|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
July 12th, 2010, 02:05 PM
|
|||
|
|||
|
AV Security Suite & other Malware Help
I woke up to a nasty AV Security Suite problem. I was able to temporarily remove the program using a the Anti-Malware scan. I'm sure the problem is still present, along with other issues. I have attached a HJT log and I'm hoping to get some assistance. Thank you!
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:59:08 AM, on 7/12/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Messenger\msmsgs.exe C:\Garmin\ANT Agent\ANT Agent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\Program Files\Common Files\Teleca Shared\logger.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter .exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5577 R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.miniclip.com/games/basket...ent_iframe.php" O4 - HKUS\S-1-5-18\..\Run: [njboevsh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\etriscyvv\kqksrxqtssd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [njboevsh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\etriscyvv\kqksrxqtssd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2...nAxControl.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.6.cab O16 - DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - http://174.34.132.146/TOPPS/plugin/D....Installer.exe O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://cintassupport.webex.com/clie...rt/ieatgpc.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.cintas.com/dana-cache...erSetupSP1.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13659 bytes 
|
|
#2
July 13th, 2010, 01:45 AM
|
|||
|
|||
|
I read in a Ann Marie file that you now longer use Hijack This for Malware problems and instead use DDS. I have attached my two DDS files in hope that someone will take a look. Thanks!
DDS (Ver_10-03-17.01) - NTFSx86 Run by Alex at 20:40:47.25 on Mon 07/12/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.387 [GMT -4:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Alex\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)" -"http://www.miniclip.com/games/basket...ent_iframe.php" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" dRun: [njboevsh] c:\documents and settings\networkservice\local settings\application data\etriscyvv\kqksrxqtssd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\win dow~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.6.cab DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://174.34.132.146/TOPPS/plugin/DFusionWeb.Installer.exe DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cintassupport.webex.com/client/T23L/support/ieatgpc.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.cintas.com/dana-cached/setup/JuniperSetupSP1.cab Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000 .029\SymEFA.sys [2010-2-2 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029 \BHDrvx86.sys [2010-2-2 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.0 29\cchpx86.sys [2010-2-2 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100709. 001\IDSXpx86.sys [2010-7-9 331640] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-2-2 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-12 102448] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\2010071 2.022\NAVENG.SYS [2010-7-12 85552] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\2010071 2.022\NAVEX15.SYS [2010-7-12 1347504] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-5-4 24576] S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-5-15 15576] =============== Created Last 30 ================ 2010-07-07 16:34:01 0 d-----w- c:\program files\Doras Carnival 2 - At the Boardwalk 2010-07-07 15:34:56 0 d-----w- c:\program files\Doras Carnival Adventure 2010-07-07 15:34:23 0 d-----w- c:\program files\bfgclient 2010-07-07 15:30:23 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache 2010-06-27 21:20:00 1139864748 ----a-w- C:\PhotoshopElements_8_MUL.7z 2010-06-27 21:19:59 1228312 ----a-w- C:\PhotoshopElements_8_MUL.exe 2010-06-27 19:56:15 0 d-----w- c:\program files\iPod 2010-06-27 19:55:59 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-06-27 19:52:02 0 d-----w- c:\program files\Bonjour 2010-06-27 18:36:19 0 d-----w- c:\windows\system32\syncdb 2010-06-13 14:51:07 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2010-06-13 14:51:03 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2010-06-13 14:49:58 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2010-06-13 14:48:56 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys 2010-06-13 14:47:58 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll 2010-06-13 14:46:57 31232 ----a-w- c:\windows\system32\dllcache\tools.dll 2010-06-13 14:45:58 46592 ----a-w- c:\windows\system32\dllcache\svcext51.dll 2010-06-13 14:44:59 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys 2010-06-13 14:43:59 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll 2010-06-13 14:42:57 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys 2010-06-13 14:41:58 26624 ----a-w- c:\windows\system32\dllcache\rw450ext.dll 2010-06-13 14:40:57 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys 2010-06-13 14:33:53 70144 ----a-w- c:\windows\system32\dllcache\pintlphr.exe 2010-06-13 14:32:57 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys 2010-06-13 14:31:59 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys 2010-06-13 14:30:58 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll 2010-06-13 14:29:59 85504 ----a-w- c:\windows\system32\dllcache\metada51.dll 2010-06-13 14:28:59 61952 ----a-w- c:\windows\system32\dllcache\kstvtune.ax 2010-06-13 14:27:59 81976 ----a-w- c:\windows\system32\dllcache\imjpdct.dll 2010-06-13 14:26:09 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll 2010-06-13 14:26:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys 2010-06-13 14:26:04 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll 2010-06-13 14:26:01 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll 2010-06-13 14:24:58 199711 ----a-w- c:\windows\system32\dllcache\hsf_faxx.sys 2010-06-13 14:23:57 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys 2010-06-13 14:22:59 34816 ----a-w- c:\windows\system32\dllcache\esuimg.dll 2010-06-13 14:21:58 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax 2010-06-13 14:20:59 50176 ----a-w- c:\windows\system32\dllcache\cyyport.sys 2010-06-13 14:19:59 66082 ----a-w- c:\windows\system32\dllcache\c_1149.nls 2010-06-13 14:18:59 36224 ----a-w- c:\windows\system32\dllcache\an983.sys ==================== Find3M ==================== 2010-07-11 21:12:56 72640 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-01 12:50:21 188894 ----a-w- c:\windows\hpwins22.dat 2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll 2007-10-16 16:18:08 14603672 ----a-w- c:\program files\jre-6u3-windows-i586-p.exe 2007-05-19 12:39:49 52421096 ----a-w- c:\program files\Quicken_Home_Business_2007.exe 2006-07-16 16:40:38 88 --sh--r- c:\windows\system32\1E1AF94DD6.sys 2007-10-02 02:44:39 104 --sh--r- c:\windows\system32\D64DF91A1E.sys 2007-10-02 02:44:39 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-01-27 17:13:57 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-01-27 17:13:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012720090 128\index.dat ============= FINISH: 20:42:41.07 ===============
|
|
#3
July 13th, 2010, 01:46 AM
|
|||
|
|||
|
The 2nd DDS log is below...
DS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/15/2006 8:26:48 PM System Uptime: 7/12/2010 8:04:52 PM (0 hours ago) Motherboard: Dell Inc. | | 0FJ030 Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 144 GiB total, 81.7 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Description: Officejet Pro L7600 Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\IMAGE\0000 Service: StillCam Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro L7600 Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro 8500 A909g Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: HP Name: Officejet Pro 8500 A909g PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro L7600 Device ID: ROOT\PRINTER\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\PRINTER\0000 Service: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro 8500 A909g Device ID: ROOT\PRINTER\0001 Manufacturer: HP Name: Officejet Pro 8500 A909g PNP Device ID: ROOT\PRINTER\0001 Service: ==== System Restore Points =================== RP289: 4/14/2010 8:10:16 AM - System Checkpoint RP290: 4/20/2010 10:15:36 AM - System Checkpoint RP291: 4/21/2010 11:02:48 AM - System Checkpoint RP292: 4/22/2010 11:27:52 AM - System Checkpoint RP293: 4/23/2010 1:30:48 PM - System Checkpoint RP294: 4/24/2010 1:38:47 PM - System Checkpoint RP295: 4/25/2010 3:38:47 PM - System Checkpoint RP296: 4/28/2010 7:57:25 PM - System Checkpoint RP297: 4/29/2010 8:28:47 PM - System Checkpoint RP298: 4/30/2010 9:54:53 PM - System Checkpoint RP299: 5/1/2010 8:11:35 AM - Printer Driver HP Officejet Pro 8500 A909g Series fax Installed RP300: 5/3/2010 3:11:34 PM - System Checkpoint RP301: 5/4/2010 9:14:06 PM - Installed HTC Driver Installer. RP302: 5/4/2010 9:14:43 PM - Installed HTC Sync. RP303: 5/4/2010 9:21:07 PM - Installed Windows XP Wdf01007. RP304: 5/5/2010 9:42:59 PM - System Checkpoint RP305: 5/6/2010 10:17:21 PM - Configured Microsoft Office Professional 2007 RP306: 5/18/2010 10:21:42 PM - System Checkpoint RP307: 5/19/2010 11:04:11 PM - System Checkpoint RP308: 5/21/2010 12:24:22 AM - System Checkpoint RP309: 5/22/2010 1:14:06 AM - System Checkpoint RP310: 5/23/2010 3:04:52 AM - System Checkpoint RP311: 5/24/2010 4:39:50 AM - System Checkpoint RP312: 5/25/2010 5:52:07 AM - System Checkpoint RP313: 5/26/2010 6:35:39 AM - System Checkpoint RP314: 5/27/2010 6:50:10 AM - System Checkpoint RP315: 5/28/2010 7:04:01 AM - System Checkpoint RP316: 5/31/2010 11:14:19 AM - System Checkpoint RP317: 6/1/2010 3:43:17 PM - System Checkpoint RP318: 6/2/2010 3:48:02 PM - System Checkpoint RP319: 6/3/2010 5:36:02 PM - System Checkpoint RP320: 6/11/2010 10:24:26 AM - System Checkpoint RP321: 6/12/2010 3:31:23 PM - System Checkpoint RP322: 6/13/2010 5:30:23 PM - System Checkpoint RP323: 6/16/2010 3:38:47 PM - System Checkpoint RP324: 6/23/2010 5:32:14 PM - System Checkpoint RP325: 6/25/2010 4:30:24 PM - System Checkpoint RP326: 6/26/2010 10:16:16 PM - System Checkpoint RP327: 6/27/2010 2:27:53 PM - Removed Adobe Photoshop.com Inspiration Browser RP328: 6/27/2010 2:34:31 PM - Removed Adobe Premiere Elements 8.0. RP329: 6/27/2010 2:39:16 PM - Configured SmartSound Quicktracks for Premiere Elements 8.0 RP330: 6/27/2010 2:55:48 PM - Removed Adobe Photoshop Elements 8.0. RP331: 6/27/2010 3:03:00 PM - Removed Quicken 2007 RP332: 6/27/2010 4:17:14 PM - Restore Operation RP333: 6/27/2010 5:47:54 PM - Installed Adobe Photoshop Elements 8.0. RP334: 6/30/2010 3:06:36 PM - System Checkpoint RP335: 7/2/2010 7:02:16 AM - Restore Operation RP336: 7/5/2010 4:01:26 PM - System Checkpoint RP337: 7/10/2010 7:37:11 PM - System Checkpoint RP338: 7/12/2010 10:50:40 AM - System Checkpoint ==== Installed Programs ====================== 32 Bit HP CIO Components Installer 3D Groove Playback Engine 5600 5600_Help 5600Trb 8500A909_eDocs 8500A909_Help 8500A909g Adobe AIR Adobe Flash Player 10 ActiveX Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader 7.1.0 Adobe Shockwave Player 11.5 AiO_Scan AiOSoftware America Online AnvSoft iPod Moive Maker 1.00 AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver Big Fish Games: Game Manager Bonjour BPD_DSWizards BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder CDDRV_Installer Conexant D850 56K V.9x DFVc Modem CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell System Restore DellSupport Destination Component DeviceDiscovery DeviceManagementQFolder Digital Content Portal Digital Line Detect Digital Photo Navigator 1.5 DocMgr DocProc Doras Carnival 2: At the Boardwalk Doras Carnival Adventure ELIcon ESPNMotion eSupportQFolder Fax Garmin ANT Agent 2.1.7 Garmin Communicator Plugin Garmin Training Center 3.4.3.0 Garmin USB Drivers Garmin WebUpdater Google Earth Google Update Helper GPBaseService2 High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB906569) Hotfix for Windows XP (KB908673) Hotfix for Windows XP (KB912024) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Customer Participation Program 12.0 HP Document Manager 2.0 HP Imaging Device Functions 12.0 HP Officejet Pro All-In-One Series HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Smart Web Printing HP Solution Center 12.0 HP Update HPProductAssistant HTC Driver Installer HTC Sync Intel Matrix Storage Manager Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections Intel(R) Quick Resume Technology Drivers Intel® Viiv™ InterVideo XPack (DVD Only) iTunes iTunes Agent 1.3.3 Java(TM) 6 Update 17 KhalInstallWrapper Kid's College CFA Landlord Forms Learn2 Player (Uninstall Only) Logitech Registration Logitech SetPoint Malwarebytes' Anti-Malware MarketResearch MCU ME2 Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveX Control Pad Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel Modem Helper MPM MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Musicmatch for Windows Media Player NetWaiting Network NewCopy Nikon Message Center Nikon RAW Codec Nikon Transfer Norton Internet Security OCR Software by I.R.I.S. 12.0 Officejet Pro 8500 A909 Series Picture Control Utility ProductContext QuickTime Readme RealPlayer Safari Scan ScannerCopy Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) SmartWebPrinting SolutionCenter Sonic Activation Module Sonic Encoders Status Toolbox TrayApp Unload UnloadSupport Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update Rollup 2 for Windows XP Media Center Edition 2005 WebCyberCoach 3.2 Dell WebEx WebFldrs XP WebReg Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows Search 4.0 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890927 Windows XP Hotfix - KB891781 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 ==== Event Viewer Messages From Past Week ======== 7/8/2010 4:33:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 7/8/2010 4:33:45 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/8/2010 4:33:41 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 7/7/2010 7:17:17 AM, error: Print [19] - Sharing printer failed + 1722, Printer HP Officejet Pro L7600 series share name AMSOffice. 7/5/2010 3:43:48 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 7/5/2010 3:26:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 7/5/2010 3:26:19 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/12/2010 8:54:43 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 7/12/2010 8:53:25 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'EraserUtilRebootDrv.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 7/12/2010 8:45:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/12/2010 5:53:29 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. 7/11/2010 9:59:36 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 7/11/2010 2:38:22 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Officejet 5600 series fax share name Printer. 7/11/2010 10:06:09 PM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%5" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding 7/11/2010 10:03:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect. 7/11/2010 10:03:13 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/11/2010 10:03:13 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/11/2010 10:03:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. 7/11/2010 10:03:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} ==== End Of File ===========================
|
|
#4
July 15th, 2010, 05:00 AM
|
||||
|
||||
|
Hello ates,
Bit of a delay due to limited responders right now. Let's get a current look at things, as well as do one other scan to check for certain types of rootkits. Then do some repairs. The logs posted are a bit "squeezed", so be sure to use Notepad when working with logs, and in Notepad, be sure to go to Format and uncheck Word Wrap when posting the log here. Run DDS again, but just post the DDS.txt log this time. Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe). Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each: cd\ mbr.exe -t Then type exit and press Enter to close the command window. The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.
|
|
#5
July 18th, 2010, 11:06 PM
|
|||
|
|||
|
Thanks for the response and willingness to help! I apologize for the delay, but I've been traveling. Here you go.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 5/15/2006 8:26:48 PM System Uptime: 7/14/2010 8:11:09 PM (94 hours ago) Motherboard: Dell Inc. | | 0FJ030 Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Microprocessor | 2793/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 144 GiB total, 81.343 GiB free. D: is CDROM () E: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Description: Officejet Pro L7600 Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\IMAGE\0000 Service: StillCam Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro L7600 Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro 8500 A909g Device ID: ROOT\MULTIFUNCTION\0001 Manufacturer: HP Name: Officejet Pro 8500 A909g PNP Device ID: ROOT\MULTIFUNCTION\0001 Service: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro L7600 Device ID: ROOT\PRINTER\0000 Manufacturer: HP Name: Officejet Pro L7600 PNP Device ID: ROOT\PRINTER\0000 Service: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro 8500 A909g Device ID: ROOT\PRINTER\0001 Manufacturer: HP Name: Officejet Pro 8500 A909g PNP Device ID: ROOT\PRINTER\0001 Service: ==== System Restore Points =================== RP290: 4/20/2010 10:15:36 AM - System Checkpoint RP291: 4/21/2010 11:02:48 AM - System Checkpoint RP292: 4/22/2010 11:27:52 AM - System Checkpoint RP293: 4/23/2010 1:30:48 PM - System Checkpoint RP294: 4/24/2010 1:38:47 PM - System Checkpoint RP295: 4/25/2010 3:38:47 PM - System Checkpoint RP296: 4/28/2010 7:57:25 PM - System Checkpoint RP297: 4/29/2010 8:28:47 PM - System Checkpoint RP298: 4/30/2010 9:54:53 PM - System Checkpoint RP299: 5/1/2010 8:11:35 AM - Printer Driver HP Officejet Pro 8500 A909g Series fax Installed RP300: 5/3/2010 3:11:34 PM - System Checkpoint RP301: 5/4/2010 9:14:06 PM - Installed HTC Driver Installer. RP302: 5/4/2010 9:14:43 PM - Installed HTC Sync. RP303: 5/4/2010 9:21:07 PM - Installed Windows XP Wdf01007. RP304: 5/5/2010 9:42:59 PM - System Checkpoint RP305: 5/6/2010 10:17:21 PM - Configured Microsoft Office Professional 2007 RP306: 5/18/2010 10:21:42 PM - System Checkpoint RP307: 5/19/2010 11:04:11 PM - System Checkpoint RP308: 5/21/2010 12:24:22 AM - System Checkpoint RP309: 5/22/2010 1:14:06 AM - System Checkpoint RP310: 5/23/2010 3:04:52 AM - System Checkpoint RP311: 5/24/2010 4:39:50 AM - System Checkpoint RP312: 5/25/2010 5:52:07 AM - System Checkpoint RP313: 5/26/2010 6:35:39 AM - System Checkpoint RP314: 5/27/2010 6:50:10 AM - System Checkpoint RP315: 5/28/2010 7:04:01 AM - System Checkpoint RP316: 5/31/2010 11:14:19 AM - System Checkpoint RP317: 6/1/2010 3:43:17 PM - System Checkpoint RP318: 6/2/2010 3:48:02 PM - System Checkpoint RP319: 6/3/2010 5:36:02 PM - System Checkpoint RP320: 6/11/2010 10:24:26 AM - System Checkpoint RP321: 6/12/2010 3:31:23 PM - System Checkpoint RP322: 6/13/2010 5:30:23 PM - System Checkpoint RP323: 6/16/2010 3:38:47 PM - System Checkpoint RP324: 6/23/2010 5:32:14 PM - System Checkpoint RP325: 6/25/2010 4:30:24 PM - System Checkpoint RP326: 6/26/2010 10:16:16 PM - System Checkpoint RP327: 6/27/2010 2:27:53 PM - Removed Adobe Photoshop.com Inspiration Browser RP328: 6/27/2010 2:34:31 PM - Removed Adobe Premiere Elements 8.0. RP329: 6/27/2010 2:39:16 PM - Configured SmartSound Quicktracks for Premiere Elements 8.0 RP330: 6/27/2010 2:55:48 PM - Removed Adobe Photoshop Elements 8.0. RP331: 6/27/2010 3:03:00 PM - Removed Quicken 2007 RP332: 6/27/2010 4:17:14 PM - Restore Operation RP333: 6/27/2010 5:47:54 PM - Installed Adobe Photoshop Elements 8.0. RP334: 6/30/2010 3:06:36 PM - System Checkpoint RP335: 7/2/2010 7:02:16 AM - Restore Operation RP336: 7/5/2010 4:01:26 PM - System Checkpoint RP337: 7/10/2010 7:37:11 PM - System Checkpoint RP338: 7/12/2010 10:50:40 AM - System Checkpoint RP339: 7/13/2010 11:58:39 AM - System Checkpoint RP340: 7/14/2010 12:39:51 PM - System Checkpoint RP341: 7/15/2010 1:53:54 PM - System Checkpoint RP342: 7/16/2010 2:26:03 PM - System Checkpoint RP343: 7/17/2010 4:29:27 PM - System Checkpoint RP344: 7/18/2010 5:25:28 PM - System Checkpoint ==== Installed Programs ====================== 32 Bit HP CIO Components Installer 3D Groove Playback Engine 5600 5600_Help 5600Trb 8500A909_eDocs 8500A909_Help 8500A909g Adobe AIR Adobe Flash Player 10 ActiveX Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader 7.1.0 Adobe Shockwave Player 11.5 AiO_Scan AiOSoftware America Online AnvSoft iPod Moive Maker 1.00 AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ATI Control Panel ATI Display Driver Big Fish Games: Game Manager Bonjour BPD_DSWizards BPD_Scan BPDSoftware BPDSoftware_Ini BufferChm Canon Camera Access Library Canon Camera Support Core Library Canon Camera Window DC_DV 5 for ZoomBrowser EX Canon Camera Window DC_DV 6 for ZoomBrowser EX Canon Camera Window MC 6 for ZoomBrowser EX Canon G.726 WMP-Decoder CDDRV_Installer Conexant D850 56K V.9x DFVc Modem CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Reset Tool Dell System Restore DellSupport Destination Component DeviceDiscovery DeviceManagementQFolder Digital Content Portal Digital Line Detect Digital Photo Navigator 1.5 DocMgr DocProc Doras Carnival 2: At the Boardwalk Doras Carnival Adventure ELIcon ESPNMotion eSupportQFolder Fax Garmin ANT Agent 2.1.7 Garmin Communicator Plugin Garmin Training Center 3.4.3.0 Garmin USB Drivers Garmin WebUpdater Google Earth Google Update Helper GPBaseService2 High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB906569) Hotfix for Windows XP (KB908673) Hotfix for Windows XP (KB912024) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Customer Participation Program 12.0 HP Document Manager 2.0 HP Imaging Device Functions 12.0 HP Officejet Pro All-In-One Series HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Smart Web Printing HP Solution Center 12.0 HP Update HPProductAssistant HTC Driver Installer HTC Sync Intel Matrix Storage Manager Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections Intel(R) Quick Resume Technology Drivers Intel® Viiv™ InterVideo XPack (DVD Only) iTunes iTunes Agent 1.3.3 Java(TM) 6 Update 17 KhalInstallWrapper Kid's College CFA Landlord Forms Learn2 Player (Uninstall Only) Logitech Registration Logitech SetPoint Malwarebytes' Anti-Malware MarketResearch MCU ME2 Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveX Control Pad Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MobileMe Control Panel Modem Helper MPM MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Musicmatch for Windows Media Player NetWaiting Network NewCopy Nikon Message Center Nikon RAW Codec Nikon Transfer Norton Internet Security OCR Software by I.R.I.S. 12.0 Officejet Pro 8500 A909 Series Picture Control Utility ProductContext QuickTime Readme RealPlayer Safari Scan ScannerCopy Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) SmartWebPrinting SolutionCenter Sonic Activation Module Sonic Encoders Status Toolbox TrayApp Unity Web Player Unload UnloadSupport Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update Rollup 2 for Windows XP Media Center Edition 2005 WebCyberCoach 3.2 Dell WebEx WebFldrs XP WebReg Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] Windows Media Player 11 Windows Search 4.0 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890927 Windows XP Hotfix - KB891781 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 ==== Event Viewer Messages From Past Week ======== 7/13/2010 10:24:18 AM, error: Print [19] - Sharing printer failed + 1722, Printer HP Officejet Pro L7600 series share name AMSOffice. 7/12/2010 8:54:43 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). 7/12/2010 8:53:25 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'EraserUtilRebootDrv.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 7/12/2010 8:45:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/12/2010 8:21:40 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect. 7/12/2010 8:21:40 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/12/2010 8:21:34 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 7/12/2010 5:53:29 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. 7/11/2010 9:59:36 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 7/11/2010 2:38:22 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Officejet 5600 series fax share name Printer. 7/11/2010 10:14:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect. 7/11/2010 10:06:09 PM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%5" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe -Embedding 7/11/2010 10:03:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect. 7/11/2010 10:03:14 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/11/2010 10:03:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 7/11/2010 10:03:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} ==== End Of File =========================== Part 2 MBR LOG Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86EE2EC5]<< kernel: MBR read successfully user & kernel MBR OK
|
|
#6
July 19th, 2010, 03:49 AM
|
||||
|
||||
|
Boot level driver file being tampered with there, so let's address that first.
Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to start the scan. A command window will open, and when the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. Note - if the scan prompts for a reboot, be sure to do that.
|
|
#7
July 19th, 2010, 01:07 PM
|
|||
|
|||
|
Here you go. I did a reboot after this post. Thanks!
08:04:52:650 5784 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 08:04:52:650 5784 ================================================== ============================== 08:04:52:650 5784 SystemInfo: 08:04:52:650 5784 OS Version: 5.1.2600 ServicePack: 2.0 08:04:52:650 5784 Product type: Workstation 08:04:52:650 5784 ComputerName: DFNB9Z91 08:04:52:650 5784 UserName: Alex 08:04:52:650 5784 Windows directory: C:\WINDOWS 08:04:52:650 5784 System windows directory: C:\WINDOWS 08:04:52:650 5784 Processor architecture: Intel x86 08:04:52:650 5784 Number of processors: 2 08:04:52:650 5784 Page size: 0x1000 08:04:52:650 5784 Boot type: Normal boot 08:04:52:650 5784 ================================================== ============================== 08:04:53:697 5784 Initialize success 08:04:53:697 5784 08:04:53:697 5784 Scanning Services ... 08:04:54:041 5784 Raw services enum returned 383 services 08:04:54:041 5784 08:04:54:041 5784 Scanning Drivers ... 08:04:55:510 5784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 08:04:55:651 5784 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 08:04:55:697 5784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 08:04:55:744 5784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 08:04:55:807 5784 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 08:04:55:901 5784 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys 08:04:55:948 5784 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 08:04:55:994 5784 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 08:04:56:010 5784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 08:04:56:010 5784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 08:04:56:026 5784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 08:04:56:088 5784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 08:04:56:119 5784 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys 08:04:56:151 5784 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys 08:04:56:151 5784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 08:04:56:182 5784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 08:04:56:198 5784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 08:04:56:213 5784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 08:04:56:245 5784 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 08:04:56:291 5784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 08:04:56:401 5784 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 08:04:56:526 5784 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 08:04:56:588 5784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 08:04:56:667 5784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 08:04:56:745 5784 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx 86.sys 08:04:56:838 5784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 08:04:56:854 5784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 08:04:56:932 5784 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx8 6.sys 08:04:56:995 5784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 08:04:56:995 5784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 08:04:57:057 5784 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 08:04:57:135 5784 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 08:04:57:198 5784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 08:04:57:214 5784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 08:04:57:229 5784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 08:04:57:260 5784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 08:04:57:276 5784 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 08:04:57:323 5784 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 08:04:57:354 5784 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 08:04:57:370 5784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 08:04:57:401 5784 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 08:04:57:417 5784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 08:04:57:448 5784 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 08:04:57:495 5784 DSI_SiUSBXp_3_1 (bc9c2ef22ee0320c079e3ff9b4d29951) C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys 08:04:57:651 5784 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 08:04:57:745 5784 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 08:04:57:761 5784 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 08:04:57:823 5784 e1express (5b75bbf89d8341f424171df7ad9dc465) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 08:04:57:917 5784 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08:04:57:995 5784 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys 08:04:58:042 5784 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys 08:04:58:058 5784 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys 08:04:58:058 5784 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys 08:04:58:073 5784 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys 08:04:58:089 5784 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 08:04:58:136 5784 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 08:04:58:167 5784 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 08:04:58:198 5784 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 08:04:58:229 5784 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 08:04:58:245 5784 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 08:04:58:276 5784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 08:04:58:292 5784 Ftdisk (2b1c923bc5dc1a13bf8f3a5dc0b1106e) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 08:04:58:292 5784 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 2b1c923bc5dc1a13bf8f3a5dc0b1106e, Fake md5: 6ac26732762483366c3969c9e4d2259d 08:04:58:292 5784 File "C:\WINDOWS\system32\DRIVERS\ftdisk.sys" infected by TDSS rootkit ... 08:05:01:496 5784 Backup copy found, using it.. 08:05:01:699 5784 will be cured on next reboot 08:05:01:871 5784 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 08:05:01:965 5784 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 08:05:02:043 5784 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 08:05:02:121 5784 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 08:05:02:168 5784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 08:05:02:199 5784 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 08:05:02:246 5784 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 08:05:02:309 5784 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 08:05:02:418 5784 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 08:05:02:512 5784 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 08:05:02:653 5784 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys 08:05:02:746 5784 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 08:05:02:825 5784 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 08:05:02:856 5784 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys 08:05:02:871 5784 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 08:05:02:934 5784 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys 08:05:03:247 5784 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100716. 001\IDSxpx86.sys 08:05:03:293 5784 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 08:05:03:325 5784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 08:05:03:387 5784 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 08:05:03:450 5784 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 08:05:03:497 5784 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 08:05:03:528 5784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 08:05:03:590 5784 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 08:05:03:653 5784 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 08:05:03:669 5784 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 08:05:03:700 5784 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 08:05:03:747 5784 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 08:05:03:762 5784 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 08:05:03:825 5784 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 08:05:03:856 5784 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 08:05:03:903 5784 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 08:05:03:919 5784 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 08:05:03:981 5784 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 08:05:04:028 5784 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 08:05:04:075 5784 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys 08:05:04:262 5784 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys 08:05:04:325 5784 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 08:05:04:387 5784 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 08:05:04:497 5784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 08:05:04:559 5784 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 08:05:04:622 5784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 08:05:04:700 5784 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 08:05:04:763 5784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 08:05:04:856 5784 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 08:05:04:935 5784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 08:05:04:966 5784 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 08:05:05:028 5784 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 08:05:05:044 5784 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 08:05:05:075 5784 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 08:05:05:122 5784 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 08:05:05:153 5784 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 08:05:05:185 5784 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 08:05:05:200 5784 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 08:05:05:513 5784 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2010071 8.003\NAVENG.SYS 08:05:05:591 5784 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2010071 8.003\NAVEX15.SYS 08:05:05:653 5784 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 08:05:05:669 5784 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 08:05:05:700 5784 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 08:05:05:732 5784 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 08:05:05:747 5784 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 08:05:05:763 5784 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 08:05:05:825 5784 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 08:05:05:841 5784 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 08:05:05:904 5784 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 08:05:05:982 5784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 08:05:06:075 5784 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 08:05:06:138 5784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 08:05:06:154 5784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 08:05:06:201 5784 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 08:05:06:232 5784 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 08:05:06:263 5784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 08:05:06:279 5784 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 08:05:06:294 5784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 08:05:06:310 5784 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 08:05:06:404 5784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 08:05:06:451 5784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 08:05:06:513 5784 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 08:05:06:513 5784 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 08:05:06:529 5784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 08:05:06:560 5784 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 08:05:06:591 5784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 08:05:06:623 5784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 08:05:06:951 5784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 08:05:07:013 5784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 08:05:07:060 5784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 08:05:07:107 5784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 08:05:07:138 5784 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 08:05:07:154 5784 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 08:05:07:201 5784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 08:05:07:279 5784 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 08:05:07:295 5784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 08:05:07:295 5784 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 08:05:07:357 5784 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 08:05:07:420 5784 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 08:05:07:482 5784 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 08:05:07:545 5784 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7)
|
|
#8
July 19th, 2010, 01:07 PM
|
|||
|
|||
|
The second part of the scan...
C:\WINDOWS\system32\Drivers\RootMdm.sys 08:05:07:592 5784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 08:05:07:670 5784 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 08:05:08:060 5784 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 08:05:08:107 5784 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 08:05:08:170 5784 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys 08:05:08:248 5784 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 08:05:08:326 5784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 08:05:08:389 5784 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 08:05:08:467 5784 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 08:05:08:607 5784 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP. SYS 08:05:08:623 5784 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX .SYS 08:05:08:686 5784 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys 08:05:08:811 5784 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys 08:05:08:873 5784 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 08:05:08:889 5784 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 08:05:08:936 5784 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 08:05:08:967 5784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 08:05:09:029 5784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 08:05:09:123 5784 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA .SYS 08:05:09:201 5784 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 08:05:09:217 5784 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW. SYS 08:05:09:248 5784 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS .SYS 08:05:09:311 5784 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys 08:05:09:342 5784 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys 08:05:09:342 5784 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDI S.SYS 08:05:09:389 5784 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI .SYS 08:05:09:451 5784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 08:05:09:514 5784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 08:05:09:592 5784 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 08:05:09:655 5784 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 08:05:09:686 5784 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 08:05:09:717 5784 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 08:05:09:764 5784 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 08:05:09:795 5784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 08:05:09:905 5784 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 08:05:09:952 5784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 08:05:10:030 5784 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 08:05:10:077 5784 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 08:05:10:139 5784 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 08:05:10:155 5784 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys 08:05:10:170 5784 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 08:05:10:217 5784 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 08:05:10:280 5784 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 08:05:10:358 5784 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 08:05:10:374 5784 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 08:05:10:374 5784 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 08:05:10:420 5784 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys 08:05:10:467 5784 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 08:05:10:499 5784 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 08:05:10:530 5784 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 08:05:10:577 5784 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 08:05:10:639 5784 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 08:05:10:702 5784 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys 08:05:10:811 5784 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 08:05:10:889 5784 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 08:05:10:952 5784 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 08:05:11:030 5784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 08:05:11:077 5784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 08:05:11:124 5784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 08:05:11:171 5784 Reboot required for cure complete.. 08:05:11:436 5784 Cure on reboot scheduled successfully 08:05:11:436 5784 08:05:11:436 5784 Completed 08:05:11:436 5784 08:05:11:436 5784 Results: 08:05:11:436 5784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 08:05:11:436 5784 File objects infected / cured / cured on reboot: 1 / 0 / 1 08:05:11:436 5784 08:05:11:436 5784 KLMD(ARK) unloaded successfully
|
|
#9
July 20th, 2010, 12:07 AM
|
||||
|
||||
|
Good, that took out what has been a tough procedure.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. Download ComboFix.exe from here to your desktop, then click that to run that scan. Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#10
July 20th, 2010, 01:40 AM
|
|||
|
|||
|
Here you go. THanks!
ComboFix 10-07-19.01 - Alex 07/19/2010 20:01:52.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.371 [GMT -4:00] Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winsusrm.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV.SYS ((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 ))))))))))))))))))))))))))))))) . 2010-07-18 22:03 . 2010-07-18 22:03 77312 ----a-w- C:\mbr.exe 2010-07-14 21:01 . 2010-07-14 21:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Unity 2010-07-12 01:59 . 2010-07-12 01:59 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-07-12 00:13 . 2010-07-12 12:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\etriscyvv 2010-07-07 16:34 . 2010-07-07 19:17 -------- d-----w- c:\program files\Doras Carnival 2 - At the Boardwalk 2010-07-07 15:34 . 2010-07-07 20:04 -------- d-----w- c:\program files\Doras Carnival Adventure 2010-07-07 15:34 . 2010-07-07 15:34 -------- d-----w- c:\program files\bfgclient 2010-07-07 15:30 . 2010-07-07 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2010-06-27 22:09 . 2010-06-27 22:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-27 21:19 . 2010-06-27 21:20 1228312 ----a-w- C:\PhotoshopElements_8_MUL.exe 2010-06-27 19:56 . 2010-06-27 20:15 -------- d-----w- c:\program files\iPod 2010-06-27 19:55 . 2010-06-27 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-06-27 19:52 . 2010-06-27 20:14 -------- d-----w- c:\program files\Bonjour 2010-06-27 18:36 . 2010-06-27 18:36 -------- d-----w- c:\windows\system32\syncdb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-07-19 23:59 . 2010-04-26 13:22 -------- d-----w- c:\documents and settings\Alex\Application Data\HPAppData 2010-07-19 12:13 . 2001-08-17 18:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 00:05 . 2010-03-06 17:48 -------- d-----w- c:\program files\Google 2010-07-12 00:13 . 2006-07-01 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-11 21:12 . 2009-11-14 04:27 72640 ---ha-w- c:\windows\system32\mlfcache.dat 2010-07-10 21:18 . 2008-07-13 13:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-07 15:33 . 2010-07-07 15:31 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_ l1.exe 2010-06-27 22:11 . 2006-05-16 03:10 90280 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-27 21:54 . 2006-05-16 22:16 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-27 21:35 . 2009-11-11 01:22 -------- d-----w- c:\documents and settings\Alex\Application Data\Download Manager 2010-06-27 20:26 . 2010-06-27 20:26 348160 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2d7129b7-n\msvcr71.dll 2010-06-27 20:26 . 2010-06-27 20:26 503808 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2d7129b7-n\msvcp71.dll 2010-06-27 20:26 . 2010-06-27 20:26 499712 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2d7129b7-n\jmc.dll 2010-06-27 20:16 . 2009-02-01 17:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-27 20:15 . 2006-05-16 02:27 -------- d-----w- c:\program files\iTunes 2010-06-27 20:14 . 2008-01-26 03:51 -------- d-----w- c:\program files\Common Files\Apple 2010-06-27 19:49 . 2010-06-27 19:49 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-27 19:11 . 2008-07-13 13:30 -------- d-----w- c:\program files\Yahoo! 2010-06-27 19:04 . 2006-05-16 02:27 -------- d-----w- c:\program files\HP 2010-06-27 19:03 . 2006-05-16 01:42 -------- d-----w- c:\program files\Quicken 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnivala dven_s1_l1_gF649T1L1_d951108712[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnivala dven_s1_l1_gF649T1L1_d951106424[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnivala dven_s1_l1_gF649T1L1_d951105417[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951417254[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951417063[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951416678[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951174257[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951173982[1].exe 2010-06-01 23:06 . 2010-06-01 23:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-01 12:50 . 2010-04-26 12:32 188894 ----a-w- c:\windows\hpwins22.dat 2007-10-16 16:18 . 2007-10-16 16:18 14603672 ----a-w- c:\program files\jre-6u3-windows-i586-p.exe 2007-05-19 12:39 . 2007-05-19 12:39 52421096 ----a-w- c:\program files\Quicken_Home_Business_2007.exe 2006-07-16 16:40 . 2006-05-16 03:04 88 --sh--r- c:\windows\system32\1E1AF94DD6.sys 2007-10-02 02:44 . 2006-06-10 22:34 104 --sh--r- c:\windows\system32\D64DF91A1E.sys 2007-10-02 02:44 . 2006-05-16 03:04 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent] 2008-09-02 17:42 8203352 ----a-w- c:\garmin\ANT Agent\ANT Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-10 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite] 2009-11-19 20:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoshopElements8SyncAg ent] 2009-10-09 09:47 1893728 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000 .029\SymEFA.sys [2/2/2010 3:50 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029 \BHDrvx86.sys [2/2/2010 3:50 AM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.0 29\cchpx86.sys [2/2/2010 3:50 AM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100716. 001\IDSXpx86.sys [7/16/2010 7:00 PM 331640] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 3:50 AM 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/12/2010 7:31 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/4/2010 9:14 PM 24576] S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [5/15/2006 9:43 PM 15576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 17:48] 2010-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 17:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5577 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://174.34.132.146/TOPPS/plugin/DFusionWeb.Installer.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) SafeBoot-klmdb.sys AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-19 20:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2412) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\wanmpsvc.exe c:\windows\system32\SearchIndexer.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dllhost.exe . ************************************************** ************************ . Completion time: 2010-07-19 20:21:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-20 00:21 Pre-Run: 87,408,816,128 bytes free Post-Run: 91,254,378,496 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect - - End Of File - - 8B6FE5583A63C9F304F55D7CFE069C2D
|
|
#11
July 20th, 2010, 04:33 AM
|
||||
|
||||
|
ComboFix did remove a rootkit driver, but not real sure the file it removed is actually malware. We can check that to be sure.
Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" Go to this SITE. Click on the Browse button, and navigate to the following hilighted file(s), upload and submit it. Copy the results with the notepad and copy/paste them back here. C:\qoobox\Quarantine\C\windows\system32\winsusrm.dll.vir --------------- To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Open and update Malwarebytes. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. --------------- Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: Remove found threats Scan unwanted applications Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan. Post that log and the Malwarebytes log please.
|
|
#12
July 20th, 2010, 12:44 PM
|
|||
|
|||
|
Jintan - It looks like we're getting close
 Jotti's malware scan Filename: winsusrm.dll.vir Status: Scan finished. 0 out of 19 scanners reported malware. Scan taken on: Tue 20 Jul 2010 12:16:07 (CET) Permalink -------------------------------------------------------------------------------- Additional info File size: 264 bytes Filetype: Unknown MD5: 709b3c90cf284bf5e565f1232d2fdede SHA1: 4e6bd619c75465c7aad135d4428f5b0da2646308 Scanners 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-19 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-19 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-20 Found nothing 2010-07-19 Found nothing 2010-07-19 Found nothing 2010-07-20 Found nothing Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3983 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 7/20/2010 6:24:38 AM mbam-log-2010-07-20 (06-24-38).txt Scan type: Quick scan Objects scanned: 122687 Time elapsed: 5 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=dec8a8cefd49554a90ffadf72ea4dc9e # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-07-20 11:42:37 # local_time=2010-07-20 07:42:37 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 44723533 44723533 0 0 # compatibility_mode=3588 16777189 100 96 5889860 27774163 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=126757 # found=0 # cleaned=0 # scan_time=4308
|
|
#13
July 21st, 2010, 02:30 AM
|
||||
|
||||
|
Good work, and I agree, the system shows as clean at this point. Some changes we still need to make, so let's do those and verify they got corrected before we start cleaning up here.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it: Code:
DeQuarantine:: C:\qoobox\Quarantine\C\windows\system32\winsusrm.dll.vir DirLook:: c:\windows\system32\syncdb Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyOverride"=- "ProxyServer"=- You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan. ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#14
July 21st, 2010, 03:15 AM
|
|||
|
|||
|
Here you go. I'm impressed!
ComboFix 10-07-19.01 - 07/20/2010 22:02:13.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.424 [GMT -4:00] Running from: c:\documents and settings\Alex\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Alex\Desktop\CFScript.txt AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\winsusrm.dll . ((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))) . 2010-07-20 10:27 . 2010-07-20 10:27 -------- d-----w- c:\program files\ESET 2010-07-18 22:03 . 2010-07-18 22:03 77312 ----a-w- C:\mbr.exe 2010-07-14 21:01 . 2010-07-14 21:01 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\Unity 2010-07-12 01:59 . 2010-07-12 01:59 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2010-07-12 00:13 . 2010-07-12 12:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\etriscyvv 2010-07-07 16:34 . 2010-07-07 19:17 -------- d-----w- c:\program files\Doras Carnival 2 - At the Boardwalk 2010-07-07 15:34 . 2010-07-07 20:04 -------- d-----w- c:\program files\Doras Carnival Adventure 2010-07-07 15:34 . 2010-07-07 15:34 -------- d-----w- c:\program files\bfgclient 2010-07-07 15:31 . 2010-07-07 15:33 3085800 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_ l1.exe 2010-07-07 15:30 . 2010-07-07 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache 2010-06-27 22:09 . 2010-06-27 22:09 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-27 21:19 . 2010-06-27 21:20 1228312 ----a-w- C:\PhotoshopElements_8_MUL.exe 2010-06-27 20:26 . 2010-06-27 20:26 348160 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2d7129b7-n\msvcr71.dll 2010-06-27 20:26 . 2010-06-27 20:26 503808 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2d7129b7-n\msvcp71.dll 2010-06-27 20:26 . 2010-06-27 20:26 499712 ----a-w- c:\documents and settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2d7129b7-n\jmc.dll 2010-06-27 19:56 . 2010-06-27 20:15 -------- d-----w- c:\program files\iPod 2010-06-27 19:55 . 2010-06-27 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-06-27 19:52 . 2010-06-27 20:14 -------- d-----w- c:\program files\Bonjour 2010-06-27 19:49 . 2010-06-27 19:49 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe 2010-06-27 18:36 . 2010-06-27 18:36 -------- d-----w- c:\windows\system32\syncdb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2010-07-21 00:46 . 2010-04-26 13:22 -------- d-----w- c:\documents and settings\Alex\Application Data\HPAppData 2010-07-19 12:13 . 2001-08-17 18:52 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 00:05 . 2010-03-06 17:48 -------- d-----w- c:\program files\Google 2010-07-12 00:13 . 2006-07-01 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-11 21:12 . 2009-11-14 04:27 72640 ---ha-w- c:\windows\system32\mlfcache.dat 2010-07-10 21:18 . 2008-07-13 13:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-27 22:11 . 2006-05-16 03:10 90280 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-27 21:54 . 2006-05-16 22:16 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-27 21:35 . 2009-11-11 01:22 -------- d-----w- c:\documents and settings\Alex\Application Data\Download Manager 2010-06-27 20:16 . 2009-02-01 17:27 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-27 20:15 . 2006-05-16 02:27 -------- d-----w- c:\program files\iTunes 2010-06-27 20:14 . 2008-01-26 03:51 -------- d-----w- c:\program files\Common Files\Apple 2010-06-27 19:11 . 2008-07-13 13:30 -------- d-----w- c:\program files\Yahoo! 2010-06-27 19:04 . 2006-05-16 02:27 -------- d-----w- c:\program files\HP 2010-06-27 19:03 . 2006-05-16 01:42 -------- d-----w- c:\program files\Quicken 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnivala dven_s1_l1_gF649T1L1_d951108712[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnivala dven_s1_l1_gF649T1L1_d951106424[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnivala dven_s1_l1_gF649T1L1_d951105417[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951417254[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951417063[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951416678[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951174257[1].exe 2010-06-10 22:00 . 2010-06-10 22:00 143360 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\dorascarnival2 atth_s1_l1_gF1559T1L1_d951173982[1].exe 2010-06-01 23:06 . 2010-06-01 23:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-05-01 12:50 . 2010-04-26 12:32 188894 ----a-w- c:\windows\hpwins22.dat 2007-10-16 16:18 . 2007-10-16 16:18 14603672 ----a-w- c:\program files\jre-6u3-windows-i586-p.exe 2007-05-19 12:39 . 2007-05-19 12:39 52421096 ----a-w- c:\program files\Quicken_Home_Business_2007.exe 2006-07-16 16:40 . 2006-05-16 03:04 88 --sh--r- c:\windows\system32\1E1AF94DD6.sys 2007-10-02 02:44 . 2006-06-10 22:34 104 --sh--r- c:\windows\system32\D64DF91A1E.sys 2007-10-02 02:44 . 2006-05-16 03:04 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) ))))))) . ---- Directory of c:\windows\system32\syncdb ---- 2010-06-27 18:36 . 2010-06-27 18:36 564 ----a-w- c:\windows\system32\syncdb\.pref ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2008-09-02 8203352] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nikon Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent] 2008-09-02 17:42 8203352 ----a-w- c:\garmin\ANT Agent\ANT Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-02-17 23:37 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-10 10:00 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-10-05 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2007-08-30 15:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-09-11 09:40 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2007-04-11 21:32 56080 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite] 2009-11-19 20:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoshopElements8SyncAg ent] 2009-10-09 09:47 1893728 ----a-w- c:\program files\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000 .029\SymEFA.sys [2/2/2010 3:50 AM 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1008000.029 \BHDrvx86.sys [2/2/2010 3:50 AM 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1008000.0 29\cchpx86.sys [2/2/2010 3:50 AM 482432] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100720. 001\IDSXpx86.sys [7/20/2010 8:17 PM 331640] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 5:45 AM 169312] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 3:50 AM 117640] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/12/2010 7:31 PM 102448] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/6/2010 1:48 PM 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/4/2010 9:14 PM 24576] S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [5/15/2006 9:43 PM 15576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 17:48] 2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 17:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6 097707281E79.dll/cmsidewiki.html DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.7.1/GarminAxControl.CAB DPF: {59E937ED-AC7E-407D-B40B-6545B1EECDE7} - hxxp://174.34.132.146/TOPPS/plugin/DFusionWeb.Installer.exe . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-20 22:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1" . Completion time: 2010-07-20 22:13:56 ComboFix-quarantined-files.txt 2010-07-21 02:13 ComboFix2.txt 2010-07-20 00:21 C:\DeQuarantine.txt Pre-Run: 91,128,016,896 bytes free Post-Run: 91,122,663,424 bytes free - - End Of File - - 377C0FA551F9132773B10C881A6EA066
|
|
#15
July 22nd, 2010, 12:28 AM
|
||||
|
||||
|
Kinda looks like it took out that same file again. Navigate to the c:\windows\system32 folder, and check if winsusrm.dll is not there.
If it isn't, copy this file to the System32 folder, right click it and rename it to winsusrm.dll. C:\qoobox\Quarantine\C\windows\system32\winsusrm.dll.vir Post back how that went please.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Cannot use progams, security suite malware. | Sunderland06 | Malware Removal | 1 | August 15th, 2010 06:03 AM |
| AV Security Suite | oasis.g | Malware Removal | 5 | July 15th, 2010 02:17 AM |
| 'AV security suite' malware | ryno | Malware Removal | 94 | July 12th, 2010 02:28 AM |
| AT&T McAfee Security Suite & Malwarebytes Anti-Malware | kimbee | Applications | 4 | November 7th, 2009 06:01 PM |
| Security Suite | Shalimarp3 | Windows XP | 2 | December 30th, 2006 05:31 AM |
All times are GMT +1. The time now is 05:12 AM.