04:04:56 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-06-17 04:03:32 0 d-----w- c:\program files\Registrar Registry Manager 2010-06-17 02:29:39 51712 --sha-w- c:\windows\Thumbs.db 2010-06-17 01:25:02 0 d-sha-r- C:\cmdcons 2010-06-17 01:16:47 98816 ----a-w- c:\windows\sed.exe 2010-06-17 01:16:47 77312 ----a-w- c:\windows\MBR.exe 2010-06-17 01:16:47 256512 ----a-w- c:\windows\PEV.exe 2010-06-17 01:16:47 161792 ----a-w- c:\windows\SWREG.exe 2010-06-14 18:44:40 0 d-sh--w- c:\documents and settings\admin\IECompatCache 2010-06-14 18:36:17 0 d-----w- c:\windows\SxsCaPendDel 2010-06-14 04:19:29 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2010-06-14 04:19:29 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 04:19:09 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 04:19:09 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2010-06-14 04:19:09 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2010-06-14 04:19:09 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 04:18:49 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2010-06-14 04:18:49 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 04:18:16 0 d-----w- c:\program files\Spyware Doctor 2010-06-14 04:18:16 0 d-----w- c:\program files\common files\PC Tools 2010-06-14 04:18:16 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-06-14 04:18:16 0 d-----w- c:\docume~1\admin\applic~1\PC Tools 2010-06-14 01:39:17 0 d-----w- c:\documents and settings\admin\Tracing 2010-06-14 01:00:59 0 d-----w- c:\windows\system32\NtmsData 2010-06-13 18:44:49 0 d-----w- c:\docume~1\admin\applic~1\Styler 2010-06-13 17:08:24 0 d-----w- c:\docume~1\admin\applic~1\IconTweaker 2010-06-13 16:23:14 218624 ----a-w- c:\windows\system32\uxtheme.uxtender 2010-06-13 02:39:14 0 d-----r- C:\_Backup.RC 2010-06-13 02:39:08 0 d-----w- C:\_Backup 2010-06-13 02:27:00 0 d-----w- c:\docume~1\admin\applic~1\Avanquest 2010-06-13 02:21:25 0 d-----w- c:\program files\Avanquest 2010-06-13 00:15:36 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes 2010-06-12 23:55:54 0 d-----w- c:\docume~1\admin\applic~1\Teleca 2010-06-12 23:53:28 0 d-sh--w- c:\documents and settings\admin\IETldCache 2010-06-12 23:44:33 0 d-----w- c:\docume~1\admin\applic~1\Symantec 2010-06-12 04:39:55 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 22:21:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-11 22:21:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-06-11 17:29:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 17:29:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-11 17:29:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 17:29:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 00:22:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan 2010-06-09 13:46:12 0 d-----w- c:\docume~1\alluse~1\applic~1\IconTweaker 2010-06-09 03:36:27 0 d-----w- c:\program files\Styler 2010-06-07 02:07:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-07 01:54:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-07 01:23:51 0 d-----w- c:\program files\Microsoft 2010-06-07 01:21:49 0 d-----w- c:\program files\Windows Live SkyDrive 2010-06-07 00:59:58 0 d-----w- c:\program files\common files\Windows Live 2010-06-05 16:54:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 00:53:46 0 d-----w- c:\program files\Microsoft Security Essentials 2010-06-04 23:00:29 0 d-----w- c:\windows\system32\wbem\Repository 2010-06-04 22:58:25 0 d-----w- c:\docume~1\alluse~1\applic~1\HTC 2010-06-04 22:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Teleca 2010-06-04 22:57:42 0 d-----w- c:\program files\common files\Teleca Shared 2010-06-04 22:48:13 0 d-----w- c:\windows\LastGood(2) 2010-06-04 22:48:05 0 d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP 2010-06-04 15:44:49 0 d-----w- c:\program files\Microsoft Security Essentials(2) ==================== Find3M ==================== 2010-06-13 19:20:47 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-17 04:04:40 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 02:12:18 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-04 17:17:02 411368 ----a-w- c:\windows\system32\deploytk.dll 2008-10-29 05:19:51 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat ============= FINISH: 13:55:27.76 ===============
  11. ComboFix Log: ComboFix 10-06-20.06 - Admin 06/21/2010 13:07:51.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.215 [GMT -4:00] Running from: c:\documents and settings\Admin\Desktop\Malware\ComboFix.exe AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . PEV Error: FavFile ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))))) . 2010-06-17 16:15 . 2010-06-17 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-06-17 16:01 . 2010-06-17 16:02 -------- d-----w- c:\program files\PCPitstop 2010-06-17 04:04 . 2009-11-13 16:23 32824 ----a-w- c:\windows\system32\rrMon.sys 2010-06-17 04:03 . 2010-06-17 04:18 -------- d-----w- c:\program files\Registrar Registry Manager 2010-06-14 18:44 . 2010-06-14 18:44 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache 2010-06-14 18:36 . 2010-06-14 18:58 -------- d-----w- c:\windows\SxsCaPendDel 2010-06-14 04:19 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 04:19 . 2010-03-29 14:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 04:19 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 04:18 . 2010-04-08 18:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 04:18 . 2010-06-21 03:19 -------- d-----w- c:\program files\Spyware Doctor 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-06-14 04:18 . 2010-06-14 04:18 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Tools 2010-06-14 01:39 . 2010-06-14 03:14 -------- d-----w- c:\documents and settings\Admin\Tracing 2010-06-14 01:00 . 2010-06-14 01:07 -------- d-----w- c:\windows\system32\NtmsData 2010-06-13 18:44 . 2010-06-15 22:11 -------- d-----w- c:\documents and settings\Admin\Application Data\Styler 2010-06-13 17:08 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\Admin\Application Data\IconTweaker 2010-06-13 14:16 . 2010-06-13 14:16 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\VS Revo Group 2010-06-13 03:45 . 2010-06-13 03:45 -------- d-----w- c:\program files\NOS 2010-06-13 02:48 . 2010-06-13 02:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avanquest 2010-06-13 02:46 . 2010-06-13 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----r- C:\_Backup.RC 2010-06-13 02:39 . 2010-06-13 02:39 -------- d-----w- C:\_Backup 2010-06-13 02:27 . 2010-06-13 02:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Avanquest 2010-06-13 02:21 . 2010-06-13 14:41 -------- d-----w- c:\program files\Avanquest 2010-06-13 01:33 . 2010-06-15 15:25 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe 2010-06-13 00:15 . 2010-06-13 00:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-06-12 23:56 . 2010-06-12 23:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla 2010-06-12 23:55 . 2010-06-12 23:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Teleca 2010-06-12 23:53 . 2010-06-12 23:53 -------- d-sh--w- c:\documents and settings\Admin\IETldCache 2010-06-12 23:50 . 2010-06-12 23:50 61000 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-12 04:39 . 2010-06-17 06:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-11 22:21 . 2010-06-14 03:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-06-11 22:21 . 2010-06-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-06-11 17:30 . 2010-06-11 17:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-11 17:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-11 17:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-11 17:29 . 2010-06-11 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-10 00:22 . 2010-06-13 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-06-09 13:46 . 2010-06-09 13:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker 2010-06-09 13:46 . 2010-06-15 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker 2010-06-09 04:37 . 2010-06-09 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler 2010-06-09 03:36 . 2010-06-15 22:12 -------- d-----w- c:\program files\Styler 2010-06-07 02:22 . 2010-06-07 02:22 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-06-07 02:07 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-06-07 01:54 . 2010-06-07 01:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-06-07 01:23 . 2010-06-07 01:23 -------- d-----w- c:\program files\Microsoft 2010-06-07 01:21 . 2010-06-07 01:21 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-06-07 01:17 . 2010-06-07 02:24 -------- d-----w- c:\program files\Windows Live 2010-06-07 00:59 . 2010-06-07 00:59 -------- d-----w- c:\program files\Common Files\Windows Live 2010-06-05 16:54 . 2010-06-05 16:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-06-05 16:35 . 2010-06-14 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-06-05 00:53 . 2010-06-05 00:56 -------- d-----w- c:\program files\Microsoft Security Essentials 2010-06-04 23:00 . 2010-06-04 23:00 -------- d-----w- c:\windows\system32\wbem\Repository 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca 2010-06-04 22:58 . 2010-06-04 22:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC 2010-06-04 22:57 . 2010-06-04 22:58 -------- d-----w- c:\program files\Common Files\Teleca Shared 2010-06-04 22:52 . 2010-06-13 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\LastGood(2) 2010-06-04 22:48 . 2010-06-04 22:48 -------- d-----w- c:\windows\871DF2BE41D24334AC33839AF16FC8FE.TMP 2010-06-04 15:44 . 2010-06-04 22:50 -------- d-----w- c:\program files\Microsoft Security Essentials(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-21 03:22 . 2009-11-18 00:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-18 00:04 . 2003-05-16 19:50 -------- d-----w- c:\program files\Microsoft Works 2010-06-16 04:09 . 2010-02-14 02:10 -------- d-----w- c:\program files\Windows Live Safety Center 2010-06-13 19:20 . 2002-08-29 02:00 218624 ----a-w- c:\windows\system32\uxtheme.dll 2010-06-13 02:08 . 2009-11-12 00:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-12 20:18 . 2010-04-15 00:26 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-06-10 02:22 . 2008-10-28 15:49 -------- d-----w- c:\program files\Windows Desktop Search 2010-06-10 00:24 . 2010-06-10 00:24 154 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_952D7EE5731D8344A9F5244F23CE4012.dll 2010-06-10 00:23 . 2010-06-10 00:23 121 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_6030E61781384634B8F8C04C9E73B6CA.dll 2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe 2010-06-09 03:38 . 2010-06-09 03:38 15086 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe 2010-06-07 02:35 . 2008-10-28 14:23 61000 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-04 22:55 . 2010-05-22 13:38 -------- d-----w- c:\program files\ZooskMessenger(2) 2010-05-29 13:46 . 2010-03-29 03:08 -------- d-----w- c:\program files\JDownloader 2010-05-21 18:14 . 2010-02-14 22:38 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-19 15:45 . 2009-11-24 05:54 -------- d-----w- c:\program files\HTC 2010-05-19 15:44 . 2009-11-24 06:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Teleca 2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\VS Revo Group 2010-05-16 22:18 . 2010-05-16 22:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian 2010-05-16 19:54 . 2010-05-16 19:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-05-16 19:52 . 2010-01-06 06:10 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-16 19:50 . 2010-06-12 23:44 38784 ----a-w- c:\documents and settings\Admin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-05-16 19:50 . 2010-01-06 06:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-17 04:04 . 2010-04-17 04:04 306032 ----a-w- c:\windows\WLXPGSS.SCR 2010-04-17 02:12 . 2010-04-17 02:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-04-10 21:05 . 2010-04-10 21:05 65328 ----a-w- c:\windows\AppPatch\matsshim.dll 2010-04-04 17:17 . 2009-12-07 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-29 12:53 . 2010-06-13 03:44 32576 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2010-03-29 12:53 . 2010-06-13 03:43 29984 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe . ------- Sigcheck ------- [-] 2002-08-29 02:00 . 6E657F8E96444B545D34E3F613C2C0E7 . 11648 . . [------] . . c:\windows\system32\drivers\acpiec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064] "Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056] "QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Styler.lnk - c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2010-6-8 15086] wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432] c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 20:13 49152 ----a-w- c:\progra~1\COMMON~1\stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Spyware Doctor\\pctsGui.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [11/28/2002 6:43 AM 22016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 12:19 AM 218592] R3 GT43XX;GT Combo 802.11g Wireless LAN Adapter Driver GT43XX;c:\windows\system32\drivers\gtwl5.SYS [10/27/2008 3:27 PM 266496] R3 GTEDGWModem;Option NV GTEDGWModem;c:\windows\system32\drivers\GTEDG.sys [10/27/2008 3:30 PM 107904] R3 GTEDGWWNIC;Option NV GTEDGWWNIC;c:\windows\system32\drivers\GTEDGNet.sys [10/27/2008 3:32 PM 52864] R3 OptionWWSC;GT Combo EDGE SIM Card Reader;c:\windows\system32\drivers\GTEDGSC.sys [10/27/2008 3:35 PM 21888] S1 caepweic;caepweic;\??\c:\windows\system32\drivers\caepweic.sys --> c:\windows\system32\drivers\caepweic.sys [?] S1 pvikzsrv;pvikzsrv;\??\c:\windows\system32\drivers\pvikzsrv.sys --> c:\windows\system32\drivers\pvikzsrv.sys [?] S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [5/16/2003 2:21 PM 291328] S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [5/16/2003 2:21 PM 244608] S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [5/16/2003 2:18 PM 16512] S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\MailScan.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2/14/2010 10:18 AM 27064] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 12:18 AM 366840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02] 2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{1F7364ED-52C1-43A3-931F-263ECD9A26D1}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 09:31] 2010-06-21 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2010-02-15 02:18] . . ------- Supplementary Scan ------- . DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mxakhnew.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071705000014.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - AddRemove-HijackThis - c:\docume~1\Admin\LOCALS~1\Temp\Rar$EX02.428\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 13:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x82EB2EC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf877af28 \Driver\ACPI -> ACPI.sys @ 0xf86adcb8 \Driver\atapi -> atapi.sys @ 0xf862f852 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9 ParseProcedure -> ntoskrnl.exe @ 0x8056ea15 NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf850cbb0 PacketIndicateHandler -> NDIS.sys @ 0xf84fba0d SendHandler -> NDIS.sys @ 0xf850fb40 user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1800) c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\progra~1\COMMON~1\Stardock\mcpstub.dll - - - - - - - > 'lsass.exe'(1860) c:\windows\system32\WININET.dll . Completion time: 2010-06-21 13:50:53 ComboFix-quarantined-files.txt 2010-06-21 17:50 ComboFix2.txt 2010-06-17 06:15 ComboFix3.txt 2010-06-17 02:27 Pre-Run: 19,997,954,048 bytes free Post-Run: 20,108,140,544 bytes free - - End Of File - - 2B50E8DF6444B447A2DEFCCC5F832748
  12. GMER Report GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-20 23:50:00 Windows 5.1.2600 Service Pack 3 Running: md8emx9t.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdypog.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF85F4112] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF85D32D6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF85D34C8] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF85F4900] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF85F4BB4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF85F2E12] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF85F5020] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF85F43D2] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF85D2F44] ---- Kernel code sections - GMER 1.0.15 ---- .rsrc C:\WINDOWS\system32\drivers\ACPIEC.sys entry point in ".rsrc" section [0xF8B54194] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016F0001 .text C:\WINDOWS\system32\svchost.exe[456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text c:\Program Files\Microsoft Security Essentials\MsMpEng.exe[496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001 .text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A .text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A .text C:\WINDOWS\System32\svchost.exe[532] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C .text C:\WINDOWS\System32\svchost.exe[532] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 025B000A .text C:\WINDOWS\System32\svchost.exe[532] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00EF000A .text C:\WINDOWS\system32\spoolsv.exe[712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001 .text C:\WINDOWS\System32\svchost.exe[800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001 .text C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe[860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011A0001 .text C:\WINDOWS\system32\Ati2evxx.exe[1076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A90001 .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1124] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01250001 .text ... .text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B8000A .text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A .text C:\WINDOWS\Explorer.EXE[1248] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C .text C:\WINDOWS\system32\HPConfig.exe[1560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015E0001 .text C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001 .text C:\WINDOWS\system32\csrss.exe[1724] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001 .text C:\WINDOWS\system32\winlogon.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017F0001 .text C:\WINDOWS\system32\services.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001 .text ... .text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0132000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0133000A .text C:\Program Files\Mozilla Firefox\firefox.exe[3596] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0131000C .text C:\WINDOWS\System32\svchost.exe[3644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001 .text C:\WINDOWS\system32\ctfmon.exe[3884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys Device -> \Driver\atapi \Device\Harddisk0\DR0 82EB4EC5 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\ACPIEC.sys suspicious modification File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
  13. Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/27/2008 4:25:17 PM System Uptime: 6/20/2010 10:42:55 PM (1 hours ago) Motherboard: Compaq | | 07D8 Processor: Intel® Pentium® 4 Mobile CPU 1.60GHz | U10 | 1196/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 37 GiB total, 18.771 GiB free. D: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA Class GUID: {DF799E12-3C56-421B-B298-B6D3642BC878} Description: Sprint Connection Manager Bus Device ID: ROOT\NMEAPORTS\0000 Manufacturer: PCTEL Name: Sprint Connection Manager Bus PNP Device ID: ROOT\NMEAPORTS\0000 Service: Nmea Class GUID: {DF799E12-3C56-421B-B298-B6D3642BC878} Description: Sprint Connection Manager Bus Device ID: ROOT\NMEAPORTS\0001 Manufacturer: PCTEL Name: Sprint Connection Manager Bus PNP Device ID: ROOT\NMEAPORTS\0001 Service: Nmea Class GUID: {DF799E12-3C56-421B-B298-B6D3642BC878} Description: Sprint Connection Manager Bus Device ID: ROOT\NMEAPORTS\0002 Manufacturer: PCTEL Name: Sprint Connection Manager Bus PNP Device ID: ROOT\NMEAPORTS\0002 Service: Nmea ==== System Restore Points =================== RP1: 6/16/2010 9:17:21 PM - System Checkpoint RP2: 6/18/2010 4:07:52 AM - System Checkpoint RP3: 6/19/2010 10:32:40 AM - System Checkpoint ==== Installed Programs ====================== AAC Decoder Adobe AIR Adobe Download Manager Adobe Flash Player 10 Plugin Adobe Reader 9.3.2 Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AutoUpdate BlackBerry Desktop Software 4.6 BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone Bluetooth by hp Cisco Systems VPN Client 5.0.02.0090 CloneCD Compaq Client Manager V3.34 Conexant 56K ACLink Modem Conexant AC-Link Audio DesktopX DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Plus Web Player DivX Version Checker Free Window Registry Repair Full Tilt Poker GE98067 98756 and 98046 MiniCam Pro H.264 Decoder HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HpSdpAppCoreApp HTC Driver HTC Sync Inactive HP Printer Drivers (Remove only) JDownloader Junk Mail filter update Lucent Win Modem Malwarebytes' Anti-Malware Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Fix it Center Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Search Enhancement Pack Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works 7.0 Microsoft Works Calendar 9.0 MKV Splitter Mozilla Firefox (3.6.3) MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser (KB927977) MUSICMATCH® Jukebox Nero 7 Ultra Edition Notebook Utilities One-Touch Buttons OpenOffice.org 3.2 Opera 10.50 PC Pitstop Exterminate2 2.0 PowerDVD QuickTime Registrar Registry Manager 6.50 Revo Uninstaller Pro 2.1.1 Roxio Media Manager Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Segoe UI Sprint SmartView Spyware Doctor 7.0 Synaptics Pointing Device Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.4053 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP Winamp Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows PowerShell 1.0 Windows Presentation Foundation Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 Xvid 1.1.2 final uninstall Yahoo! Messenger Yahoo! Software Update ==== Event Viewer Messages From Past Week ======== 6/20/2010 10:58:21 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.111.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/19/2010 9:51:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 6/19/2010 9:51:52 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/19/2010 12:21:54 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.85.111.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5902.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/17/2010 9:35:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/17/2010 7:56:07 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: SEAN\Admin Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 6/17/2010 7:29:26 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/17/2010 2:12:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service. 6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service. 6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RpcSs service. 6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service. 6/16/2010 8:20:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MsMpSvc service. 6/16/2010 11:04:23 AM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). 6/16/2010 10:47:14 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 6/16/2010 1:26:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.5802.0&avdelta=1.83.1506.0&asdelta=1.83.1506.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved 6/16/2010 1:26:03 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 6/16/2010 1:12:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 6/16/2010 1:12:00 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/16/2010 1:12:00 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning. 6/15/2010 9:55:08 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/15/2010 9:27:46 AM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s). 6/15/2010 9:22:07 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 6/15/2010 5:32:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect. 6/15/2010 5:32:52 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/15/2010 5:32:22 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s). 6/15/2010 5:21:51 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting. 6/15/2010 5:20:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect. 6/15/2010 5:18:39 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 6/15/2010 5:18:39 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 6/14/2010 12:19:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 6/14/2010 1:17:48 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/13/2010 8:43:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect. 6/13/2010 8:43:13 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/13/2010 8:43:13 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/13/2010 8:39:58 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 8:39:47 PM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 6/13/2010 7:29:36 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 7:28:25 PM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 7:28:25 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 7:28:17 PM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 7:06:16 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 7:06:16 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 6/13/2010 12:28:01 AM, error: Service Control Manager [7034] - The SystemSuite Task Manager service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 11:53:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 6/13/2010 11:53:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/13/2010 11:49:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter 6/13/2010 11:44:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/13/2010 11:31:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.83.1506.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5802.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally 6/13/2010 11:02:17 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 6/13/2010 10:59:35 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/13/2010 10:59:35 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 6/13/2010 10:57:37 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 10:18:53 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s). 6/13/2010 10:18:50 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. ==== End Of File ===========================
  14. Thank you Blade, for your help. I'm sorry I ran ComboFix, I hope it doesn't mess up anything now. I only ran it because I found it on another site, before I found this place. I was desperate and willing to try just about anything. Here are the results of the DDS.txt DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 23:19:51.40 on Sun 06/20/2010 Internet Explorer: 8.0.6001.18702 ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\HPConfig.exe C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Admin\Desktop\Downloads\dds.com C:\Program Files\Spyware Doctor\sdloader.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k imgsvc ============== Pseudo HJT Report =============== TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe mRun: [Display Settings] c:\program files\hpq\notebook utilities\hptasks.exe /s mRun: [QT4HPOT] c:\program files\hpq\one-touch\OneTouch.EXE mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [synTPEnh] c
  15. Also of note, I was not able to post the logs to this website from my computer. I had to post it from another computer. Not sure if it is blocking me posting here or what but it seems strange I could send it the first try from a different computer.
×
×
  • Create New...