Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get to Windows Updates site or MSE updates


  • This topic is locked This topic is locked
4 replies to this topic

#1 Webbie

Webbie

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 14 October 2010 - 03:45 PM

I am working on one of our VP's laptops that was infected with LOTS of viruses and malware. I have run the following on it, which has helped but has not eliminated the problems: Super Anti Spyware, TCPIP Winsock Fixer, Microsoft Security Essentials (which I had to update manually as it couldn't get the updates directly), TDSS Killer (which found nothing), and finally ComboFix, which ran and initially complained that it detected a rootkit and had to reboot. I let it reboot and run though completely, but afterwards can still not get to the Windows Update site. I'm not sure what else to try but need to have this thing working by lunchtime tomorrow. Below is the ComboFix log...if anyone can make sense of it I would GREATLY appreciate the help. These viruses and malware have become what consumes a good portion of my day anymore. Usually I just reimage the machine, but due to the nature of this PC and the timeframe that I have to work on it, I have to clean it up. Here's the ComboFix log....thanks in advance guys!!

Warner


ComboFix 10-10-12.03 - dougw 10/14/2010 15:10:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.310 [GMT -5:00]
Running from: c:\documents and settings\dougw\Desktop\PC Fixes\ComboFix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dougw\Application Data\Riozve\goov.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-14 17:00 . 2010-10-14 17:00 -------- d-----w- c:\program files\RegTweaker
2010-10-14 15:45 . 2010-10-14 15:45 -------- d-----w- c:\documents and settings\dougw\Application Data\Malwarebytes
2010-10-14 15:44 . 2010-10-14 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-12 15:41 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 15:35 . 2010-10-12 15:35 -------- d-----w- c:\documents and settings\dougw\Local Settings\Application Data\PCHealth
2010-10-12 15:34 . 2010-10-12 15:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-10-12 14:26 . 2010-10-12 14:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-10-12 14:13 . 2010-10-12 14:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-12 14:13 . 2010-10-12 14:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-10-12 14:06 . 2010-10-12 14:06 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-10-11 19:28 . 2010-10-11 19:28 -------- d-----w- c:\documents and settings\dougw\Application Data\SUPERAntiSpyware.com
2010-10-11 19:28 . 2010-10-11 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-10-11 18:39 . 2010-10-11 18:39 -------- d-----w- c:\documents and settings\dougw\Local Settings\Application Data\Sophos
2010-10-11 13:48 . 2010-10-11 13:48 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-10-08 16:14 . 2010-10-08 16:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-10-08 13:02 . 2010-10-08 13:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-05 20:32 . 2010-10-05 20:38 -------- d-----w- c:\windows\ie8updates
2010-10-05 14:13 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-10-05 14:13 . 2010-06-24 12:21 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-05 14:13 . 2010-06-24 12:21 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-05 14:13 . 2010-06-24 12:21 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-05 14:13 . 2010-06-24 12:21 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-10-05 14:13 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-05 13:52 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-05 13:36 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-10-05 13:35 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-05 13:33 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-10-05 13:33 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-10-05 13:33 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
CODE
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Apoint\Apoint .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Logitech\QuickCam\Quickcam .exe
c:\program files\McAfee\Common Framework\UpdaterUI .exe
c:\program files\Messenger\msmsgs .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"{2C7D49AA-381E-D3B4-98BB-1D4A4671D82F}"="c:\documents and settings\dougw\Application Data\Riozve\goov.exe" [N/A]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-28 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-28 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe" [N/A]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-3-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2003-06-02 18:25 24672 ----a-w- c:\windows\SYSTEM32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2120449047-473056879-1287535205-1094\Scripts\Logon\0\0]
"Script"=MapDrives.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2120449047-473056879-1287535205-1094\Scripts\Logon\1\0]
"Script"=time.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Scap;SecureClient Application Policy Module;c:\windows\SYSTEM32\DRIVERS\scap.sys [3/25/2004 2:30 PM 17328]
R2 VPN-1;VPN-1 Module;c:\windows\SYSTEM32\DRIVERS\vpn.sys [3/25/2004 2:30 PM 660688]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [7/25/2008 12:05 AM 370872]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\SYSTEM32\DRIVERS\wA301b.sys [1/1/1980 1:00 AM 33847]
R3 FW1;SecuRemote Miniport;c:\windows\SYSTEM32\DRIVERS\fw.sys [3/25/2004 2:30 PM 2014256]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 11:15 AM 135664]
S2 TmPreFilter;Trend Micro PreFilter;\??\c:\officescan nt\TmPreFlt.sys --> c:\officescan nt\TmPreFlt.sys [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\dougw\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\dougw\LOCALS~1\Temp\idrmkl.sys [?]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\SYSTEM32\DRIVERS\OMVA.sys [3/25/2004 2:30 PM 14924]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\SYSTEM32\DRIVERS\PTDCWWAN.sys [2/10/2009 8:43 AM 58240]
.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:14]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.webermarking.com/
uInternet Settings,ProxyServer = http=10.0.0.12:8080
uInternet Settings,ProxyOverride = *.weber.com;10.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: webermarking.com\owa
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://fw1.webermarking.com/CACHE/stc/1/binaries/vpnweb.cab
.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F7244C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf853af28
\Driver\ACPI -> ACPI.sys @ 0xf84adcb8
\Driver\atapi -> atapi.sys @ 0xf8421852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Dell TrueMobile 1300 WLAN Mini-PCI Card -> SendCompleteHandler -> NDIS.sys @ 0xf832dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf833aa21
SendHandler -> NDIS.sys @ 0xf831887b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,eb,1d,ca,65,80,44,48,86,86,90,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,eb,1d,ca,65,80,44,48,86,86,90,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5912)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Completion time: 2010-10-14 15:31:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 20:31
ComboFix2.txt 2010-10-14 19:56

Pre-Run: 7,233,036,288 bytes free
Post-Run: 7,225,364,480 bytes free

- - End Of File - - 494A7E7D0AC3A20CA78948BC97AAE025

Edited by hamluis, 14 October 2010 - 05:28 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 15 October 2010 - 07:52 AM

I posted a problem yesterday and didn't get any responses yet. Normally this wouldn't be an issue but I'm working on a very time-sensitive laptop. I did some searching around on here and found a post by someone with an identical problem. One of the response team members (Gringo) posted some very detailed instructions for the original poster but they never posted back again so he closed the thread. So *I* followed his instructions, as listed here. At the end of his instructions, I have posted the logs that he requested of the other poster. Can one of you guys help me with this, please??? Thanks much!

Warner


Gringo's original reply to the other poster:

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

information and logs:

In your next post I need the following

1.logs from DDS
2.log from RKUnHooker
3.let me know of any problems you may have had

Gringo



Here are the DDS logs:

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/25/2004 2:23:18 PM
System Uptime: 10/15/2010 7:12:11 AM (0 hours ago)

Motherboard: Dell Inc. | | 0H2049
Processor: Intel® Pentium® M processor 1400MHz | Microprocessor | 1394/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 19 GiB total, 6.633 GiB free.
D: is CDROM ()
L: is NetworkDisk (NTFS) - 36 GiB total, 1.141 GiB free.
Q: is NetworkDisk (NTFS) - 51 GiB total, 14.835 GiB free.
T: is NetworkDisk (NTFS) - 2 GiB total, 1.975 GiB free.
U: is NetworkDisk (NTFS) - 36 GiB total, 1.141 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VPN-1 SecureClient Adapter
Device ID: ROOT\CP_OMVA\0000
Manufacturer: Check Point
Name: VPN-1 SecureClient Adapter
PNP Device ID: ROOT\CP_OMVA\0000
Service: OMVA

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP370: 9/16/2010 12:18:31 PM - System Checkpoint
RP371: 9/17/2010 12:19:45 PM - System Checkpoint
RP372: 9/18/2010 2:29:13 PM - System Checkpoint
RP373: 10/5/2010 8:58:21 AM - System Checkpoint
RP374: 10/5/2010 3:29:43 PM - Software Distribution Service 3.0
RP375: 10/8/2010 7:54:54 AM - Installed Windows XP WgaNotify.
RP376: 10/11/2010 7:37:00 AM - Software Distribution Service 3.0
RP377: 10/12/2010 11:13:59 AM - System Checkpoint
RP378: 10/12/2010 2:02:20 PM - Software Distribution Service 3.0
RP379: 10/13/2010 3:00:54 PM - System Checkpoint
RP380: 10/14/2010 7:30:37 AM - Removed Sophos Anti-Virus
RP381: 10/14/2010 8:27:19 AM - Removed Sophos AutoUpdate
RP382: 10/14/2010 8:33:37 AM - Removed Sophos Remote Management System
RP383: 10/14/2010 10:07:09 AM - Installed Microsoft Fix it 50202
RP384: 10/14/2010 10:20:56 AM - Installed Microsoft Fix it 50202
RP385: 10/14/2010 11:43:43 AM - Installed Microsoft Fix it 50202
RP386: 10/15/2010 6:51:01 AM - Installed Microsoft Fix it 50202

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ALPS Touch Pad Driver
Check Point VPN-1 SecureClient NG_AI
Cisco AnyConnect VPN Client
Compatibility Pack for the 2007 Office system
Conexant D480 MDC V.9x Modem
Configuration Manager Client
Dell Solution Center
Dell TrueMobile 1300 WLAN Mini-PCI Card
Digital Line Detect
DVDSentry
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2
Legitronic Labeling Software
Logitech QuickCam
Logitech QuickCam Driver Package
Lotus Notes
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft Application Error Reporting
Microsoft Office Converter Pack
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Modem Helper
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
PANTECH PC Card Software
QuickSet
QuickTime
RDC
RegTweaker version 3.1.1
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver 5.41.1 (32-bit)
Skypeâ„¢ 4.1
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973815)
VZAccess Manager
WebFldrs XP
WIMGAPI
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/14/2010 8:40:07 AM, error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
10/14/2010 2:29:20 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/14/2010 2:26:17 PM, error: Service Control Manager [7034] - The WLTRYSVC service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 2:19:34 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
10/14/2010 1:44:27 PM, error: NetBT [4321] - The name "WEBER :1d" could not be registered on the Interface with IP address 10.10.11.144. The machine with the IP address 10.0.0.69 did not allow the name to be claimed by this machine.
10/14/2010 1:18:09 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
10/13/2010 9:00:00 AM, error: Schedule [7901] - The At82.job command failed to start due to the following error: %%2147942402
10/13/2010 9:00:00 AM, error: Schedule [7901] - The At58.job command failed to start due to the following error: %%2147942402
10/13/2010 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
10/13/2010 8:00:00 AM, error: Schedule [7901] - The At81.job command failed to start due to the following error: %%2147942402
10/13/2010 8:00:00 AM, error: Schedule [7901] - The At57.job command failed to start due to the following error: %%2147942402
10/13/2010 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
10/13/2010 7:00:00 AM, error: Schedule [7901] - The At80.job command failed to start due to the following error: %%2147942402
10/13/2010 7:00:00 AM, error: Schedule [7901] - The At56.job command failed to start due to the following error: %%2147942402
10/13/2010 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
10/13/2010 6:00:00 AM, error: Schedule [7901] - The At79.job command failed to start due to the following error: %%2147942402
10/13/2010 6:00:00 AM, error: Schedule [7901] - The At55.job command failed to start due to the following error: %%2147942402
10/13/2010 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
10/13/2010 5:00:00 AM, error: Schedule [7901] - The At78.job command failed to start due to the following error: %%2147942402
10/13/2010 5:00:00 AM, error: Schedule [7901] - The At54.job command failed to start due to the following error: %%2147942402
10/13/2010 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
10/13/2010 4:00:00 AM, error: Schedule [7901] - The At77.job command failed to start due to the following error: %%2147942402
10/13/2010 4:00:00 AM, error: Schedule [7901] - The At53.job command failed to start due to the following error: %%2147942402
10/13/2010 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
10/13/2010 3:00:00 AM, error: Schedule [7901] - The At76.job command failed to start due to the following error: %%2147942402
10/13/2010 3:00:00 AM, error: Schedule [7901] - The At52.job command failed to start due to the following error: %%2147942402
10/13/2010 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
10/13/2010 2:00:00 AM, error: Schedule [7901] - The At75.job command failed to start due to the following error: %%2147942402
10/13/2010 2:00:00 AM, error: Schedule [7901] - The At51.job command failed to start due to the following error: %%2147942402
10/13/2010 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
10/13/2010 12:57:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
10/13/2010 12:47:00 AM, error: Schedule [7901] - The At73.job command failed to start due to the following error: %%2147942402
10/13/2010 12:47:00 AM, error: Schedule [7901] - The At49.job command failed to start due to the following error: %%2147942402
10/13/2010 10:00:00 AM, error: Schedule [7901] - The At83.job command failed to start due to the following error: %%2147942402
10/13/2010 10:00:00 AM, error: Schedule [7901] - The At59.job command failed to start due to the following error: %%2147942402
10/13/2010 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
10/13/2010 1:00:00 AM, error: Schedule [7901] - The At74.job command failed to start due to the following error: %%2147942402
10/13/2010 1:00:00 AM, error: Schedule [7901] - The At50.job command failed to start due to the following error: %%2147942402
10/13/2010 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
10/12/2010 9:50:08 PM, error: NetBT [4321] - The name "WEBER :1d" could not be registered on the Interface with IP address 10.10.11.210. The machine with the IP address 10.0.0.69 did not allow the name to be claimed by this machine.
10/12/2010 9:24:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/12/2010 9:00:00 PM, error: Schedule [7901] - The At94.job command failed to start due to the following error: %%2147942402
10/12/2010 9:00:00 PM, error: Schedule [7901] - The At70.job command failed to start due to the following error: %%2147942402
10/12/2010 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
10/12/2010 8:00:00 PM, error: Schedule [7901] - The At93.job command failed to start due to the following error: %%2147942402
10/12/2010 8:00:00 PM, error: Schedule [7901] - The At69.job command failed to start due to the following error: %%2147942402
10/12/2010 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
10/12/2010 7:00:00 PM, error: Schedule [7901] - The At92.job command failed to start due to the following error: %%2147942402
10/12/2010 7:00:00 PM, error: Schedule [7901] - The At68.job command failed to start due to the following error: %%2147942402
10/12/2010 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
10/12/2010 6:00:00 PM, error: Schedule [7901] - The At91.job command failed to start due to the following error: %%2147942402
10/12/2010 6:00:00 PM, error: Schedule [7901] - The At67.job command failed to start due to the following error: %%2147942402
10/12/2010 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
10/12/2010 5:00:26 PM, error: Schedule [7901] - The At90.job command failed to start due to the following error: %%2147942402
10/12/2010 5:00:25 PM, error: Schedule [7901] - The At66.job command failed to start due to the following error: %%2147942402
10/12/2010 5:00:23 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
10/12/2010 4:14:09 PM, error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
10/12/2010 4:00:22 PM, error: Schedule [7901] - The At89.job command failed to start due to the following error: %%2147942402
10/12/2010 4:00:21 PM, error: Schedule [7901] - The At65.job command failed to start due to the following error: %%2147942402
10/12/2010 4:00:20 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
10/12/2010 3:00:02 PM, error: Schedule [7901] - The At88.job command failed to start due to the following error: %%2147942402
10/12/2010 3:00:02 PM, error: Schedule [7901] - The At64.job command failed to start due to the following error: %%2147942402
10/12/2010 3:00:02 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
10/12/2010 2:30:34 PM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is HERA.
10/12/2010 2:12:06 PM, error: Microsoft Antimalware [2001] -
10/12/2010 2:07:40 PM, error: DCOM [10001] - Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} as /. The error: "%2" Happened while starting this command: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -Embedding
10/12/2010 2:00:00 PM, error: Schedule [7901] - The At87.job command failed to start due to the following error: %%2147942402
10/12/2010 2:00:00 PM, error: Schedule [7901] - The At63.job command failed to start due to the following error: %%2147942402
10/12/2010 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
10/12/2010 12:00:00 PM, error: Schedule [7901] - The At85.job command failed to start due to the following error: %%2147942402
10/12/2010 12:00:00 PM, error: Schedule [7901] - The At61.job command failed to start due to the following error: %%2147942402
10/12/2010 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
10/12/2010 11:00:00 PM, error: Schedule [7901] - The At96.job command failed to start due to the following error: %%2147942402
10/12/2010 11:00:00 PM, error: Schedule [7901] - The At72.job command failed to start due to the following error: %%2147942402
10/12/2010 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
10/12/2010 11:00:00 AM, error: Schedule [7901] - The At84.job command failed to start due to the following error: %%2147942402
10/12/2010 11:00:00 AM, error: Schedule [7901] - The At60.job command failed to start due to the following error: %%2147942402
10/12/2010 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
10/12/2010 10:59:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
10/12/2010 10:16:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SMS Agent Host service to connect.
10/12/2010 10:16:50 AM, error: Service Control Manager [7000] - The SMS Agent Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2010 10:12:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/12/2010 10:11:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/12/2010 10:11:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter SASDIFSV SASKUTIL SAVOnAccessControl SAVOnAccessFilter
10/12/2010 10:11:07 AM, error: Service Control Manager [7022] - The Sophos Anti-Virus service hung on starting.
10/12/2010 10:00:00 PM, error: Schedule [7901] - The At95.job command failed to start due to the following error: %%2147942402
10/12/2010 10:00:00 PM, error: Schedule [7901] - The At71.job command failed to start due to the following error: %%2147942402
10/12/2010 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
10/12/2010 1:44:11 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/12/2010 1:39:44 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
10/12/2010 1:39:35 PM, error: Service Control Manager [7000] - The Trend Micro PreFilter service failed to start due to the following error: The system cannot find the path specified.
10/12/2010 1:38:08 PM, error: NETLOGON [5719] - No Domain Controller is available for domain WEBER due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/12/2010 1:00:00 PM, error: Schedule [7901] - The At86.job command failed to start due to the following error: %%2147942402
10/12/2010 1:00:00 PM, error: Schedule [7901] - The At62.job command failed to start due to the following error: %%2147942402
10/12/2010 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
10/11/2010 2:16:02 PM, error: NETLOGON [5719] - No Domain Controller is available for domain WEBER due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

==== End Of File ===========================


2nd DDS Log:

DDS (Ver_10-10-10.03) - NTFSx86
Run by dougw at 7:22:32.26 on Fri 10/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.283 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\dougw\Desktop\PC Fixes\Try these steps\Defogger\Defogger.exe
C:\Documents and Settings\dougw\Desktop\PC Fixes\Try these steps\DDS\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.webermarking.com/
uInternet Settings,ProxyServer = http=10.0.0.12:8080
uInternet Settings,ProxyOverride = *.weber.com;10.*;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [{2C7D49AA-381E-D3B4-98BB-1D4A4671D82F}] "c:\documents and settings\dougw\application data\riozve\goov.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: webermarking.com\owa
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://persephone/officescan/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxp://persephone/officescan/clientinstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxp://persephone/officescan/clientinstall/setup.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://fw1.webermarking.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxp://persephone/officescan/clientinstall/RemoveCtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138638988827
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38071.4828935185
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [2004-3-25 17328]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2004-3-25 660688]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-7-25 370872]
R3 {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-B;c:\windows\system32\drivers\wA301b.sys [1980-1-1 33847]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2004-3-25 2014256]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S2 TmPreFilter;Trend Micro PreFilter;\??\c:\officescan nt\tmpreflt.sys --> c:\officescan nt\TmPreFlt.sys [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\dougw\locals~1\temp\idrmkl.sys --> c:\docume~1\dougw\locals~1\temp\idrmkl.sys [?]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [2004-3-25 14924]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2009-2-10 58240]
S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2006-2-9 102463]

=============== Created Last 30 ================

2010-10-14 19:24:01 -------- d-sha-r- C:\cmdcons
2010-10-14 19:20:43 98816 ----a-w- c:\windows\sed.exe
2010-10-14 19:20:43 77312 ----a-w- c:\windows\MBR.exe
2010-10-14 19:20:43 256512 ----a-w- c:\windows\PEV.exe
2010-10-14 19:20:43 161792 ----a-w- c:\windows\SWREG.exe
2010-10-14 17:00:45 -------- d-----w- c:\program files\RegTweaker
2010-10-14 15:45:42 -------- d-----w- c:\docume~1\dougw\applic~1\Malwarebytes
2010-10-14 15:44:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-12 15:41:45 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 15:35:09 -------- d-----w- c:\docume~1\dougw\locals~1\applic~1\PCHealth
2010-10-11 19:28:11 -------- d-----w- c:\docume~1\dougw\applic~1\SUPERAntiSpyware.com
2010-10-11 19:28:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-11 18:39:15 -------- d-----w- c:\docume~1\dougw\locals~1\applic~1\Sophos
2010-10-05 20:32:44 -------- d-----w- c:\windows\ie8updates
2010-10-05 14:13:11 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-05 14:13:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-05 14:13:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-10-05 14:13:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-05 14:13:08 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-05 14:13:08 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-10-05 13:52:20 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-05 13:36:09 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-10-05 13:35:37 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-05 13:33:58 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-10-05 13:33:57 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-10-05 13:33:25 153088 ------w- c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 7:24:42.61 ===============


AND HERE IS THE UNHOOKER REPORT:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xF7217000 C:\WINDOWS\System32\DRIVERS\fw.sys 2015232 bytes (Check Point Software Technologies, -)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF749E000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB2498000 C:\WINDOWS\System32\drivers\vpn.sys 663552 bytes (Check Point Software Technologies, -)
0xF7403000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 634880 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF8345000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF073000 C:\WINDOWS\System32\ialmdd5.DLL 507904 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB2658000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEFF4B000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB273D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB23F1000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB1C15000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF769C000 C:\WINDOWS\System32\DRIVERS\bcmwl5.sys 258048 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.0 wireless driver)
0xF75F5000 C:\WINDOWS\system32\drivers\STAC97.sys 221184 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 200704 bytes (Intel Corporation, Component GHAL Driver)
0xEFFA9000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75A2000 C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys 192512 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF84A7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB254D000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8318000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB26C8000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2715000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF8433000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB2632000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB1BC9000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF75D1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF76DB000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7679000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5.1 driver)
0xF762B000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB26F3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF83FB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8459000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB27C9000 C:\WINDOWS\system32\drivers\ialmsbw.sys 122880 bytes (Intel Corporation, Intel Graphics Platform (SoftBIOS) Driver for Windows 2000® & Windows XP™)
0xF8478000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF82FE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB27E7000 C:\WINDOWS\system32\drivers\ialmkchw.sys 102400 bytes (Intel Corporation, Intel Graphics Chipset (KCH) Driver for Windows 2000® & Windows XP™)
0xF841B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB261A000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7662000 C:\WINDOWS\System32\DRIVERS\Apfiltr.sys 94208 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF76FF000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 94208 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF83D2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEFFEA000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB1FF4000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF764E000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7BC9000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EE000 ACPI_HAL 81152 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 81152 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB2796000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB253A000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 77824 bytes (Rainbow Technologies, Inc., Sentinel System Driver (NT Parallel driver))
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF83E9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8496000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xEFFD9000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF055D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7CFA000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8576000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8546000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7D0A000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF056D000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7CCA000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7CEA000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2A54000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF0D15000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8556000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8536000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7D1A000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF1455000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8516000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF1435000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF058D000 C:\WINDOWS\system32\drivers\wA301a.sys 49152 bytes (Intel Corporation, Ch7009 Minidriver)
0xF059D000 C:\WINDOWS\system32\drivers\wA301b.sys 49152 bytes (Intel Corporation, Ch7009 Minidriver)
0xF0CC5000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8506000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF1445000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF84F6000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF0D35000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF4987000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF13F5000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8526000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8616000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF1425000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF0D05000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB1C86000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF057D000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88EE000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF0A93000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF88D6000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF0AAB000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8776000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88E6000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88DE000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88CE000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF0AA3000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF87D6000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF0A9B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF14F6000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF877E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF1506000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF14FE000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF88A6000 C:\WINDOWS\System32\DRIVERS\Scap.sys 20480 bytes (Check Point Software Technologies, -)
0xF1526000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF07D3000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8912000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF89D2000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF0A65000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF1696000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB21ED000 C:\WINDOWS\system32\CCM\prepdrv.sys 16384 bytes (Microsoft Corporation, SMS Software Metering Process Event Driver)
0xF89E2000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF890A000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF890E000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6374000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF0807000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB2480000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF1165000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF07FF000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A82000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF89FA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8A8C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A80000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF89F8000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A84000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF48EC000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A86000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A66000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A74000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF89F6000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82E9E000 C:\WINDOWS\system32\KDCOM.DLL 7040 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B94000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF008F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8B1D000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8ABE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8C2E000 C:\WINDOWS\system32\DRIVERS\smsmdm.sys 4096 bytes (Microsoft Corporation, RDP Miniport)
!!!!!!!!!!!Hidden driver: 0x82F72298 ?_empty_? 3432 bytes
==============================================
>Stealth
==============================================
0xF841B000 WARNING: suspicious driver modification [atapi.sys::0x82F72298]

Edited by Orange Blossom, 15 October 2010 - 10:22 AM.
Merged topics. ~ OB


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:48 PM

Posted 23 October 2010 - 07:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 Webbie

Webbie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 25 October 2010 - 07:10 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


Thanks for the reply. Unfortunately, that was not the type of issue that I could wait for 9 days on. I rebuilt the computer the day after I posted the message...had no choice. I REALLY wanted to get that one corrected the slow and methodical way, but time constraints prevented me from that option.

Warner

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:48 PM

Posted 25 October 2010 - 06:02 PM

Hi Warner,

I figured that would happen. Sorry we took so long to get to you.

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users