Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tidserv request - repeated intrusion attempts


  • This topic is locked This topic is locked
12 replies to this topic

#1 lugnut33

lugnut33

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 22 July 2010 - 01:17 PM

Hello,

I posted this earlier, but in the wrong forum. I'm new at this sort of thing so pardon my lack of knowledge about what to say, ask, and/or do.

My Norton AntiVirus 2010 keeps prompting me about repeated intrusion attempts from various IP addresses. They happen every few minutes, and eventually the pc locks up. I'm running Windows XP SP3. Norton says it's an https tidserv request.

I've also noticed redirects in Google to pages I wasn't trying to go to. I've run full scans using the Norton Antivirus I have installed as well as the free version from Malwarebytes. Nothing was detected. But I know something is in my machine.

No clue what to do or how to fix it. Any help would be greatly appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:24 AM

Posted 22 July 2010 - 03:47 PM

Good evening. smile.gif

Please go here, follow steps 6, 7 and 8 and post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 lugnut33

lugnut33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 July 2010 - 05:20 AM

The gmer process was still running when I left home for work. Will post results this evening. Thanks for the quick response.

#4 lugnut33

lugnut33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 23 July 2010 - 06:07 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by kjarboe at 20:12:02.18 on Thu 07/22/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1230 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\kjarboe.GWA-GWA-FM56917\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kjarboe.GWA-GWA-FM56917\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WebCamRT.exe]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Winstw] C:\3611010322512590875.exe
uRun: [WinMedia] C:\3611010322512560234.exe
uRun: [Winsti] C:\3611010322512590875.exe
uRun: [Winsta] C:\3611010322512590875.exe
uRun: [Winstq] C:\3611010322512590875.exe
uRun: [Winstc] C:\3611010322512590875.exe
uRun: [Winsth] C:\3611010322512590875.exe
uRun: [Winstl] C:\3611010322512590875.exe
uRun: [Winstg] C:\3611010322512590875.exe
uRun: [Winstk] C:\3611010322512590875.exe
uRun: [Winste] C:\3611010322512590875.exe
uRun: [Winstz] C:\3611010322512590875.exe
uRun: [Winstp] C:\3611010322512590875.exe
uRun: [Winstr] C:\3611010322512590875.exe
uRun: [Winstn] C:\3611010322512590875.exe
uRun: [Winstd] C:\3611010322512590875.exe
uRun: [Winsty] C:\3611010322512590875.exe
uRun: [Winsto] C:\3611010322512590875.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\kjarboe.gwa-gwa-fm56917\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [HydraVisionDesktopManager] desk98.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [USRpdA]
mRun: [3c1807pd] c:\windows\system32\3cmlink.exe runservices \device\3cpipe-3c1807pd
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\kjarbo~1.gwa\startm~1\programs\startup\bjstat~1.lnk - c:\documents and settings\kjarboe.gwa-gwa-fm56917\cnmss Canon i9900 (Local).exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instan~1.lnk - c:\program files\u.s. robotics\controlcenter\Reminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166231410250
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166275947515
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37756.455
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

============= SERVICES / DRIVERS ===============

R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2003-11-14 6097]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1107000.00c\symds.sys [2010-7-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1107000.00c\symefa.sys [2010-7-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.6.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-6-18 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1107000.00c\cchpx86.sys [2010-7-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1107000.00c\ironx86.sys [2010-7-20 116784]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2002-5-8 212992]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-21 304464]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.7.0.12\ccsvchst.exe [2010-7-20 126392]
R2 NetAlrt;NetAlrt;c:\windows\system32\drivers\Netalrt.sys [2002-5-7 39680]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 PlatAlrt;PlatAlrt;c:\windows\system32\drivers\platalrt.sys [2002-5-7 23744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-19 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.6.0.32\definitions\ipsdefs\20100720.001\IDSXpx86.sys [2010-7-20 331640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-21 20952]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.6.0.32\definitions\virusdefs\20100721.020\NAVENG.SYS [2010-7-21 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.6.0.32\definitions\virusdefs\20100721.020\NAVEX15.SYS [2010-7-21 1362608]
S3 PatchLink Install;PatchLink Install;"c:\windows\patchlink\deploy wizard\plinstsvc.exe" --> c:\windows\patchlink\deploy wizard\PLInstSvc.exe [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2007-12-28 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2007-12-28 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2007-12-28 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2007-12-28 59520]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2003-11-14 299923]

=============== Created Last 30 ================

2010-07-23 00:10:49 0 ----a-w- c:\documents and settings\kjarboe.gwa-gwa-fm56917\defogger_reenable
2010-07-21 19:33:59 0 d-----w- c:\docume~1\kjarbo~1.gwa\applic~1\Malwarebytes
2010-07-21 19:33:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 19:33:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 19:33:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 19:33:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-20 23:19:19 0 d-----w- c:\docume~1\kjarbo~1.gwa\applic~1\Tific
2010-07-20 01:28:15 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-20 01:28:15 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-20 01:28:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-20 01:28:15 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-20 01:28:15 0 d-----w- c:\program files\Symantec
2010-07-20 01:27:25 0 d-----w- c:\program files\Norton AntiVirus
2010-07-20 01:26:13 0 d-----w- c:\program files\NortonInstaller

==================== Find3M ====================

2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-02-21 17:53:50 1925670 ----a-w- c:\program files\swflash.cab
2008-09-13 13:40:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 20:13:59.03 ===============

Attached Files



#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:24 AM

Posted 24 July 2010 - 03:29 PM

Good evening. smile.gif

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop - this is important.
  • You will then need to extract the file(s) from the zipped folder.

  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish


  • Close all open programs as a reboot may be required.
  • Go to Start > Run, copy and paste the following into the text box and hit OK:

    "%userprofile%\desktop\tdsskiller\TDSSKiller.exe" -l report.txt

  • A Command Window will open and the tool will scan and produce a log called report.txt that can be found in the TDSSKiller folder that you unzipped.
  • If the tool prompts for a reboot, please allow it to do so; if it fails to reboot after prompting, reboot manually
Please post the contents of the log, report.txt, in your next reply and let me know if the PC is still misbehaving.

So long, and thanks for all the fish.

 

 


#6 lugnut33

lugnut33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 24 July 2010 - 07:38 PM

Thanks for the help. The reports from the TDSSkiller are below. My computer seems to be acting more normal today. I actually ended up downloading the pay version of Malwarebytes yesterday and have that running along side Norton now. Neither app has recorded any high severity intrusion attempts and my machine did not lock up today. (but I haven't been online very much) I didn't really do anything to make this stop so I'm still concerned.

Please let me know if there are additional steps I need to take based on the logs. Thanks so much for all the help.

2010/07/24 20:21:51.0394 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/24 20:21:51.0394 ================================================================================
2010/07/24 20:21:51.0394 SystemInfo:
2010/07/24 20:21:51.0394
2010/07/24 20:21:51.0394 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/24 20:21:51.0394 Product type: Workstation
2010/07/24 20:21:51.0394 ComputerName: GWA-GWA-FM56917
2010/07/24 20:21:51.0394 UserName: kjarboe
2010/07/24 20:21:51.0394 Windows directory: C:\WINDOWS
2010/07/24 20:21:51.0394 System windows directory: C:\WINDOWS
2010/07/24 20:21:51.0394 Processor architecture: Intel x86
2010/07/24 20:21:51.0394 Number of processors: 1
2010/07/24 20:21:51.0394 Page size: 0x1000
2010/07/24 20:21:51.0394 Boot type: Normal boot
2010/07/24 20:21:51.0394 ================================================================================
2010/07/24 20:21:51.0801 Initialize success
2010/07/24 20:22:00.0722 ================================================================================
2010/07/24 20:22:00.0722 Scan started
2010/07/24 20:22:00.0722 Mode: Manual;
2010/07/24 20:22:00.0722 ================================================================================
2010/07/24 20:22:01.0097 3c1807pd (69949e77839c8bae19a84c3e4fdd1a2f) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
2010/07/24 20:22:01.0285 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2010/07/24 20:22:01.0426 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/07/24 20:22:01.0535 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/24 20:22:01.0676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/24 20:22:01.0863 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2010/07/24 20:22:02.0004 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/07/24 20:22:02.0113 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/24 20:22:02.0222 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/24 20:22:02.0332 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/24 20:22:02.0426 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2010/07/24 20:22:02.0566 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2010/07/24 20:22:02.0707 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2010/07/24 20:22:02.0863 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2010/07/24 20:22:03.0004 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2010/07/24 20:22:03.0129 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2010/07/24 20:22:03.0238 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2010/07/24 20:22:03.0363 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2010/07/24 20:22:03.0504 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2010/07/24 20:22:03.0644 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2010/07/24 20:22:03.0801 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2010/07/24 20:22:03.0926 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/24 20:22:04.0035 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/24 20:22:04.0222 ati2mtag (f9e8c05a3e9854bb54e843eef03631ba) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/07/24 20:22:04.0410 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/24 20:22:04.0551 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/24 20:22:04.0660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/24 20:22:04.0832 BHDrvx86 (87c00decc19bd995217a4a5fdd4d638c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys
2010/07/24 20:22:04.0972 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2010/07/24 20:22:05.0129 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/24 20:22:05.0238 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/24 20:22:05.0394 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys
2010/07/24 20:22:05.0550 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2010/07/24 20:22:05.0644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/24 20:22:05.0769 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/24 20:22:05.0894 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/07/24 20:22:05.0988 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/07/24 20:22:06.0097 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/24 20:22:06.0207 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/07/24 20:22:06.0379 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2010/07/24 20:22:06.0504 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2010/07/24 20:22:06.0660 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2010/07/24 20:22:06.0816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2010/07/24 20:22:06.0988 Disk (ce5b426791f552a59694e2e086c7ef44) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/24 20:22:06.0988 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: ce5b426791f552a59694e2e086c7ef44, Fake md5: 044452051f3e02e7963599fc8f4f3e25
2010/07/24 20:22:06.0988 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/07/24 20:22:07.0160 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/24 20:22:07.0316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/24 20:22:07.0425 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/24 20:22:07.0519 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/24 20:22:07.0644 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2010/07/24 20:22:07.0769 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/24 20:22:07.0910 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/07/24 20:22:08.0050 E1000 (854293999e91bf2eb9e786166de4a35f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/07/24 20:22:08.0175 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/07/24 20:22:08.0300 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2010/07/24 20:22:08.0394 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/07/24 20:22:08.0519 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/24 20:22:08.0613 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/24 20:22:08.0738 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/24 20:22:08.0863 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/24 20:22:08.0988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/24 20:22:09.0082 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/24 20:22:09.0191 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/24 20:22:09.0300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/07/24 20:22:09.0410 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/24 20:22:09.0535 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/24 20:22:09.0644 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2010/07/24 20:22:09.0800 hpt3xx (b077b7f8e79779ea967e84a4fc040227) C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
2010/07/24 20:22:09.0925 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/24 20:22:10.0050 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/24 20:22:10.0144 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2010/07/24 20:22:10.0238 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/24 20:22:10.0363 idisw2km (710e9133c89a666d6fdca3ef88ece15c) C:\WINDOWS\system32\DRIVERS\idisw2km.sys
2010/07/24 20:22:10.0535 IDSxpx86 (231c3f6d5c520e99924e1e37401a90c4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100723.001\IDSxpx86.sys
2010/07/24 20:22:10.0660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/24 20:22:10.0800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2010/07/24 20:22:10.0941 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2010/07/24 20:22:11.0050 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/07/24 20:22:11.0175 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/24 20:22:11.0300 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/24 20:22:11.0425 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/24 20:22:11.0550 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/24 20:22:11.0660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/24 20:22:11.0785 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/24 20:22:11.0972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/24 20:22:12.0082 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/24 20:22:12.0175 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/24 20:22:12.0285 kbstuff (bf9f10f0bef9e4be73f00c40f8f1de76) C:\WINDOWS\system32\DRIVERS\kbstuff5.sys
2010/07/24 20:22:12.0394 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/24 20:22:12.0519 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/24 20:22:12.0629 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/24 20:22:12.0832 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/07/24 20:22:12.0941 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/07/24 20:22:13.0050 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/24 20:22:13.0175 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/24 20:22:13.0300 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/24 20:22:13.0410 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/24 20:22:13.0504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/24 20:22:13.0613 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2010/07/24 20:22:13.0691 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/07/24 20:22:13.0754 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/07/24 20:22:13.0894 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/24 20:22:14.0035 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/24 20:22:14.0207 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/24 20:22:14.0332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/24 20:22:14.0488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/24 20:22:14.0644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/24 20:22:14.0800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/24 20:22:14.0988 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/24 20:22:15.0128 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/24 20:22:15.0238 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/24 20:22:15.0394 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100724.002\NAVENG.SYS
2010/07/24 20:22:15.0519 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100724.002\NAVEX15.SYS
2010/07/24 20:22:15.0660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/24 20:22:15.0800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/24 20:22:15.0910 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/24 20:22:16.0003 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/24 20:22:16.0113 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/24 20:22:16.0191 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/24 20:22:16.0300 NetAlrt (73c0f29643f54ebe777521c88535114a) C:\WINDOWS\System32\drivers\NetAlrt.sys
2010/07/24 20:22:16.0394 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/24 20:22:16.0503 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/24 20:22:16.0628 NMSCFG (f7f15b15d7d376af554450387753d34a) C:\WINDOWS\System32\drivers\NMSCFG.SYS
2010/07/24 20:22:16.0738 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/24 20:22:16.0863 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/24 20:22:16.0988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/24 20:22:17.0300 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/24 20:22:17.0628 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
2010/07/24 20:22:17.0816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/24 20:22:17.0972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/24 20:22:18.0128 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/07/24 20:22:18.0207 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/07/24 20:22:18.0316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/24 20:22:18.0394 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/24 20:22:18.0503 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/24 20:22:18.0597 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/24 20:22:18.0800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/24 20:22:18.0894 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/24 20:22:19.0207 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2010/07/24 20:22:19.0316 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2010/07/24 20:22:19.0441 PhilCam8116 (a2b74f7dc4407be6a20808d00aeca9df) C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
2010/07/24 20:22:19.0582 PlatAlrt (7e885eb50520747204947eff818b0a29) C:\WINDOWS\System32\drivers\PlatAlrt.sys
2010/07/24 20:22:19.0707 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/24 20:22:19.0832 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/24 20:22:19.0925 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/24 20:22:20.0050 PTDMBus (785e1032c8f3c8c60aa8e2b7fe377869) C:\WINDOWS\system32\DRIVERS\PTDMBus.sys
2010/07/24 20:22:20.0175 PTDMMdm (924c2b2dca76d2bd7d44b3bb968b344f) C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys
2010/07/24 20:22:20.0316 PTDMVsp (58ad3ccdd567fa45fd94af15229ace7c) C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys
2010/07/24 20:22:20.0441 PTDMWWAN (49f773decbcd6a555c7a8694d37d232e) C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys
2010/07/24 20:22:20.0550 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/24 20:22:20.0660 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/07/24 20:22:20.0785 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/24 20:22:20.0910 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2010/07/24 20:22:21.0019 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2010/07/24 20:22:21.0160 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2010/07/24 20:22:21.0269 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2010/07/24 20:22:21.0394 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2010/07/24 20:22:21.0503 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/24 20:22:21.0582 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/24 20:22:21.0691 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/24 20:22:21.0785 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/24 20:22:21.0957 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/24 20:22:22.0066 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/24 20:22:22.0160 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/24 20:22:22.0269 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/24 20:22:22.0378 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/24 20:22:22.0488 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/07/24 20:22:22.0597 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/24 20:22:22.0707 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/24 20:22:22.0816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/24 20:22:22.0925 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/24 20:22:23.0066 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/07/24 20:22:23.0191 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/24 20:22:23.0285 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
2010/07/24 20:22:23.0441 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/07/24 20:22:23.0582 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2010/07/24 20:22:23.0675 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2010/07/24 20:22:23.0863 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2010/07/24 20:22:23.0972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/24 20:22:24.0082 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/24 20:22:24.0222 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS
2010/07/24 20:22:24.0378 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS
2010/07/24 20:22:24.0535 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/24 20:22:24.0691 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/24 20:22:24.0816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/24 20:22:24.0988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/24 20:22:25.0128 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2010/07/24 20:22:25.0253 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2010/07/24 20:22:25.0410 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS
2010/07/24 20:22:25.0581 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS
2010/07/24 20:22:25.0706 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/07/24 20:22:25.0847 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS
2010/07/24 20:22:26.0035 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS
2010/07/24 20:22:26.0175 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2010/07/24 20:22:26.0316 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2010/07/24 20:22:26.0425 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/24 20:22:26.0550 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/24 20:22:26.0691 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/24 20:22:26.0847 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/24 20:22:27.0019 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/24 20:22:27.0128 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2010/07/24 20:22:27.0238 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/07/24 20:22:27.0363 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/24 20:22:27.0535 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2010/07/24 20:22:27.0660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/24 20:22:27.0816 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/24 20:22:27.0956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/24 20:22:28.0081 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/24 20:22:28.0206 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/24 20:22:28.0300 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/24 20:22:28.0410 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/24 20:22:28.0535 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/24 20:22:28.0628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/07/24 20:22:28.0738 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
2010/07/24 20:22:28.0863 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/24 20:22:29.0113 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2010/07/24 20:22:29.0253 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
2010/07/24 20:22:29.0488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/24 20:22:29.0581 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/24 20:22:29.0769 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/24 20:22:29.0878 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/24 20:22:29.0910 ================================================================================
2010/07/24 20:22:29.0910 Scan finished
2010/07/24 20:22:29.0910 ================================================================================
2010/07/24 20:22:29.0925 Detected object count: 1
2010/07/24 20:22:46.0175 Disk (ce5b426791f552a59694e2e086c7ef44) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/24 20:22:46.0175 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: ce5b426791f552a59694e2e086c7ef44, Fake md5: 044452051f3e02e7963599fc8f4f3e25
2010/07/24 20:22:48.0487 Backup copy found, using it..
2010/07/24 20:22:48.0691 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured after reboot
2010/07/24 20:22:48.0691 Rootkit.Win32.TDSS.tdl3(Disk) - User select action: Cure
2010/07/24 20:22:58.0128 Deinitialize success


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:24 AM

Posted 25 July 2010 - 02:18 PM

Good evening. smile.gif

QUOTE
I didn't really do anything to make this stop

Apart from run a tool to fix the problem.

OK, i'd like you to work through the following as i'd like to see if anything else is lurking on your hard drive:

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#8 lugnut33

lugnut33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 25 July 2010 - 04:37 PM

Thanks for your help. Here is the combofix log:

ComboFix 10-07-24.04 - kjarboe 07/25/2010 17:19:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1228 [GMT -4:00]
Running from: c:\documents and settings\kjarboe.GWA-GWA-FM56917\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~VM89A.tmp
C:\~VM89B.tmp
C:\~VM89C.tmp
C:\~VM89D.tmp
C:\~VM89E.tmp
C:\~VM89F.tmp
C:\~VM8A0.tmp
C:\~VM8A1.tmp
C:\~VM8A2.tmp
C:\3611010322512591421.exe
C:\3611010322512596000.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Thumbs.db
c:\windows\system32\images
c:\windows\system32\images\accessinghvnoprop.jpg
c:\windows\system32\images\accessingmdesk.jpg
c:\windows\system32\images\ati_logo.jpg
c:\windows\system32\images\express.jpg
c:\windows\system32\images\hvdm.jpg
c:\windows\system32\images\hvhotkeys.jpg
c:\windows\system32\images\hvsystray.jpg
c:\windows\system32\images\hvsystray2.jpg
c:\windows\system32\images\nt_desktop_man.jpg
c:\windows\system32\images\options.jpg
c:\windows\system32\index.html

----- BITS: Possible infected sites -----

hxxp://au.download.windoj+|Cv+@J:NGD_DQ{zcxLJS@U6@6tWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXu6M+6M+6M+6M+Sd6grcxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
.
((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-25 07:03 . 2010-07-25 07:03 -------- d-----w- c:\windows\LastGood
2010-07-25 04:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-21 19:33 . 2010-07-21 19:33 -------- d-----w- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Malwarebytes
2010-07-21 19:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 19:33 . 2010-07-22 08:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 19:33 . 2010-07-21 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-21 19:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 23:20 . 2010-07-20 23:31 -------- d-----w- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Local Settings\Application Data\NPE
2010-07-20 23:19 . 2010-07-20 23:19 -------- d-----w- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Tific
2010-07-20 01:28 . 2010-07-20 01:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-20 01:28 . 2010-07-20 01:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-20 01:28 . 2010-07-20 01:28 -------- d-----w- c:\program files\Symantec
2010-07-20 01:27 . 2010-07-20 01:27 -------- d-----w- c:\program files\Norton AntiVirus
2010-07-20 01:26 . 2010-07-20 01:26 -------- d-----w- c:\program files\NortonInstaller
2010-07-18 23:59 . 2010-07-18 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-03 01:46 . 2010-07-03 01:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 00:23 . 2001-08-18 12:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-07-21 01:34 . 2004-07-22 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-07-21 01:15 . 2008-06-26 23:46 -------- d-----w- c:\program files\Coupons
2010-07-21 01:12 . 2004-07-22 23:05 -------- d-----w- c:\program files\Kodak
2010-07-21 01:08 . 2008-08-24 13:20 -------- d-----w- c:\program files\Java
2010-07-20 23:20 . 2009-04-02 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-20 02:11 . 2004-11-16 21:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-20 01:28 . 2010-07-20 01:28 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-20 01:28 . 2010-07-20 01:28 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-20 01:11 . 2004-11-16 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-20 01:05 . 2009-04-02 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-14 14:31 . 2003-05-15 18:08 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-06-11 07:38 . 2008-03-21 21:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-27 17:49 . 2010-05-27 17:49 503808 ----a-w- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3fd6538f-n\msvcp71.dll
2010-05-27 17:49 . 2010-05-27 17:49 499712 ----a-w- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3fd6538f-n\jmc.dll
2010-05-27 17:49 . 2010-05-27 17:49 348160 ----a-w- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3fd6538f-n\msvcr71.dll
2010-05-14 23:22 . 2010-05-14 23:22 10134 ----a-r- c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-05-04 17:20 . 2006-06-23 16:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2001-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2002-02-20 23:46 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-02-21 17:53 . 2010-02-21 17:53 1925670 ----a-w- c:\program files\swflash.cab
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\kjarboe.GWA-GWA-FM56917\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"AtiPTA"="atiptaxx.exe" [2001-12-21 307200]
"HydraVisionDesktopManager"="desk98.exe" [2001-11-09 217088]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-11-14 20480]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\kjarboe.GWA-GWA-FM56917\Start Menu\Programs\Startup\
BJ Status Monitor Canon i9900.lnk - c:\documents and settings\kjarboe.GWA-GWA-FM56917\cnmss Canon i9900 (Local).exe [2005-8-5 13824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Instant Update Reminder.lnk - c:\program files\U.S. Robotics\ControlCenter\Reminder.exe [2003-11-14 529920]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-4-7 196608]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\SYSTEM32\\CIMSVR.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\NAV\1107000.00C\symds.sys [7/20/2010 1:30 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NAV\1107000.00C\symefa.sys [7/20/2010 1:30 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [6/18/2010 8:45 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NAV\1107000.00C\cchpx86.sys [7/20/2010 1:30 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\NAV\1107000.00C\ironx86.sys [7/20/2010 1:30 AM 116784]
R2 ASFAgent;ASF Agent;c:\program files\intel\ASF Agent\ASFAgent.exe [5/8/2002 10:51 AM 212992]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/21/2010 3:33 PM 304464]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [7/20/2010 1:30 AM 126392]
R2 NetAlrt;NetAlrt;c:\windows\SYSTEM32\DRIVERS\Netalrt.sys [5/7/2002 5:05 PM 39680]
R2 PlatAlrt;PlatAlrt;c:\windows\SYSTEM32\DRIVERS\platalrt.sys [5/7/2002 5:06 PM 23744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/19/2010 9:45 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/23/2010 8:23 PM 331640]
R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [7/21/2010 3:33 PM 20952]
S0 sonyhcb;Sony Digital Imaging Base;c:\windows\SYSTEM32\DRIVERS\sonyhcb.sys [11/14/2003 2:26 PM 6097]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
S3 PatchLink Install;PatchLink Install;"c:\windows\PatchLink\Deploy Wizard\PLInstSvc.exe" --> c:\windows\PatchLink\Deploy Wizard\PLInstSvc.exe [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\SYSTEM32\DRIVERS\PTDMBus.sys [12/28/2007 3:10 PM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\SYSTEM32\DRIVERS\PTDMMdm.sys [12/28/2007 3:10 PM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\SYSTEM32\DRIVERS\PTDMVsp.sys [12/28/2007 3:10 PM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\SYSTEM32\DRIVERS\PTDMWWAN.sys [12/28/2007 3:10 PM 59520]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\SYSTEM32\DRIVERS\sonyhcs.sys [11/14/2003 2:26 PM 299923]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: intuit.com\ttlc
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WebCamRT.exe - (no file)
HKCU-Run-Winstw - C:\3611010322512590875.exe
HKCU-Run-Winsti - C:\3611010322512590875.exe
HKCU-Run-Winsta - C:\3611010322512590875.exe
HKCU-Run-Winstq - C:\3611010322512590875.exe
HKCU-Run-Winstc - C:\3611010322512590875.exe
HKCU-Run-Winsth - C:\3611010322512590875.exe
HKCU-Run-Winstl - C:\3611010322512590875.exe
HKCU-Run-Winstg - C:\3611010322512590875.exe
HKCU-Run-Winstk - C:\3611010322512590875.exe
HKCU-Run-Winste - C:\3611010322512590875.exe
HKCU-Run-Winstz - C:\3611010322512590875.exe
HKCU-Run-Winstp - C:\3611010322512590875.exe
HKCU-Run-Winstr - C:\3611010322512590875.exe
HKCU-Run-Winstn - C:\3611010322512590875.exe
HKCU-Run-Winstd - C:\3611010322512590875.exe
HKCU-Run-Winsty - C:\3611010322512590875.exe
HKCU-Run-Winsto - C:\3611010322512590875.exe
HKLM-Run-USRpdA - (no file)
SafeBoot-klmdb.sys
AddRemove-InstallShield_{A943CC79-CC0E-4F74-B613-EAB418F043AD} - c:\program files\InstallShield Installation Information\{A943CC79-CC0E-4F74-B613-EAB418F043AD}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Winstw = C:\3611010322512590875.exe??????F??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winsti = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winsta = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstq = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstc = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winsth = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstl = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstg = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstk = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winste = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstz = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstp = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstr = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstn = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winstd = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winsty = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winsto = C:\3611010322512590875.exe? ???F???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-07-25 17:35:33
ComboFix-quarantined-files.txt 2010-07-25 21:35

Pre-Run: 6,725,971,968 bytes free
Post-Run: 17,927,557,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8DDFAF591BAED6BEEA4D7202B8D3B7A1


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:24 AM

Posted 26 July 2010 - 02:03 PM

Good evening. smile.gif

Will you let me have one last DDS log so that I can check something and tell me how the PC is behaving itself.

So long, and thanks for all the fish.

 

 


#10 lugnut33

lugnut33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 26 July 2010 - 08:52 PM

Good Evening. Below are the DDS and ATTACH logs. Thanks so much for your patience and help.



DDS (Ver_10-03-17.01) - NTFSx86
Run by kjarboe at 21:49:29.78 on Mon 07/26/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1252 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\WINDOWS\SYSTEM32\3cshtdwn.exe
C:\WINDOWS\SYSTEM32\3cmlink.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
svchost.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\kjarboe.GWA-GWA-FM56917\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kjarboe.GWA-GWA-FM56917\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Octoshape Streaming Services] "c:\documents and settings\kjarboe.gwa-gwa-fm56917\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [HydraVisionDesktopManager] desk98.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [3c1807pd] c:\windows\system32\3cmlink.exe runservices \device\3cpipe-3c1807pd
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\kjarbo~1.gwa\startm~1\programs\startup\bjstat~1.lnk - c:\documents and settings\kjarboe.gwa-gwa-fm56917\cnmss Canon i9900 (Local).exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instan~1.lnk - c:\program files\u.s. robotics\controlcenter\Reminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-07-25 21:17:50 0 d-sha-r- C:\cmdcons
2010-07-25 21:14:51 98816 ----a-w- c:\windows\sed.exe
2010-07-25 21:14:51 77312 ----a-w- c:\windows\MBR.exe
2010-07-25 21:14:51 256512 ----a-w- c:\windows\PEV.exe
2010-07-25 21:14:51 161792 ----a-w- c:\windows\SWREG.exe
2010-07-25 04:03:14 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-23 00:10:49 0 ----a-w- c:\documents and settings\kjarboe.gwa-gwa-fm56917\defogger_reenable
2010-07-21 19:33:59 0 d-----w- c:\docume~1\kjarbo~1.gwa\applic~1\Malwarebytes
2010-07-21 19:33:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 19:33:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 19:33:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 19:33:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-20 23:19:19 0 d-----w- c:\docume~1\kjarbo~1.gwa\applic~1\Tific
2010-07-20 01:28:15 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-20 01:28:15 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-20 01:28:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-20 01:28:15 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-20 01:28:15 0 d-----w- c:\program files\Symantec
2010-07-20 01:27:25 0 d-----w- c:\program files\Norton AntiVirus
2010-07-20 01:26:13 0 d-----w- c:\program files\NortonInstaller

==================== Find3M ====================

2010-07-25 00:23:42 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-02-21 17:53:50 1925670 ----a-w- c:\program files\swflash.cab
2008-09-13 13:40:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 21:50:22.43 ===============



And Here's the Attach log file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/15/2003 12:29:58 PM
System Uptime: 7/24/2010 8:23:39 PM (49 hours ago)

Motherboard: Dell Computer Corp. | |
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2789/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 16.656 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1331: 4/27/2010 2:26:55 PM - System Checkpoint
RP1332: 4/28/2010 3:26:52 PM - System Checkpoint
RP1333: 4/29/2010 4:26:50 PM - System Checkpoint
RP1334: 4/30/2010 5:26:48 PM - System Checkpoint
RP1335: 5/1/2010 7:17:57 PM - System Checkpoint
RP1336: 5/2/2010 7:26:46 PM - System Checkpoint
RP1337: 5/3/2010 7:27:49 PM - System Checkpoint
RP1338: 5/4/2010 9:12:21 PM - System Checkpoint
RP1339: 5/5/2010 9:26:43 PM - System Checkpoint
RP1340: 5/6/2010 10:26:40 PM - System Checkpoint
RP1341: 5/7/2010 11:26:39 PM - System Checkpoint
RP1342: 5/9/2010 12:26:38 AM - System Checkpoint
RP1343: 5/10/2010 1:26:37 AM - System Checkpoint
RP1344: 5/11/2010 2:26:35 AM - System Checkpoint
RP1345: 5/12/2010 3:00:21 AM - Software Distribution Service 3.0
RP1346: 5/13/2010 3:26:31 AM - System Checkpoint
RP1347: 5/14/2010 4:26:30 AM - System Checkpoint
RP1348: 5/15/2010 5:06:19 AM - System Checkpoint
RP1349: 5/16/2010 6:06:17 AM - System Checkpoint
RP1350: 5/17/2010 7:07:21 AM - System Checkpoint
RP1351: 5/18/2010 8:06:15 AM - System Checkpoint
RP1352: 5/19/2010 9:06:13 AM - System Checkpoint
RP1353: 5/20/2010 9:55:36 AM - System Checkpoint
RP1354: 5/21/2010 10:55:33 AM - System Checkpoint
RP1355: 5/22/2010 11:05:38 AM - System Checkpoint
RP1356: 5/23/2010 11:56:36 AM - System Checkpoint
RP1357: 5/24/2010 12:55:30 PM - System Checkpoint
RP1358: 5/25/2010 11:26:31 PM - System Checkpoint
RP1359: 5/26/2010 3:00:18 AM - Software Distribution Service 3.0
RP1360: 5/27/2010 3:59:24 AM - System Checkpoint
RP1361: 5/28/2010 5:33:18 AM - System Checkpoint
RP1362: 5/29/2010 5:36:01 AM - System Checkpoint
RP1363: 5/30/2010 6:32:55 AM - System Checkpoint
RP1364: 5/31/2010 7:58:40 AM - System Checkpoint
RP1365: 6/1/2010 8:32:54 AM - System Checkpoint
RP1366: 6/2/2010 9:32:49 AM - System Checkpoint
RP1367: 6/3/2010 10:32:48 AM - System Checkpoint
RP1368: 6/4/2010 3:00:17 AM - Software Distribution Service 3.0
RP1369: 6/5/2010 3:32:46 AM - System Checkpoint
RP1370: 6/6/2010 4:32:44 AM - System Checkpoint
RP1371: 6/7/2010 4:38:51 AM - System Checkpoint
RP1372: 6/8/2010 6:40:01 AM - System Checkpoint
RP1373: 6/9/2010 7:32:41 AM - System Checkpoint
RP1374: 6/10/2010 8:32:38 AM - System Checkpoint
RP1375: 6/11/2010 3:00:22 AM - Software Distribution Service 3.0
RP1376: 6/13/2010 4:06:22 PM - System Checkpoint
RP1377: 6/14/2010 5:14:37 PM - System Checkpoint
RP1378: 6/15/2010 6:02:37 PM - System Checkpoint
RP1379: 6/16/2010 6:09:47 PM - System Checkpoint
RP1380: 6/17/2010 7:03:37 PM - System Checkpoint
RP1381: 6/18/2010 8:28:43 PM - System Checkpoint
RP1382: 6/19/2010 9:23:14 PM - System Checkpoint
RP1383: 6/20/2010 10:02:30 PM - System Checkpoint
RP1384: 6/21/2010 11:02:35 PM - System Checkpoint
RP1385: 6/23/2010 12:02:25 AM - System Checkpoint
RP1386: 6/23/2010 3:00:18 AM - Software Distribution Service 3.0
RP1387: 6/24/2010 3:28:34 AM - System Checkpoint
RP1388: 6/25/2010 3:32:54 AM - System Checkpoint
RP1389: 6/26/2010 4:32:54 AM - System Checkpoint
RP1390: 6/27/2010 5:32:52 AM - System Checkpoint
RP1391: 6/28/2010 6:40:35 AM - System Checkpoint
RP1392: 6/29/2010 7:32:49 AM - System Checkpoint
RP1393: 6/30/2010 8:32:49 AM - System Checkpoint
RP1394: 7/1/2010 9:33:50 AM - System Checkpoint
RP1395: 7/2/2010 10:32:44 AM - System Checkpoint
RP1396: 7/3/2010 10:44:52 PM - System Checkpoint
RP1397: 7/4/2010 8:47:14 AM - Software Distribution Service 3.0
RP1398: 7/18/2010 11:49:23 PM - System Checkpoint
RP1399: 7/20/2010 6:55:28 AM - System Checkpoint
RP1400: 7/20/2010 7:23:23 PM - Norton_Power_Eraser_20100720192258723
RP1401: 7/20/2010 9:08:02 PM - Removed Java™ 6 Update 7
RP1402: 7/21/2010 9:14:56 PM - System Checkpoint
RP1403: 7/22/2010 11:49:48 PM - System Checkpoint
RP1404: 7/23/2010 11:56:25 PM - System Checkpoint
RP1405: 7/25/2010 12:29:09 AM - System Checkpoint
RP1406: 7/25/2010 3:00:20 AM - Software Distribution Service 3.0

==== Installed Programs ======================


Acrobat.com
Add-ons
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 3.0
Adobe Reader 9.3.3
Adobe Shockwave Player
Advanced Network Diagramming
Advanced Network Diagramming Help
Advanced Network Diagramming Samples
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AutoDiscovery and Layout
AutoDiscovery and Layout Help
AutoDiscovery and Layout Samples
Backyardigans Mission to Mars
Block Diagrams
Block Diagrams Help
Block Diagrams Samples
Bonjour
Borders and Backgrounds
Borders and Backgrounds Help
BTrieve
CAD Drawing Converter
CAD Drawing Converter Help
CAD Drawing Converter Samples
CAD Drawing Display
CAD Drawing Display Samples
Callouts and Connectors
Callouts and Connectors Help
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon i9900
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Citrix ICA Web Client
Clifford Musical Memory Games
Clip Art and Symbols
Clip Art and Symbols Help
Compatibility Pack for the 2007 Office system
CorelDRAW 10
Coupon Printer for Windows
CouponBar
Custom Properties Editor
Database Design
Database Design Help
Database Design Samples
Database Wizard
Database Wizard Samples
Dell Solution Center
Developing Visio Solutions
Developing Visio Solutions Help
Developing Visio Solutions VNOM Sample
Directory Services
Directory Services Help
Directory Services Samples
Easy-WebPrint
Easy CD Creator 5 Basic
Flowcharts
Flowcharts Help
Flowcharts Samples
Forms and Charts
Forms and Charts Help
Forms and Charts Samples
Google Toolbar for Internet Explorer
Graphics Filters
Help and Support Customization
Help for Visio 2000 (HTML Help)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Product Detection
HVAC-Calc Residential
HydraVision
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Intel® Pro Alerting Agent, Version 3.0.0
Intel® PRO Network Adapters WMI Provider (2.0)
Internet Diagrams
Internet Diagrams Help
Internet Diagrams Samples
iPod for Windows 2006-01-10
ItsDeductible Express
iTunes
Java™ 6 Update 15
JS World 1st Grade
JS World Kindergarten
JSWorldKGMain
JSWPFCom
JSWPFGrade1
JSWPFGradeK
KODAK Picture CD Volume 2 Issue 4
LDAP Driver
LeapFrog Connect
LeapFrog Leapster2 Plugin
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech ImageStudio
Logitech Print Service
Lotus Notes
Malwarebytes' Anti-Malware
Maps
Maps Help
Maps Samples
Mickey Mouse Toddler
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Integration
Microsoft Office Live Meeting 2007
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Professional
Microsoft Project 2000 SR-1
Microsoft Repository
Microsoft Silverlight
Microsoft Visio 2000
Microsoft Visual Studio Service Pack 3
MSDE
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NDS Extensions
Netscape Communicator 4.79
Network Diagrams
Network Diagrams Help
Network Diagrams Samples
Norton AntiVirus
NVIDIA Drivers
Octoshape Streaming Services
Office Layout
Office Layout Help
Office Layout Samples
OGA Notifier 2.0.0048.0
OMCI
Online Documentation
OpenOffice.org Installer 1.0
Organization Charts
Organization Charts Help
Organization Charts Samples
Page Layout Wizard
PANTECH PC USB Modem Software
PatchLink Update Agent
PhoneTools
PhotoStitch
PIXELA ImageMixer
Print ShapeSheet
Program Files
Program Files Enterprise
Program Files Enterprise Help
Program Files Help
Project Schedules
Project Schedules Help
Project Schedules Samples
Property Reporting Wizard
QuickTime
RAW Image Task
RealPlayer 7 Basic
Release Notes
Release Notes Enterprise
RemoteCapture Task
Sample Drawings
Save as HTML
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Shape Explorer
Shape Explorer Help
SmartShape Wizard
Software Design
Software Design Help
Software Design Samples
Solutions
Spelling Dictionaries Support For Adobe Reader 9
Stencil Report Wizard
The Book of Pooh
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmdiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmdiper
TurboTax 2009 wrapper
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
U.S. Robotics ControlCenter
UML Specification
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA
Verizon Broadband Toolbar
Verizon Help and Support Tool
Verizon Servicepoint 1.5.12
Visio
Visio Core Files
Vz In Home Agent
VZAccess Manager
WebEx
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Winnie the Pooh Toddler Deluxe
WinZip

==== Event Viewer Messages From Past Week ========

7/25/2010 5:19:13 PM, error: Service Control Manager [7034] - The Photoshop Elements Device Connect service terminated unexpectedly. It has done this 1 time(s).
7/25/2010 5:19:13 PM, error: Service Control Manager [7034] - The LeapFrog Connect Device Service service terminated unexpectedly. It has done this 1 time(s).
7/25/2010 5:19:13 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor service terminated unexpectedly. It has done this 1 time(s).
7/24/2010 8:24:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/22/2010 10:01:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/20/2010 9:11:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the KodakCCS service.
7/19/2010 8:57:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
7/19/2010 8:57:18 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2010 8:57:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/19/2010 8:54:45 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/19/2010 8:54:45 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/19/2010 5:04:10 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FMS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================





#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:24 AM

Posted 27 July 2010 - 03:22 PM

Good evening. smile.gif

Assuming that the PC is behaving itself, you're about done - apart from a little housekeeping.

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


***Please close any instances of Internet Explorer before continuing!***
  • Double-click JavaRa.exe to begin.
  • Pick your preferred language from the drop-down menu and click Select.
  • Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.
3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your log doesn't appear to show a third-party software firewall installed - if you have one, and i've missed it, please ignore this.
If you are relying the firewall that comes with Service Pack 2, then you need to install one. While the SP2 firewall is better than nothing, it doesn't monitor outgoing traffic, so anything malicious on your computer can 'phone home' at will.
If you are using a wireless router that comes with a NAT hardware firewall, this also doesn't monitor outgoing connections.

There are a few free firewalls available, of which the following are just three:

Comodo Firewall Pro, available here.
PC Tools Firewall Plus, available here.
Online Armor Free, available here.

It is important to note that you should only have one firewall installed at a time, but you can download them all to your Desktop and install each in turn to see which one you prefer.

Understanding and Using Firewalls: http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Go to Start > Run, enter the following into the textbox and click OK: ComboFix /Uninstall
This will uninstall Combofix and do a little housework besides.

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.

So long, and thanks for all the fish.

 

 


#12 lugnut33

lugnut33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 28 July 2010 - 06:50 AM

Got home too late last night to follow through on your recommended tasks. Will do those today. Thanks so much for your help.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:24 AM

Posted 01 August 2010 - 01:53 PM

As this issue appears to have been resolved this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users