Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik Trojan infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 roxiannem

roxiannem

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 02 April 2011 - 06:31 PM

Okay, here's my problem.
I have Eset antivirus and it popped up a message saying that it had detected the presence of a new trojan called olmarikwin32. Eset was not able to clean or quarantine it.
Prior to coming here we tried doing some things that friends recommended. We ran malwarebites but it didn't seem to work. So we tried to put everything back the way it was and came here for help.
Now for whatever reason the computer no longer acknowledges our internet so we've used a thumb drive to transfer DDS and gmer from another computer and retrieve the log files submitted below.
Please help us get this fixed so I can use my computer. I'm in an online Master's program and really freaking out without my machine.
Roxi (&Patrick)


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Roxianne Moore at 18:14:03.39 on Sat 04/02/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.634 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Roxianne Moore\Desktop\dds.scr
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EPSON Stylus CX5000 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibva.exe /fu "c:\windows\temp\E_S9E.tmp" /EF "HKLM"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\docume~1\roxian~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.165.16,93.188.160.46
TCP: {4F870613-47DB-466F-A5C4-6862BF671758} = 93.188.165.16,93.188.160.46
TCP: {78E297B2-13F3-4A40-BE3B-22758C030FBF} = 93.188.165.16,93.188.160.46
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\roxian~1\applic~1\mozilla\firefox\profiles\oa1etpr9.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-11-4 810144]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-11-21 12560]
.
=============== Created Last 30 ================
.
2011-04-02 17:00:46 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-04-02 14:23:37 -------- d-----w- c:\windows\pss
2011-03-31 01:04:21 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-03-29 01:48:59 -------- d-----w- c:\docume~1\roxian~1\applic~1\Malwarebytes
2011-03-29 01:48:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 01:48:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-29 01:48:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 01:48:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-01-10 15:36:46 2526720 ----a-w- c:\program files\WildThings Net.exe
2010-12-21 16:39:52 321536 ----a-w- c:\program files\CADEngine.NET.dll
2010-11-16 16:33:28 15872 ----a-w- c:\program files\FocusedTextBox.dll
2010-08-12 13:51:34 1819136 ----a-w- c:\program files\DevExpress.XtraBars.v10.1.dll
2010-08-12 13:51:08 1649152 ----a-w- c:\program files\DevExpress.XtraEditors.v10.1.dll
2010-08-12 13:50:56 5532672 ----a-w- c:\program files\DevExpress.BonusSkins.v10.1.dll
2010-08-12 13:50:54 2922496 ----a-w- c:\program files\DevExpress.Utils.v10.1.dll
2010-08-12 13:50:22 2462208 ----a-w- c:\program files\DevExpress.Data.v10.1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS726060M9AT00 rev.MH4OA6GA -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86EA9EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x8647c872; SUB DWORD [EBP-0x4], 0x8647c12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x86F54AB8]
3 CLASSPNP[0xF76E2FD7] -> nt!IofCallDriver[0x804E37C5] -> \Device\0000007c[0x86F3E3B8]
5 ACPI[0xF7659620] -> nt!IofCallDriver[0x804E37C5] -> [0x86FCAD98]
[0x86F3DD78] -> IRP_MJ_CREATE -> 0x86EA9EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS726060M9AT00_________________________MH4OA6GA#5&2cae0b77&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86EA9AEA
user & kernel MBR OK
sectors 117210238 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:44:26.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 03 April 2011 - 10:25 AM

Hi

Please do the following:

Download Combofix from either of the links below. You must rename it to iexplore before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

Link 1
Link 2

-----------------------------------------------------------


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

    -----------------------------------------------------------

  • Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

-----------------------------------------------------------


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 April 2011 - 12:15 PM

I tried to do as you suggested, but ComboFix did not run. Because my Internet connection is still blocked, I downloaded the file onto a thumb drive, renamed it, and transferred it to the infected computer. When I tried to run ComboFix, it appeared to start running and showed a progress bar. It also opened a tab on the task bar at the bottom of the screen. After several minutes, the tab and progress bar went away and nothing else happened.

I totally disabled ESET Smart Security before beginning. I did not have any other firewalls or anti-malware programs running.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 03 April 2011 - 01:33 PM

Hi

Try running the renamed ComboFix in safe mode


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


If it still wont run, run the following:



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 April 2011 - 03:17 PM

Okay, I ran the program TDSSKiller, and the log is below:

2011/04/03 15:22:43.0303 0868 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 15:22:43.0424 0868 ================================================================================
2011/04/03 15:22:43.0424 0868 SystemInfo:
2011/04/03 15:22:43.0424 0868
2011/04/03 15:22:43.0424 0868 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/03 15:22:43.0424 0868 Product type: Workstation
2011/04/03 15:22:43.0424 0868 ComputerName: ROXI
2011/04/03 15:22:43.0424 0868 UserName: Administrator
2011/04/03 15:22:43.0424 0868 Windows directory: C:\WINDOWS
2011/04/03 15:22:43.0424 0868 System windows directory: C:\WINDOWS
2011/04/03 15:22:43.0424 0868 Processor architecture: Intel x86
2011/04/03 15:22:43.0424 0868 Number of processors: 1
2011/04/03 15:22:43.0424 0868 Page size: 0x1000
2011/04/03 15:22:43.0424 0868 Boot type: Safe boot
2011/04/03 15:22:43.0424 0868 ================================================================================
2011/04/03 15:22:43.0804 0868 Initialize success
2011/04/03 15:23:02.0801 1956 ================================================================================
2011/04/03 15:23:02.0801 1956 Scan started
2011/04/03 15:23:02.0801 1956 Mode: Manual;
2011/04/03 15:23:02.0801 1956 ================================================================================
2011/04/03 15:23:06.0397 1956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/03 15:23:06.0707 1956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/03 15:23:07.0198 1956 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/04/03 15:23:07.0548 1956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/03 15:23:07.0879 1956 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/03 15:23:08.0169 1956 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/03 15:23:10.0242 1956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/03 15:23:10.0492 1956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/03 15:23:11.0384 1956 ati2mtag (5719f857136ee618f6ec7a5ccd9fb7ab) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/03 15:23:12.0135 1956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/03 15:23:12.0435 1956 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2011/04/03 15:23:12.0706 1956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/03 15:23:12.0976 1956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/03 15:23:13.0246 1956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/03 15:23:13.0707 1956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/03 15:23:13.0967 1956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/03 15:23:14.0228 1956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/03 15:23:14.0719 1956 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/03 15:23:15.0169 1956 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/03 15:23:16.0111 1956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/03 15:23:16.0671 1956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/03 15:23:17.0302 1956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/03 15:23:17.0603 1956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/03 15:23:17.0873 1956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/03 15:23:18.0374 1956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/03 15:23:18.0694 1956 E1000 (9dcf8770a06b1e12100c9b06ede3d45b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/04/03 15:23:19.0085 1956 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/04/03 15:23:19.0485 1956 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/04/03 15:23:19.0926 1956 epfw (15bfe00f030ea20955117bb0677e9668) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/04/03 15:23:20.0246 1956 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/04/03 15:23:20.0537 1956 epfwtdi (bdde7dd8fcdb1de7e879bb320b0605c0) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/04/03 15:23:20.0897 1956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/03 15:23:21.0208 1956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/03 15:23:21.0468 1956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/03 15:23:21.0729 1956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/03 15:23:22.0009 1956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/03 15:23:22.0309 1956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/03 15:23:22.0580 1956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/03 15:23:22.0880 1956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/03 15:23:23.0181 1956 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/03 15:23:23.0782 1956 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/03 15:23:24.0122 1956 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/03 15:23:24.0412 1956 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/03 15:23:24.0733 1956 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/04/03 15:23:25.0384 1956 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/04/03 15:23:26.0085 1956 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/03 15:23:26.0966 1956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/03 15:23:27.0257 1956 IBMPMDRV (931af21653dd91cd85270a2b31f87eeb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2011/04/03 15:23:27.0527 1956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/03 15:23:28.0008 1956 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/03 15:23:28.0258 1956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/03 15:23:28.0518 1956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/03 15:23:28.0799 1956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/03 15:23:29.0049 1956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/03 15:23:29.0350 1956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/03 15:23:29.0670 1956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/03 15:23:30.0001 1956 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/04/03 15:23:30.0251 1956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/03 15:23:30.0511 1956 isapnp (459f8eaa75d4d88bf56872c3a746781b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/03 15:23:30.0511 1956 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: 459f8eaa75d4d88bf56872c3a746781b, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7
2011/04/03 15:23:30.0531 1956 isapnp - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/04/03 15:23:30.0832 1956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/03 15:23:31.0122 1956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/03 15:23:31.0453 1956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/03 15:23:31.0803 1956 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/03 15:23:32.0344 1956 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/03 15:23:32.0574 1956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/03 15:23:32.0845 1956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/03 15:23:33.0085 1956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/03 15:23:33.0365 1956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/03 15:23:33.0626 1956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/03 15:23:34.0187 1956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/03 15:23:34.0647 1956 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/03 15:23:35.0118 1956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/03 15:23:35.0388 1956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/03 15:23:35.0629 1956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/03 15:23:35.0899 1956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/03 15:23:36.0159 1956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/03 15:23:36.0440 1956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/03 15:23:36.0800 1956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/03 15:23:37.0101 1956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/03 15:23:37.0341 1956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/03 15:23:37.0591 1956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/03 15:23:37.0862 1956 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/03 15:23:38.0122 1956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/03 15:23:38.0423 1956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/03 15:23:38.0863 1956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/03 15:23:39.0114 1956 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2011/04/03 15:23:39.0574 1956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/03 15:23:40.0035 1956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/03 15:23:40.0285 1956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/03 15:23:40.0556 1956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/03 15:23:40.0906 1956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/03 15:23:41.0167 1956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/03 15:23:41.0417 1956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/03 15:23:41.0667 1956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/03 15:23:42.0158 1956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/04/03 15:23:42.0428 1956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/03 15:23:44.0121 1956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/03 15:23:44.0391 1956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/03 15:23:44.0652 1956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/03 15:23:45.0983 1956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/03 15:23:46.0234 1956 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/04/03 15:23:46.0494 1956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/03 15:23:46.0815 1956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/03 15:23:47.0065 1956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/03 15:23:47.0375 1956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/03 15:23:47.0656 1956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/03 15:23:47.0966 1956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/03 15:23:48.0337 1956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/03 15:23:48.0637 1956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/03 15:23:49.0008 1956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/03 15:23:49.0268 1956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/03 15:23:49.0519 1956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/03 15:23:49.0879 1956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/03 15:23:50.0260 1956 smihlp (2a348e2292eb57775787ec4be7622715) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2011/04/03 15:23:50.0630 1956 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/03 15:23:51.0181 1956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/03 15:23:51.0501 1956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/03 15:23:51.0912 1956 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/03 15:23:52.0293 1956 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/03 15:23:52.0553 1956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/03 15:23:52.0813 1956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/03 15:23:54.0075 1956 SynTP (1cde0a5c0416187b9b89e03980c6e8de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/04/03 15:23:54.0416 1956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/03 15:23:54.0826 1956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/03 15:23:55.0277 1956 Tcpip6 (fb9f32acc1d3ad523f7ec900b66fc1bb) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/04/03 15:23:55.0647 1956 TcUsb (d623a84feaf092ab2fcfbf68d194a3df) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/04/03 15:23:55.0948 1956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/03 15:23:56.0228 1956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/03 15:23:56.0479 1956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/03 15:23:57.0079 1956 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/04/03 15:23:57.0370 1956 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
2011/04/03 15:23:57.0680 1956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/03 15:23:58.0361 1956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/03 15:23:58.0812 1956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/03 15:23:59.0082 1956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/03 15:23:59.0343 1956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/03 15:23:59.0603 1956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/03 15:23:59.0904 1956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/03 15:24:00.0154 1956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/03 15:24:00.0404 1956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/03 15:24:00.0655 1956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/03 15:24:01.0135 1956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/03 15:24:02.0167 1956 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/04/03 15:24:03.0268 1956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/03 15:24:03.0799 1956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/03 15:24:04.0340 1956 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/03 15:24:04.0931 1956 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/04/03 15:24:05.0972 1956 ================================================================================
2011/04/03 15:24:05.0972 1956 Scan finished
2011/04/03 15:24:05.0972 1956 ================================================================================
2011/04/03 15:24:06.0002 1864 Detected object count: 1
2011/04/03 15:24:52.0099 1864 isapnp (459f8eaa75d4d88bf56872c3a746781b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/03 15:24:52.0099 1864 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\isapnp.sys. Real md5: 459f8eaa75d4d88bf56872c3a746781b, Fake md5: 05a299ec56e52649b1cf2fc52d20f2d7
2011/04/03 15:25:06.0960 1864 Backup copy found, using it..
2011/04/03 15:25:06.0990 1864 C:\WINDOWS\system32\DRIVERS\isapnp.sys - will be cured after reboot
2011/04/03 15:25:06.0990 1864 Rootkit.Win32.TDSS.tdl3(isapnp) - User select action: Cure
2011/04/03 15:25:27.0159 1932 Deinitialize success

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 03 April 2011 - 03:19 PM

Hi, please give the renamed ComboFix another try now, it should run now that TDSSKiller has removed the TDL3 rootkit

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 April 2011 - 03:59 PM

I tried to run ComboFix, but had 2 problems: (1) I cannot disable ESET Security in Safe Mode. I tried using MSConfig, but ComboFix kept saying that the real-time scanner was still active. (2) I ran ComboFix anyway, but it said that I do not have MS Windows Recovery Console installed, or what I have is not updated. Without this, ComboFix will not fix the infection. Since I still can't access the Internet on that machine, I cannot download the System Recovery file for ComboFix.

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 03 April 2011 - 04:11 PM

Hi

It should still run through both those issues > press OK and it should continue

try via safe mode with networking:

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 April 2011 - 07:17 PM

Okay, I did get ComboFix to run. Here's the log:

ComboFix 11-04-02.05 - Administrator 04/03/2011 20:02:56.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.827 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Roxianne Moore\System
c:\documents and settings\Roxianne Moore\System\win_qs8.jqx
.
----- BITS: Possible infected sites -----
.
hxxp://maraus1
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-02 17:00 . 2011-04-02 17:06 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-03-29 01:48 . 2011-03-29 01:48 -------- d-----w- c:\documents and settings\Roxianne Moore\Application Data\Malwarebytes
2011-03-29 01:48 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 01:48 . 2011-03-29 01:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-29 01:48 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 01:48 . 2011-03-29 21:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-03 19:26 . 2008-04-14 00:06 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2011-01-10 15:36 . 2011-01-10 15:36 2526720 ----a-w- c:\program files\WildThings Net.exe
2010-12-21 16:39 . 2010-12-21 16:39 321536 ----a-w- c:\program files\CADEngine.NET.dll
2010-11-16 16:33 . 2010-11-16 16:33 15872 ----a-w- c:\program files\FocusedTextBox.dll
2010-08-12 13:51 . 2010-08-12 13:51 1819136 ----a-w- c:\program files\DevExpress.XtraBars.v10.1.dll
2010-08-12 13:51 . 2010-08-12 13:51 1649152 ----a-w- c:\program files\DevExpress.XtraEditors.v10.1.dll
2010-08-12 13:50 . 2010-08-12 13:50 5532672 ----a-w- c:\program files\DevExpress.BonusSkins.v10.1.dll
2010-08-12 13:50 . 2010-08-12 13:50 2922496 ----a-w- c:\program files\DevExpress.Utils.v10.1.dll
2010-08-12 13:50 . 2010-08-12 13:50 2462208 ----a-w- c:\program files\DevExpress.Data.v10.1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\Roxianne Moore\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-11-21 08:35 95496 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-11-04 22:15 2219184 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
2006-02-14 09:00 131072 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBVA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 23:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2008-11-21 07:50 49928 ----a-w- c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-16 00:18 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-06-24 22:33 561152 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-06-24 22:34 126976 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IBMPMSVC"=2 (0x2)
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
.
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7/29/2010 1:31 PM 115008]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [11/21/2008 4:11 AM 12560]
S4 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11/4/2010 6:15 PM 810144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-04-03 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-08-31 17:29]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 20:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
.
- - - - - - - > 'lsass.exe'(1404)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2011-04-03 20:09:48
ComboFix-quarantined-files.txt 2011-04-04 00:09
.
Pre-Run: 21,239,623,680 bytes free
Post-Run: 21,867,421,696 bytes free
.
- - End Of File - - F8769DC7E3C7FF7F80C191F9ABE39BE1

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 03 April 2011 - 07:21 PM

Hi

Please do the following:


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 03 April 2011 - 09:29 PM

I did as you suggested. I am now able to access the Internet on my laptop, but only with the ethernet cable; the wireless connection is still inaccessible. I am also still getting an error message with ESET Smart Security that it can't communicate with the kernel. Other than that, most of the problems have been resolved.

I ran both MalwareBytes and ESET Online, and neither one found any threats. There was no log for ESET, but this is the one from MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6262

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/3/2011 9:17:57 PM
mbam-log-2011-04-03 (21-17-57).txt

Scan type: Quick scan
Objects scanned: 157124
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 04 April 2011 - 06:53 AM

Please do the following.

Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 24 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click Continue The page will refresh.
  • Click on the link to download Windows Offline Installation and Save the file to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start(or My Computer) > Control Panel and double-click on Add or Remove Programs and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE, J2SE, Java™ SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window. Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
  • Click OK to leave the Temporary Files Window.
  • Click OK to leave the Java Control Panel.
  • Delete jre-6u24-windows-i586-p.exe from your desktop.


NEXT
Please post a fresh DDS Log and Attach.txt and advise if you still have outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 04 April 2011 - 11:09 AM

Okay
Adobe and Java have been updated. No problems there.
It seems like most things are back to normal with the exceptions of Eset crashing because it can't communicate with it's kernal (It won't even open a window to turn off antivirus and such, had to use msconfig) and we still can't get online via wireless. The computer at least sees the network now, it just won't connect to it. Oh, and office is asking for its key again but I've got that on file so it shouldn't be a problem.

here's the logs

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Roxianne Moore at 11:56:30.22 on Mon 04/04/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.704 [GMT -4:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Roxianne Moore\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
StartupFolder: c:\docume~1\roxian~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\roxian~1\applic~1\mozilla\firefox\profiles\oa1etpr9.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-11-21 12560]
S4 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-11-4 810144]
.
=============== Created Last 30 ================
.
2011-04-04 15:33:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-04 15:33:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-04 15:33:00 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-04-03 20:52:06 98816 ----a-w- c:\windows\sed.exe
2011-04-03 20:52:06 89088 ----a-w- c:\windows\MBR.exe
2011-04-03 20:52:06 256512 ----a-w- c:\windows\PEV.exe
2011-04-03 20:52:06 161792 ----a-w- c:\windows\SWREG.exe
2011-04-02 17:00:46 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-04-02 14:23:37 -------- d-----w- c:\windows\pss
2011-03-29 01:48:59 -------- d-----w- c:\docume~1\roxian~1\applic~1\Malwarebytes
2011-03-29 01:48:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-29 01:48:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-29 01:48:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 01:48:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-12 16:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-01-10 15:36:46 2526720 ----a-w- c:\program files\WildThings Net.exe
2010-12-21 16:39:52 321536 ----a-w- c:\program files\CADEngine.NET.dll
2010-11-16 16:33:28 15872 ----a-w- c:\program files\FocusedTextBox.dll
2010-08-12 13:51:34 1819136 ----a-w- c:\program files\DevExpress.XtraBars.v10.1.dll
2010-08-12 13:51:08 1649152 ----a-w- c:\program files\DevExpress.XtraEditors.v10.1.dll
2010-08-12 13:50:56 5532672 ----a-w- c:\program files\DevExpress.BonusSkins.v10.1.dll
2010-08-12 13:50:54 2922496 ----a-w- c:\program files\DevExpress.Utils.v10.1.dll
2010-08-12 13:50:22 2462208 ----a-w- c:\program files\DevExpress.Data.v10.1.dll
.
============= FINISH: 11:57:13.71 ===============



and the attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2009 8:42:53 AM
System Uptime: 4/4/2011 11:54:50 AM (0 hours ago)
.
Motherboard: IBM | | 2376TU2
Processor: Intel® Pentium® M processor 1.70GHz | None | 1694/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 48 GiB total, 19.311 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP285: 1/16/2011 9:56:34 AM - System Checkpoint
RP286: 1/17/2011 11:46:01 AM - System Checkpoint
RP287: 1/17/2011 7:58:22 PM - Installed FREE Wild Things
RP288: 1/18/2011 8:45:41 PM - System Checkpoint
RP289: 1/19/2011 9:17:08 PM - System Checkpoint
RP290: 1/20/2011 1:22:14 PM - Installed eBook: Special Education: Core Knowledge Study Guide
RP291: 1/20/2011 1:22:31 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP292: 1/21/2011 1:47:16 PM - System Checkpoint
RP293: 1/22/2011 2:21:56 PM - System Checkpoint
RP294: 1/23/2011 2:34:10 PM - System Checkpoint
RP295: 1/24/2011 3:35:06 PM - System Checkpoint
RP296: 1/25/2011 3:47:36 PM - System Checkpoint
RP297: 1/26/2011 4:49:55 PM - System Checkpoint
RP298: 1/27/2011 5:48:44 PM - System Checkpoint
RP299: 1/28/2011 5:58:28 PM - System Checkpoint
RP300: 1/29/2011 7:02:10 PM - System Checkpoint
RP301: 1/30/2011 7:28:46 PM - System Checkpoint
RP302: 1/31/2011 7:35:43 PM - System Checkpoint
RP303: 2/1/2011 7:47:40 PM - System Checkpoint
RP304: 2/2/2011 8:34:10 PM - System Checkpoint
RP305: 2/3/2011 8:44:42 PM - System Checkpoint
RP306: 2/4/2011 9:36:42 PM - System Checkpoint
RP307: 2/5/2011 11:03:57 PM - System Checkpoint
RP308: 2/6/2011 11:48:11 PM - System Checkpoint
RP309: 2/8/2011 12:48:11 AM - System Checkpoint
RP310: 2/9/2011 1:48:11 AM - System Checkpoint
RP311: 2/10/2011 2:48:11 AM - System Checkpoint
RP312: 2/11/2011 6:47:50 AM - System Checkpoint
RP313: 2/12/2011 8:09:41 AM - System Checkpoint
RP314: 2/13/2011 11:25:45 AM - System Checkpoint
RP315: 2/14/2011 12:14:44 PM - System Checkpoint
RP316: 2/15/2011 12:48:15 PM - System Checkpoint
RP317: 2/16/2011 1:48:15 PM - System Checkpoint
RP318: 2/17/2011 2:48:15 PM - System Checkpoint
RP319: 2/18/2011 2:51:52 PM - System Checkpoint
RP320: 2/19/2011 3:51:51 PM - System Checkpoint
RP321: 2/20/2011 9:15:32 PM - System Checkpoint
RP322: 2/21/2011 10:15:56 PM - System Checkpoint
RP323: 2/22/2011 11:25:07 PM - System Checkpoint
RP324: 2/24/2011 12:12:37 AM - System Checkpoint
RP325: 2/25/2011 1:12:36 AM - System Checkpoint
RP326: 2/26/2011 2:11:53 AM - System Checkpoint
RP327: 2/27/2011 2:16:08 AM - System Checkpoint
RP328: 2/28/2011 3:16:08 AM - System Checkpoint
RP329: 3/1/2011 4:16:14 AM - System Checkpoint
RP330: 3/2/2011 5:16:11 AM - System Checkpoint
RP331: 3/3/2011 6:16:09 AM - System Checkpoint
RP332: 3/4/2011 7:16:09 AM - System Checkpoint
RP333: 3/5/2011 8:16:11 AM - System Checkpoint
RP334: 3/6/2011 9:18:25 AM - System Checkpoint
RP335: 3/6/2011 10:42:16 AM - Installed Connect Service
RP336: 3/7/2011 10:44:20 AM - System Checkpoint
RP337: 3/8/2011 6:27:46 PM - System Checkpoint
RP338: 3/9/2011 7:06:00 PM - System Checkpoint
RP339: 3/10/2011 8:55:21 PM - System Checkpoint
RP340: 3/11/2011 9:10:43 PM - System Checkpoint
RP341: 3/12/2011 10:26:36 PM - System Checkpoint
RP342: 3/13/2011 11:05:56 PM - System Checkpoint
RP343: 3/15/2011 12:05:56 AM - System Checkpoint
RP344: 3/16/2011 1:05:56 AM - System Checkpoint
RP345: 3/17/2011 2:05:54 AM - System Checkpoint
RP346: 3/18/2011 3:05:57 AM - System Checkpoint
RP347: 3/19/2011 3:14:01 AM - System Checkpoint
RP348: 3/20/2011 4:05:57 AM - System Checkpoint
RP349: 3/21/2011 5:05:58 AM - System Checkpoint
RP350: 3/22/2011 6:05:58 AM - System Checkpoint
RP351: 3/23/2011 7:05:59 AM - System Checkpoint
RP352: 3/24/2011 8:28:18 AM - System Checkpoint
RP353: 3/25/2011 9:21:13 AM - System Checkpoint
RP354: 3/26/2011 10:15:18 AM - System Checkpoint
RP355: 3/27/2011 10:29:28 AM - System Checkpoint
RP356: 3/28/2011 11:21:38 AM - System Checkpoint
RP357: 3/29/2011 11:29:24 AM - System Checkpoint
RP358: 3/29/2011 5:15:59 PM - Restore Operation
RP359: 4/4/2011 11:23:42 AM - Removed Java™ 6 Update 17
RP360: 4/4/2011 11:32:32 AM - Installed Java™ 6 Update 24
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 5
ATI Display Driver
Atmel TPM Driver
BufferChm
Destinations
DeviceDiscovery
DocMgr
DocProc
eBook: Special Education: Core Knowledge Study Guide
EPSON Printer Software
EPSON Scan
ESET Smart Security
Fax
File Uploader
FREE Wild Things
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
IBM ThinkPad UltraNav Driver
Java Auto Updater
Java™ 6 Update 24
Make Your Own Clothes by PatternMaker Software
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.18)
Network
Nikon Message Center
Nikon Transfer
OCR Software by I.R.I.S. 13.0
Picasa 3
Picture Control Utility
QuickTime
Scan
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shop for HP Supplies
SmartDraw VP
SmartWebPrinting
SolutionCenter
Status
ThinkPad Integrated 56K Modem
ThinkPad Power Management Driver
ThinkVantage Fingerprint Software 5.8
Toolbox
TrayApp
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
ViewNX
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/3/2011 9:11:47 PM, error: Dhcp [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 001125483EE6 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
4/3/2011 9:06:01 PM, error: Dhcp [1002] - The IP address lease 192.168.254.3 for the Network Card with network address 001125483EE6 has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).
4/3/2011 8:36:27 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
4/3/2011 3:28:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdi Fips intelppm IPSec MRxSmb NetBIOS NetBT PCIIde RasAcd Rdbss Tcpip Tcpip6
4/2/2011 6:44:49 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 17 time(s).
4/2/2011 6:44:49 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 18 time(s).
4/2/2011 6:41:59 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 15 time(s).
4/2/2011 6:41:59 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 16 time(s).
4/2/2011 6:39:22 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 14 time(s).
4/2/2011 6:39:22 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 14 time(s).
4/2/2011 6:23:08 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 8 time(s).
4/2/2011 6:23:08 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 8 time(s).
4/2/2011 6:23:08 PM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/2/2011 6:04:46 PM, error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
4/2/2011 6:04:46 PM, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
4/2/2011 12:30:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm
4/2/2011 10:50:29 AM, error: Print [19] - Sharing printer failed + 1722, Printer Send To OneNote 2007 share name Printer.
4/2/2011 10:10:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/2/2011 10:09:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6
4/2/2011 10:09:36 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 10:09:36 AM, error: Service Control Manager [7001] - The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 10:09:36 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 10:09:36 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 10:09:36 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 10:09:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/2/2011 10:08:54 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/1/2011 4:58:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/1/2011 4:58:26 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/1/2011 4:58:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
4/1/2011 4:55:32 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/1/2011 4:55:32 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/1/2011 4:36:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP CUE DeviceDiscovery Service service to connect.
4/1/2011 4:36:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
4/1/2011 4:36:22 PM, error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/1/2011 4:36:22 PM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/1/2011 10:10:07 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/30/2011 8:52:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
3/30/2011 8:04:05 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
3/29/2011 4:41:25 PM, error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
3/28/2011 10:11:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
3/28/2011 10:11:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
3/28/2011 10:11:45 PM, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/28/2011 10:11:26 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 f731d1d9, parameter3 f7aedaa4, parameter4 f7aed7a0.
3/28/2011 10:08:24 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:25 PM

Posted 04 April 2011 - 11:29 AM

Try uninstalling ESET completely, then re-installing it.
Download and use the ESET uninstaller tool
http://kb.eset.com/esetkb/index?page=content&id=SOLN2289

For the wifi
Try working through this wifi troubleshooter, see if anything there helps at all

http://www.daileyint.com/hmdpc/connect.htm

check device manager and see if there are any yellow triangles beside any of the devices, you may just need to start a service that has been accidentally turned off.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 roxiannem

roxiannem
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 04 April 2011 - 04:12 PM

I have uninstalled ESET and reinstalled it, and it seems to be working with no problems. The wireless connection still isn't working, but I'm sure I can sort that out with tech support for my service provider.

Since everything's apparently working, should I enable the CD emulation again?

Thank you so much for your help. I doubt I could have figured all this out without you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users