Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Win32.ZAccess.c ate my computer


  • This topic is locked This topic is locked
52 replies to this topic

#1 scott_ph

scott_ph

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 08 August 2011 - 01:11 AM

Approximately a week ago, my HP Pavilion zd8000 (running Windows XP Media Edition, Service Pack 2), computer was infected with what I later learned was this Google Redirect virus. I use PC Doctor for antivirus and I noticed that it was offline and I couldn't get it back. Then I began to get Windows Firewall notices and when I started to get suspicious and went googling for answers, I kept getting sent to results pages that I knew were bogus.
I tried running Malwarebytes with no success. I tried changing the name of the "mbam.exe" file and was told that I didn't have those permissions. I opened another browser on the desktop, hoping to get enough of a clean result that I could get a clue as to what was going on. I found this site, started reading some of the responses. I managed to download "TDSS Killer" and got it to run and identify the above mentioned virus. It identified that the virus had corrupted the "AFD.sys" and "mrxsmb.sys" drivers. I would hit the button and let the program "cure" and then try to run Malwarebytes again. No luck. The computer wouldn't even let the program open. I downloaded a new copy, installed it in a different directory and tried to install and run it. It would run for about 10-15 seconds and then shut down. Frustrated and stymied, I shut it down.
I have a friend who is a systems administrator and I took it over to his house to see if we could do anything. We ran through the same steps I was trying before with the TDSS killer and then Malwarebytes. We were finally able to get Malwarebytes to run and it found a couple things, but they were different that the AFD and mrxsmb finds of previous runs. Now it was in the ipsec.sys and netbt.sys drivers. TDSS Killer would find these and would cure one, but would return a "processing error" on the other. Before we quit that evening, we also discovered that the wireless would "hang" at the "acquiring network address" step and so I couldn't get online any longer. We quit after a couple hours and I put it back in the bag and brought it home.
I got on my girlfriend's Mac, signed up for an account, downloaded the software recommended and I've run the scans and etc. The dds log is below:


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Scott Philo at 0:21:14 on 2011-08-08
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1651 [GMT -5:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
svchost.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
StartupFolder: c:\docume~1\scottp~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2168FB98-9EA1-4E3B-99FC-8C1B3B414204} : DhcpNameServer = 192.168.1.1
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scott philo\application data\mozilla\firefox\profiles\n7lpo8hp.default\
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\pc tools security\bdt\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-7-29 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-7-29 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-7-29 656320]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-29 247760]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-19 45312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-10-21 632792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2010-9-7 28672]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-19 136176]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-7-29 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-7-29 1150936]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-19 136176]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-08-03 03:01:39 -------- d-----w- C:\_OTM
2011-08-03 00:26:24 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareIIII
2011-08-03 00:18:19 -------- d--h--w- c:\windows\PIF
2011-08-02 23:21:22 1404208 ----a-w- C:\tdsskiller.exe
2011-07-31 04:58:40 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareIII
2011-07-30 07:51:27 44560 --sha-w- c:\windows\system32\c_30565.nl_
2011-07-30 07:15:27 -------- d-----w- C:\Kaspersky
2011-07-29 18:27:48 -------- d-----w- c:\program files\CCleaner
2011-07-29 17:43:13 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-29 17:43:13 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-29 17:43:12 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-29 17:43:12 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-29 17:37:38 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-29 17:37:38 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-29 17:37:37 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-29 17:37:34 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-29 17:37:34 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-29 17:37:24 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-29 17:37:14 -------- d-----w- c:\program files\PC Tools Security
2011-07-29 17:37:14 -------- d-----w- c:\documents and settings\scott philo\application data\PC Tools
2011-07-29 17:01:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-29 17:01:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-29 17:00:49 -------- d-----w- c:\windows\system32\shxfont
2011-07-29 17:00:49 -------- d-----w- c:\windows\system32\PS
2011-07-29 17:00:38 -------- d-----w- c:\program files\Calibre2
2011-07-29 16:28:03 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareII
2011-07-19 02:45:39 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-19 02:45:39 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-18 05:17:42 -------- d-----w- c:\documents and settings\scott philo\application data\Merscom
2011-07-18 05:17:42 -------- d-----w- c:\documents and settings\all users\application data\Merscom
2011-07-17 06:14:26 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2011-07-17 05:52:55 -------- d-----w- c:\documents and settings\all users\application data\Big Fish Games
2011-07-17 05:52:51 -------- d-----w- c:\program files\bfgclient
2011-07-17 05:51:33 -------- d-----w- c:\documents and settings\all users\application data\BigFishGamesCache
.
==================== Find3M ====================
.
2011-08-03 02:44:10 908032 ----a-w- c:\windows\system32\drivers\mrxsmb.badsys
2011-08-03 01:58:14 149504 ----a-w- c:\windows\system32\drivers\ipsec.badsys
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 0:22:10.96 ===============




I'm not sure the GMER tool ran as it was supposed to. I will attach the results page I got when I double clicked on the file. But after checking the appropriate boxes and hitting the SCAN button, the application quit. I tried restarting, but the computer told me I couldn't do that. Here's the log I was able to copy:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-08 00:32:49
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600BEVE-00WZT0 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\SCOTTP~1\LOCALS~1\Temp\fwlyypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

---- Threads - GMER 1.0.15 ----

Thread System [4:940] A7BABD20
Thread System [4:944] A7BABD20
Thread System [4:948] BA240985
Thread System [4:952] BA240985

---- EOF - GMER 1.0.15 ----


So, there it is. I have my profile set to send me notifications and I have my iPhone to get my email. I'm able to use my girl's Mac to read and respond and it seems as though I can download applications to the flashdrive and then run them on my machine, at least until the wireless gets working again on my computer.

Thank you in advance for any assistance you can provide.

Scott

BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 08 August 2011 - 03:26 AM

:welcome: to BC!

Before we quit that evening, we also discovered that the wireless would "hang" at the "acquiring network address" step and so I couldn't get online any longer.

Can you connect wired to Internet?

Step 1.
Flashdisinfector:


Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Use the disinfected flashdrive to transfer files between the computers.

Step 2.
ComboFix:

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.




Step 3.
Things I would like to see in your reply:

  • Answer to the question in the beginning of this post.
  • The content of Attach.txt from when DDS was run (should be on the desktop - same location as DDS)
  • The content of C:\ComboFix.txt from step 2.

Edited by heir, 08 August 2011 - 03:48 AM.
added request for Attach.txt

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 10 August 2011 - 02:27 PM

Thank you for your help.

I am working at a Renaissance Fair and we get our internet through a Verizon MiFi hotspot, so I can't connect via wire. The friend I sat with a few nights ago lives a ways away and it makes it inconvenient to try. Having said that, I will likely be heading that way in few days and will try, but for all intents and purposes, the answer is no...at least for now.

I was able to download all the required software to a flash drive and transfer it to the desktop.

I ran Flash_Disinfector successfully.

I dragged the MS file over the to the ComboFix file and lights flashed and windows opened and it sat for a while and I watched and then the Recovery console was installed and ComboFix ran and found the rootkit Access virus and then rebooted and now it's preparing to run again.

The program suggested I try and access the network after it all settles down and I will try to do that. (I hope it works...I'm tired of my girlfriend sbleeping every time I have to use her Mac to fix my PC...)

ComboFix successfully completed 50 stages. Deleted some files and a folder and rebooted Windows.

ComboFix Log:

ComboFix 11-08-09.02 - Scott Philo 08/10/2011 13:56:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1716 [GMT -5:00]
Running from: c:\documents and settings\Scott Philo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott Philo\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB12029$
c:\windows\$NtUninstallKB12029$\1838413913
c:\windows\$NtUninstallKB12029$\194435732\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB12029$\194435732\click.tlb
c:\windows\$NtUninstallKB12029$\194435732\L\tigeweow
c:\windows\$NtUninstallKB12029$\194435732\loader.tlb
c:\windows\$NtUninstallKB12029$\194435732\U\@00000001
c:\windows\$NtUninstallKB12029$\194435732\U\@000000c0
c:\windows\$NtUninstallKB12029$\194435732\U\@000000cb
c:\windows\$NtUninstallKB12029$\194435732\U\@000000cf
c:\windows\$NtUninstallKB12029$\194435732\U\@80000000
c:\windows\$NtUninstallKB12029$\194435732\U\@800000c0
c:\windows\$NtUninstallKB12029$\194435732\U\@800000cb
c:\windows\$NtUninstallKB12029$\194435732\U\@800000cf
c:\windows\explorer(2).exe
c:\windows\system32\c_30565.nls
c:\windows\system32\linkinfo(2).dll
E:\Autorun.inf
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 )))))))))))))))))))))))))))))))
.
.
2011-08-10 18:50 . 2004-08-10 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-08-10 18:50 . 2004-08-10 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-03 03:01 . 2011-08-03 03:01 -------- d-----w- C:\_OTM
2011-08-03 02:56 . 2011-08-03 02:57 -------- d-----w- c:\program files\ERUNT
2011-08-03 00:18 . 2011-08-03 00:18 -------- d-----w- c:\documents and settings\Administrator
2011-08-03 00:18 . 2011-08-03 00:18 -------- d--h--w- c:\windows\PIF
2011-08-02 23:21 . 2011-07-30 07:48 1404208 ----a-w- C:\tdsskiller.exe
2011-07-30 07:51 . 2011-08-08 05:01 44560 --sha-w- c:\windows\system32\c_30565.nl_
2011-07-30 07:15 . 2011-08-03 03:23 -------- d-----w- C:\Kaspersky
2011-07-29 18:27 . 2011-07-29 18:27 -------- d-----w- c:\program files\CCleaner
2011-07-29 17:43 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-29 17:43 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-29 17:43 . 2011-01-07 19:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-29 17:43 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-29 17:37 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-29 17:37 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-29 17:37 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-29 17:37 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-29 17:37 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-29 17:37 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-29 17:37 . 2011-07-29 17:43 -------- d-----w- c:\program files\PC Tools Security
2011-07-29 17:37 . 2011-07-29 17:37 -------- d-----w- c:\documents and settings\Scott Philo\Application Data\PC Tools
2011-07-29 17:01 . 2011-07-29 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\windows\system32\shxfont
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\windows\system32\PS
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\program files\Calibre2
2011-07-29 16:28 . 2011-07-29 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareII
2011-07-19 02:45 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-19 02:45 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-18 05:17 . 2011-07-18 05:17 -------- d-----w- c:\documents and settings\Scott Philo\Application Data\Merscom
2011-07-18 05:17 . 2011-07-18 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2011-07-17 06:14 . 2011-07-17 06:16 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2011-07-17 05:52 . 2011-07-17 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-07-17 05:52 . 2011-07-17 05:53 -------- d-----w- c:\program files\bfgclient
2011-07-17 05:51 . 2011-07-17 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 02:44 . 2010-10-11 19:05 908032 ----a-w- c:\windows\system32\drivers\mrxsmb.badsys
2011-08-03 01:58 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\drivers\ipsec.badsys
2011-07-07 00:52 . 2010-07-02 21:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-07-02 21:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-09-11 98395]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-09-11 684123]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-19 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
c:\documents and settings\Scott Philo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-28 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Scott Philo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/29/2011 12:37 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [7/29/2011 12:37 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [7/29/2011 12:37 PM 656320]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/29/2011 12:43 PM 247760]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 8:04 AM 45312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/21/2010 1:16 PM 632792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [9/7/2010 2:11 PM 28672]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 12:23 AM 136176]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/29/2011 12:37 PM 366840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 12:23 AM 136176]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 05:23]
.
2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 05:23]
.
2011-07-29 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-02-08 18:26]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scott Philo\Application Data\Mozilla\Firefox\Profiles\n7lpo8hp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-00405598.sys
SafeBoot-08167460.sys
SafeBoot-08365945.sys
SafeBoot-14463637.sys
SafeBoot-22781380.sys
SafeBoot-30050718.sys
SafeBoot-33130602.sys
SafeBoot-35513019.sys
SafeBoot-35881663.sys
SafeBoot-45374465.sys
SafeBoot-72042612.sys
SafeBoot-73785253.sys
SafeBoot-79400626.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 14:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?2?4?6??????? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.mrxsmb]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(492)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3432)
c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-08-10 14:13:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-10 19:13
.
Pre-Run: 94,400,438,272 bytes free
Post-Run: 94,600,941,568 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 203F49484848B365E31D7F38F010E3A8


Attach.txt log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/1/2010 11:45:19 PM
System Uptime: 8/8/2011 12:01:09 AM (0 hours ago)
.
Motherboard: Quanta | | 3082
Processor: Intel® Pentium® 4 CPU 3.20GHz | LGA 775 | 3192/800mhz
Processor: Intel® Pentium® 4 CPU 3.20GHz | LGA 775 | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 88.155 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6500A___________________2.81____\5&26BBB134&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+-RW ND-6500A
PNP Device ID: IDE\CDROM_NEC_DVD+-RW_ND-6500A___________________2.81____\5&26BBB134&0&0.1.0
Service: cdrom
.
==== System Restore Points ===================
.
RP162: 5/20/2011 10:29:54 AM - System Checkpoint
RP163: 5/21/2011 11:25:24 AM - System Checkpoint
RP164: 5/22/2011 1:48:37 PM - System Checkpoint
RP165: 5/23/2011 3:13:20 PM - System Checkpoint
RP166: 5/24/2011 4:25:36 PM - System Checkpoint
RP167: 5/25/2011 6:01:28 PM - System Checkpoint
RP168: 5/27/2011 12:48:02 AM - System Checkpoint
RP169: 5/28/2011 10:59:14 AM - System Checkpoint
RP170: 5/29/2011 4:05:37 PM - System Checkpoint
RP171: 5/29/2011 10:56:30 PM - Installed Java™ 6 Update 23
RP172: 5/29/2011 10:59:10 PM - Software Distribution Service 3.0
RP173: 12/31/2010 1:30:37 AM - System Checkpoint
RP174: 1/1/2011 2:02:21 AM - System Checkpoint
RP175: 1/2/2011 2:48:10 AM - System Checkpoint
RP176: 1/3/2011 2:54:47 AM - System Checkpoint
RP177: 1/4/2011 3:00:09 AM - System Checkpoint
RP178: 1/4/2011 12:43:12 PM - Installed Acronis†True†Image†Home 2011
RP179: 1/5/2011 12:53:47 PM - Installed NTI Backup Now EZ
RP180: 1/6/2011 2:09:55 PM - System Checkpoint
RP181: 1/7/2011 3:56:28 PM - System Checkpoint
RP182: 1/9/2011 12:43:02 AM - System Checkpoint
RP183: 1/10/2011 1:03:57 PM - System Checkpoint
RP184: 1/10/2011 4:06:57 PM - Removed Acronis†True†Image†Home 2011
RP185: 1/11/2011 4:19:26 PM - System Checkpoint
RP186: 1/12/2011 6:42:39 PM - System Checkpoint
RP187: 1/13/2011 1:52:27 PM - Installed calibre
RP188: 1/13/2011 4:43:06 PM - Software Distribution Service 3.0
RP189: 1/14/2011 4:48:40 PM - System Checkpoint
RP190: 1/15/2011 3:52:35 PM - Software Distribution Service 3.0
RP191: 1/17/2011 4:58:59 AM - System Checkpoint
RP192: 1/18/2011 9:33:04 AM - System Checkpoint
RP193: 1/19/2011 12:43:20 PM - System Checkpoint
RP194: 1/19/2011 10:18:01 PM - Software Distribution Service 3.0
RP195: 1/20/2011 12:33:49 AM - Installed HP Dual TV Tuner / Digital Video Recorder Driver
RP196: 1/20/2011 12:35:08 AM - Installed REALTEK Gigabit and Fast Ethernet NIC Driver
RP197: 1/20/2011 2:36:01 PM - Restore Operation
RP198: 1/21/2011 3:50:45 PM - System Checkpoint
RP199: 1/23/2011 12:28:55 AM - System Checkpoint
RP200: 1/24/2011 2:18:10 AM - System Checkpoint
RP201: 1/25/2011 4:18:29 AM - System Checkpoint
RP202: 1/26/2011 5:13:05 AM - System Checkpoint
RP203: 1/27/2011 5:22:47 AM - System Checkpoint
RP204: 1/28/2011 6:22:47 AM - System Checkpoint
RP205: 5/27/2011 1:54:27 AM - System Checkpoint
RP206: 5/28/2011 2:37:42 AM - System Checkpoint
RP207: 5/29/2011 3:26:41 AM - System Checkpoint
RP208: 5/30/2011 3:38:36 AM - System Checkpoint
RP209: 5/31/2011 3:41:09 AM - System Checkpoint
RP210: 6/1/2011 4:13:37 AM - System Checkpoint
RP211: 6/2/2011 12:29:32 PM - System Checkpoint
RP212: 2/4/2011 6:07:13 PM - System Checkpoint
RP213: 2/5/2011 7:35:46 PM - System Checkpoint
RP214: 2/7/2011 3:37:39 AM - System Checkpoint
RP215: 2/8/2011 1:37:16 AM - Made by Registry Mechanic O
RP216: 2/8/2011 2:07:03 AM - Removed Adobe Reader 6.0.1
RP217: 2/8/2011 2:07:37 AM - Installed Adobe Reader X.
RP218: 2/9/2011 2:20:45 AM - System Checkpoint
RP219: 2/10/2011 3:09:43 AM - System Checkpoint
RP220: 2/11/2011 5:39:44 PM - System Checkpoint
RP221: 2/12/2011 9:34:14 PM - System Checkpoint
RP222: 2/13/2011 10:40:15 PM - System Checkpoint
RP223: 2/15/2011 12:11:28 PM - Software Distribution Service 3.0
RP224: 2/15/2011 9:08:18 PM - Made by Registry Mechanic O
RP225: 2/16/2011 10:09:43 PM - System Checkpoint
RP226: 2/17/2011 10:42:07 PM - System Checkpoint
RP227: 2/18/2011 11:46:22 PM - System Checkpoint
RP228: 2/20/2011 2:35:27 AM - System Checkpoint
RP229: 2/21/2011 12:51:19 AM - Restore Operation
RP230: 2/21/2011 11:26:18 AM - Restore Operation
RP231: 2/21/2011 12:03:19 PM - Removed Adobe Reader X.
RP232: 2/21/2011 12:05:51 PM - Made by Registry Mechanic O
RP233: 2/21/2011 1:25:57 PM - Installed Adobe Reader X (10.0.1).
RP234: 2/22/2011 2:37:10 PM - System Checkpoint
RP235: 2/23/2011 4:39:19 PM - System Checkpoint
RP236: 2/24/2011 7:03:31 PM - System Checkpoint
RP237: 2/25/2011 9:54:41 AM - Software Distribution Service 3.0
RP238: 2/26/2011 10:31:06 AM - System Checkpoint
RP239: 2/27/2011 12:21:14 PM - System Checkpoint
RP240: 2/28/2011 1:43:46 PM - System Checkpoint
RP241: 3/1/2011 2:28:25 PM - System Checkpoint
RP242: 3/2/2011 10:50:44 PM - System Checkpoint
RP243: 3/3/2011 10:56:38 PM - System Checkpoint
RP244: 3/5/2011 12:04:46 AM - System Checkpoint
RP245: 3/6/2011 3:29:28 AM - System Checkpoint
RP246: 3/7/2011 1:41:41 PM - System Checkpoint
RP247: 3/8/2011 2:14:38 PM - System Checkpoint
RP248: 3/9/2011 8:33:13 PM - System Checkpoint
RP249: 3/11/2011 1:57:22 AM - System Checkpoint
RP250: 3/12/2011 4:11:55 AM - System Checkpoint
RP251: 3/13/2011 6:28:01 AM - System Checkpoint
RP252: 3/14/2011 6:28:01 AM - System Checkpoint
RP253: 3/15/2011 7:15:29 AM - System Checkpoint
RP254: 3/16/2011 10:15:26 AM - System Checkpoint
RP255: 3/17/2011 3:01:37 PM - System Checkpoint
RP256: 3/18/2011 3:04:06 PM - System Checkpoint
RP257: 3/19/2011 12:30:05 PM - Software Distribution Service 3.0
RP258: 3/21/2011 12:10:08 AM - System Checkpoint
RP259: 3/22/2011 1:39:59 AM - System Checkpoint
RP260: 3/23/2011 2:05:30 AM - System Checkpoint
RP261: 3/24/2011 4:06:37 AM - System Checkpoint
RP262: 3/25/2011 4:49:01 AM - System Checkpoint
RP263: 3/26/2011 5:11:11 AM - System Checkpoint
RP264: 3/27/2011 2:12:11 PM - System Checkpoint
RP265: 3/29/2011 3:30:03 AM - System Checkpoint
RP266: 3/30/2011 4:57:56 AM - System Checkpoint
RP267: 3/31/2011 6:37:17 AM - System Checkpoint
RP268: 4/1/2011 9:01:14 AM - System Checkpoint
RP269: 4/1/2011 9:47:29 PM - Made by Registry Mechanic O
RP270: 4/1/2011 10:34:41 PM - Made by Registry Mechanic O
RP271: 4/3/2011 3:10:59 AM - System Checkpoint
RP272: 4/4/2011 4:13:38 AM - System Checkpoint
RP273: 4/5/2011 6:12:34 AM - System Checkpoint
RP274: 4/6/2011 6:24:34 AM - System Checkpoint
RP275: 4/7/2011 1:39:05 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP276: 4/8/2011 1:51:45 AM - System Checkpoint
RP277: 4/9/2011 3:28:36 AM - System Checkpoint
RP278: 4/10/2011 11:49:41 PM - System Checkpoint
RP279: 4/12/2011 3:30:05 AM - System Checkpoint
RP280: 4/13/2011 4:04:32 AM - System Checkpoint
RP281: 4/14/2011 5:03:26 AM - System Checkpoint
RP282: 4/15/2011 11:44:57 AM - System Checkpoint
RP283: 4/15/2011 2:04:08 PM - Software Distribution Service 3.0
RP284: 4/18/2011 12:19:36 AM - System Checkpoint
RP285: 4/19/2011 12:39:26 AM - System Checkpoint
RP286: 4/20/2011 2:50:27 AM - System Checkpoint
RP287: 4/21/2011 3:54:58 AM - System Checkpoint
RP288: 4/22/2011 4:02:17 PM - System Checkpoint
RP289: 4/25/2011 12:57:31 AM - System Checkpoint
RP290: 4/26/2011 1:21:52 AM - System Checkpoint
RP291: 4/27/2011 2:22:11 AM - System Checkpoint
RP292: 4/28/2011 2:51:19 AM - System Checkpoint
RP293: 4/28/2011 9:37:03 AM - Software Distribution Service 3.0
RP294: 4/29/2011 11:22:35 AM - System Checkpoint
RP295: 5/1/2011 10:15:41 PM - System Checkpoint
RP296: 5/3/2011 7:15:15 PM - System Checkpoint
RP297: 5/4/2011 11:05:36 PM - System Checkpoint
RP298: 5/5/2011 11:40:35 PM - System Checkpoint
RP299: 5/9/2011 1:12:28 AM - System Checkpoint
RP300: 5/10/2011 3:33:04 AM - System Checkpoint
RP301: 5/11/2011 4:25:45 AM - System Checkpoint
RP302: 5/11/2011 12:34:12 PM - Software Distribution Service 3.0
RP303: 5/12/2011 10:43:03 PM - System Checkpoint
RP304: 5/13/2011 10:50:13 PM - System Checkpoint
RP305: 5/15/2011 11:17:12 PM - System Checkpoint
RP306: 5/17/2011 4:56:41 AM - System Checkpoint
RP307: 5/18/2011 6:13:48 AM - System Checkpoint
RP308: 5/19/2011 7:20:46 AM - System Checkpoint
RP309: 5/20/2011 8:38:43 AM - System Checkpoint
RP310: 5/22/2011 10:57:16 PM - System Checkpoint
RP311: 5/23/2011 11:52:52 PM - System Checkpoint
RP312: 5/25/2011 1:10:06 AM - System Checkpoint
RP313: 5/26/2011 1:47:20 AM - System Checkpoint
RP314: 5/26/2011 7:55:28 PM - Made by Registry Mechanic O
RP315: 5/26/2011 8:02:32 PM - Made by Registry Mechanic O
RP316: 5/27/2011 8:53:13 PM - System Checkpoint
RP317: 5/29/2011 11:00:44 PM - System Checkpoint
RP318: 5/30/2011 11:39:30 PM - System Checkpoint
RP319: 6/1/2011 12:35:43 AM - System Checkpoint
RP320: 6/2/2011 1:09:32 AM - System Checkpoint
RP321: 6/3/2011 1:58:43 AM - System Checkpoint
RP322: 6/4/2011 4:17:04 AM - System Checkpoint
RP323: 6/5/2011 5:39:47 AM - System Checkpoint
RP324: 6/6/2011 7:45:28 AM - System Checkpoint
RP325: 6/7/2011 9:42:13 AM - System Checkpoint
RP326: 6/20/2011 7:17:38 PM - System Checkpoint
RP327: 6/21/2011 8:48:22 PM - System Checkpoint
RP328: 6/22/2011 11:33:59 PM - System Checkpoint
RP329: 6/23/2011 9:56:52 PM - Made by Registry Mechanic O
RP330: 6/23/2011 9:57:34 PM - Made by Registry Mechanic O
RP331: 6/25/2011 11:25:33 PM - System Checkpoint
RP332: 6/26/2011 10:29:06 AM - Software Distribution Service 3.0
RP333: 6/27/2011 10:45:20 AM - System Checkpoint
RP334: 6/28/2011 1:59:59 PM - System Checkpoint
RP335: 6/29/2011 2:53:54 PM - System Checkpoint
RP336: 6/30/2011 11:23:20 PM - System Checkpoint
RP337: 7/1/2011 11:29:28 PM - System Checkpoint
RP338: 7/2/2011 9:56:37 AM - Made by Registry Mechanic O
RP339: 7/2/2011 10:15:24 AM - Made by Registry Mechanic O
RP340: 7/4/2011 3:26:37 PM - System Checkpoint
RP341: 7/5/2011 4:46:38 PM - System Checkpoint
RP342: 7/13/2011 3:32:00 PM - System Checkpoint
RP343: 7/14/2011 1:16:33 AM - Software Distribution Service 3.0
RP344: 7/15/2011 5:43:42 PM - System Checkpoint
RP345: 7/16/2011 5:56:25 PM - System Checkpoint
RP346: 7/18/2011 6:24:34 PM - System Checkpoint
RP347: 7/19/2011 9:29:07 PM - System Checkpoint
RP348: 7/21/2011 1:36:11 PM - System Checkpoint
RP349: 7/22/2011 2:05:34 PM - System Checkpoint
RP350: 7/25/2011 1:55:26 AM - System Checkpoint
RP351: 7/26/2011 2:36:59 AM - System Checkpoint
RP352: 7/27/2011 3:07:13 AM - System Checkpoint
RP353: 7/28/2011 2:11:11 PM - System Checkpoint
RP354: 7/29/2011 12:43:56 AM - Removed calibre
RP355: 7/29/2011 11:46:32 AM - Restore Operation
RP356: 7/29/2011 11:59:10 AM - Restore Operation
RP357: 7/29/2011 1:12:38 PM - Made by Registry Mechanic O
RP358: 8/1/2011 12:28:41 AM - Made by Registry Mechanic O
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Photoshop 7.0
Adobe Reader X (10.0.1)
AIO_Scan
Ancient Secrets
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AutoDWG DWG to PDF Converter
Big Fish Games: Game Manager
Black Buccaneer
Bluetooth by hp
Bonjour
Broadcom 802.11 Driver
Browser Defender 3.0
BufferChm
C5200
C5200_doccd
c5200_Help
calibre
CCleaner
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
Copy
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
ERUNT 1.1j
eSupportQFolder
Fax
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981793)
HP Dual TV Tuner / Digital Video Recorder Driver
HP Help and Support
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Smart Web Printing
HP Solution Center 9.0
HPProductAssistant
InterVideo WinDVD
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java™ 6 Update 23
LibUSB-Win32-0.1.12.1
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 3.5 - SE
Nancy Drew: Treasure in the Royal Tower
NTI Backup Now EZ
OpenOffice.org 3.2
Pandora
PanoStandAlone
Paradise
Physicus ¥07
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
Quick Launch Buttons 5.00 C2
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Registry Mechanic 10.0
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
SolutionCenter
Sonic RecordNow!
Sonic Update Manager
Spyware Doctor with AntiVirus 8.0
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
The Mystery of the Mary Celeste
TIxx21/x515
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
VBA (2627.01)
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Media Center Edition 2005 KB973768
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 12:04:07 AM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid.
8/8/2011 12:04:07 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The system cannot find the file specified.
8/8/2011 12:04:07 AM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid.
8/8/2011 12:04:07 AM, error: Service Control Manager [7000] - The AFD service failed to start due to the following error: The system cannot find the file specified.
8/8/2011 12:04:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cdrom Imapi IPSec redbook Tcpip TfFsMon TfSysMon
8/8/2011 12:04:05 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
8/8/2011 12:04:05 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 12:04:05 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 12:04:05 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 12:04:05 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/8/2011 12:02:24 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
8/2/2011 9:44:04 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
8/2/2011 9:03:09 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
8/2/2011 8:53:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/2/2011 7:25:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/2/2011 6:59:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/2/2011 6:07:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD TfFsMon TfSysMon
8/2/2011 6:07:18 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
8/2/2011 6:07:18 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
8/2/2011 6:07:18 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
8/2/2011 6:07:18 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
8/2/2011 6:07:18 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952450
8/2/2011 6:07:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 6:07:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/2/2011 6:07:18 PM, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: Access is denied.
8/2/2011 6:07:18 PM, error: Service Control Manager [7000] - The PC Tools Auxiliary Service service failed to start due to the following error: Access is denied.
8/2/2011 6:07:18 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: Access is denied.
8/2/2011 10:29:01 PM, error: Workstation [5727] - Could not load RDR device driver.
8/2/2011 10:29:01 PM, error: Workstation [5727] - Could not load MRxSmb device driver.
8/2/2011 10:01:39 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
8/1/2011 11:01:48 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: The specified driver is invalid.
8/1/2011 11:01:48 PM, error: Service Control Manager [7000] - The AFD service failed to start due to the following error: The specified driver is invalid.
.
==== End Of File ===========================



The computer says the "Home" is connected at 54Mbps and the connection is excellent. 25 packets have been sent and 12 received, but the browsers can't find any pages and return a "Server not found" error.

I await your reply with anticipation...

Thanks.

#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 10 August 2011 - 04:07 PM

We need to find a way to repair your internet connection.

I need you to do another scan with another tool to collect some information on the matter.




  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 90 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    mrxsmb.sys
    ipsec.sys
    afd.sys
    netbt.sys
    redbook.sys
    ipsec.badsys
    mrxsmb.badsys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys
    HKLM\System\CurrentControlSet\Services /S
    HKLM\System\ControlSet001\Services /S
    ipconfig /all /c

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please attach both these files in your next reply.(They will be long and won't fit in one post.)

Edited by heir, 10 August 2011 - 04:08 PM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 10 August 2011 - 06:11 PM

Downloaded OTL and the custom scan info to the flash drive and transferred to the the desktop. Checked the boxes requested and pasted the info and clicked "Run Scan".

Edited by scott_ph, 11 August 2011 - 01:01 PM.


#6 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 10 August 2011 - 06:14 PM

OTL Text log Part 2 - it won't let me upload, so I'll add the Extras file and wait for you to tell me what to do about the second half of the OTL file...(which, true to form, will have the information you need in it...) Attached File  Extras.Txt   39.43KB   1 downloads

#7 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 11 August 2011 - 01:31 AM

The files are to large.

Please zip the complete OTL.txt and attach it in your reply. (You'll need to remove the attachment of OTL Pt1.txt to able to attach the zipped file)

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#8 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 August 2011 - 01:03 PM

Zip the file...oh...yeah...<facepalm>Attached File  OTL.zip   141.48KB   3 downloads

Thanks for your patience..

#9 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 11 August 2011 - 01:24 PM

No problem. :wink:

Please double-click on ComboFix.exe to run it again and post the content of C:\ComboFix.txt in your reply.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#10 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 August 2011 - 02:04 PM

Combofix log, second run


ComboFix 11-08-09.02 - Scott Philo 08/11/2011 13:47:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1671 [GMT -5:00]
Running from: c:\documents and settings\Scott Philo\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-10 18:50 . 2004-08-10 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-08-10 18:50 . 2004-08-10 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-03 03:01 . 2011-08-03 03:01 -------- d-----w- C:\_OTM
2011-08-03 02:56 . 2011-08-03 02:57 -------- d-----w- c:\program files\ERUNT
2011-08-03 00:18 . 2011-08-03 00:18 -------- d-----w- c:\documents and settings\Administrator
2011-08-03 00:18 . 2011-08-03 00:18 -------- d--h--w- c:\windows\PIF
2011-08-02 23:21 . 2011-07-30 07:48 1404208 ----a-w- C:\tdsskiller.exe
2011-07-30 07:51 . 2011-08-08 05:01 44560 --sha-w- c:\windows\system32\c_30565.nl_
2011-07-30 07:15 . 2011-08-03 03:23 -------- d-----w- C:\Kaspersky
2011-07-29 18:27 . 2011-07-29 18:27 -------- d-----w- c:\program files\CCleaner
2011-07-29 17:43 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-29 17:43 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-29 17:43 . 2011-01-07 19:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-29 17:43 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-29 17:37 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-29 17:37 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-29 17:37 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-29 17:37 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-29 17:37 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-29 17:37 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-29 17:37 . 2011-07-29 17:43 -------- d-----w- c:\program files\PC Tools Security
2011-07-29 17:37 . 2011-07-29 17:37 -------- d-----w- c:\documents and settings\Scott Philo\Application Data\PC Tools
2011-07-29 17:01 . 2011-07-29 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\windows\system32\shxfont
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\windows\system32\PS
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\program files\Calibre2
2011-07-29 16:28 . 2011-07-29 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareII
2011-07-19 02:45 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-19 02:45 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-18 05:17 . 2011-07-18 05:17 -------- d-----w- c:\documents and settings\Scott Philo\Application Data\Merscom
2011-07-18 05:17 . 2011-07-18 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2011-07-17 06:14 . 2011-07-17 06:16 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2011-07-17 05:52 . 2011-07-17 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-07-17 05:52 . 2011-07-17 05:53 -------- d-----w- c:\program files\bfgclient
2011-07-17 05:51 . 2011-07-17 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 02:44 . 2010-10-11 19:05 908032 ----a-w- c:\windows\system32\drivers\mrxsmb.badsys
2011-08-03 01:58 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\drivers\ipsec.badsys
2011-07-07 00:52 . 2010-07-02 21:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-07-02 21:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-10_19.09.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 04:46 . 2011-08-10 19:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-02 04:46 . 2011-08-08 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-10 19:22 . 2011-08-10 19:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-05-02 04:46 . 2011-08-08 05:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-11 18:42 . 2011-08-11 18:42 311296 c:\windows\ERDNT\AutoBackup\8-11-2011\Users\00000002\UsrClass.dat
+ 2011-08-11 18:42 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-11-2011\ERDNT.EXE
+ 2011-08-11 18:42 . 2011-08-11 18:42 3198976 c:\windows\ERDNT\AutoBackup\8-11-2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-09-11 98395]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-09-11 684123]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-19 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
c:\documents and settings\Scott Philo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-28 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Scott Philo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/29/2011 12:37 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [7/29/2011 12:37 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [7/29/2011 12:37 PM 656320]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/29/2011 12:43 PM 247760]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 8:04 AM 45312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/21/2010 1:16 PM 632792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [9/7/2010 2:11 PM 28672]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 12:23 AM 136176]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/29/2011 12:37 PM 366840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 12:23 AM 136176]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 05:23]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 05:23]
.
2011-08-11 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-02-08 18:26]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scott Philo\Application Data\Mozilla\Firefox\Profiles\n7lpo8hp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 13:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?2?4?6??????? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.mrxsmb]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(428)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3304)
c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll
.
Completion time: 2011-08-11 13:59:14
ComboFix-quarantined-files.txt 2011-08-11 18:59
ComboFix2.txt 2011-08-10 19:13
.
Pre-Run: 94,677,405,696 bytes free
Post-Run: 94,665,920,512 bytes free
.
- - End Of File - - 2667EDC903229CAFFA390BA72311B34E

#11 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 11 August 2011 - 02:50 PM

Let's see if this brings back your internet connection.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

FCopy::
C:\WINDOWS\system32\dllcache\afd.sys | C:\WINDOWS\system32\drivers\afd.sys
C:\WINDOWS\system32\dllcache\ipsec.sys | C:\WINDOWS\system32\drivers\ipsec.sys

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#12 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 August 2011 - 03:36 PM

CFScript log -


ComboFix 11-08-09.02 - Scott Philo 08/11/2011 15:19:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1647 [GMT -5:00]
Running from: c:\documents and settings\Scott Philo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Scott Philo\Desktop\CFScript.txt
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\afd.sys --> c:\windows\system32\drivers\afd.sys
c:\windows\system32\dllcache\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 20:19 . 2008-08-14 09:51 138368 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-08-11 20:19 . 2008-08-14 09:51 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-10 18:50 . 2004-08-10 12:00 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-08-10 18:50 . 2004-08-10 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-03 03:01 . 2011-08-03 03:01 -------- d-----w- C:\_OTM
2011-08-03 02:56 . 2011-08-03 02:57 -------- d-----w- c:\program files\ERUNT
2011-08-03 00:18 . 2011-08-03 00:18 -------- d-----w- c:\documents and settings\Administrator
2011-08-03 00:18 . 2011-08-03 00:18 -------- d--h--w- c:\windows\PIF
2011-08-02 23:21 . 2011-07-30 07:48 1404208 ----a-w- C:\tdsskiller.exe
2011-07-30 07:51 . 2011-08-08 05:01 44560 --sha-w- c:\windows\system32\c_30565.nl_
2011-07-30 07:15 . 2011-08-03 03:23 -------- d-----w- C:\Kaspersky
2011-07-29 18:27 . 2011-07-29 18:27 -------- d-----w- c:\program files\CCleaner
2011-07-29 17:43 . 2011-01-07 19:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-29 17:43 . 2011-01-07 19:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-29 17:43 . 2011-01-07 19:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-29 17:43 . 2011-01-07 19:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-29 17:37 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-07-29 17:37 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-07-29 17:37 . 2011-01-17 14:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-07-29 17:37 . 2010-12-10 21:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-07-29 17:37 . 2010-12-10 18:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-07-29 17:37 . 2010-12-16 13:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-07-29 17:37 . 2011-07-29 17:43 -------- d-----w- c:\program files\PC Tools Security
2011-07-29 17:37 . 2011-07-29 17:37 -------- d-----w- c:\documents and settings\Scott Philo\Application Data\PC Tools
2011-07-29 17:01 . 2011-07-29 17:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\windows\system32\shxfont
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\windows\system32\PS
2011-07-29 17:00 . 2011-07-29 17:00 -------- d-----w- c:\program files\Calibre2
2011-07-29 16:28 . 2011-07-29 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareII
2011-07-19 02:45 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-07-19 02:45 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-07-18 05:17 . 2011-07-18 05:17 -------- d-----w- c:\documents and settings\Scott Philo\Application Data\Merscom
2011-07-18 05:17 . 2011-07-18 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2011-07-17 06:14 . 2011-07-17 06:16 -------- d-----w- c:\program files\The Mystery of the Mary Celeste
2011-07-17 05:52 . 2011-07-17 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Big Fish Games
2011-07-17 05:52 . 2011-07-17 05:53 -------- d-----w- c:\program files\bfgclient
2011-07-17 05:51 . 2011-07-17 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 02:44 . 2010-10-11 19:05 908032 ----a-w- c:\windows\system32\drivers\mrxsmb.badsys
2011-08-03 01:58 . 2004-08-10 12:00 149504 ----a-w- c:\windows\system32\drivers\ipsec.badsys
2011-07-07 00:52 . 2010-07-02 21:05 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-07-02 21:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-10_19.09.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-02 04:46 . 2011-08-10 19:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-02 04:46 . 2011-08-08 05:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-11 18:42 . 2011-08-11 18:42 311296 c:\windows\ERDNT\AutoBackup\8-11-2011\Users\00000002\UsrClass.dat
+ 2011-08-11 18:42 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-11-2011\ERDNT.EXE
+ 2011-08-11 18:42 . 2011-08-11 18:42 3198976 c:\windows\ERDNT\AutoBackup\8-11-2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-09-11 98395]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-09-11 684123]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-19 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2009-09-19 562944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-01-07 108496]
.
c:\documents and settings\Scott Philo\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-4-28 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-6-2 565309]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 03:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Scott Philo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/29/2011 12:37 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [7/29/2011 12:37 PM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [7/29/2011 12:37 PM 656320]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [7/29/2011 12:43 PM 247760]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/19/2009 8:04 AM 45312]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/21/2010 1:16 PM 632792]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [9/7/2010 2:11 PM 28672]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 12:23 AM 136176]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [7/29/2011 12:37 PM 366840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2011 12:23 AM 136176]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 05:23]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-19 05:23]
.
2011-08-11 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-02-08 18:26]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Scott Philo\Application Data\Mozilla\Firefox\Profiles\n7lpo8hp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\PC Tools Security\BDT\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 15:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?2?4?6??P???? ???B?????????????H<C? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.mrxsmb]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(424)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3152)
c:\program files\NewTech Infosystems\Backup Now EZ\Pehook.dll
.
Completion time: 2011-08-11 15:32:16
ComboFix-quarantined-files.txt 2011-08-11 20:32
ComboFix2.txt 2011-08-11 18:59
ComboFix3.txt 2011-08-10 19:13
.
Pre-Run: 94,637,625,344 bytes free
Post-Run: 94,629,056,512 bytes free
.
- - End Of File - - 8E698365D0E76C3863F15AD942EFBB21

#13 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 11 August 2011 - 04:26 PM

Is your internet connection restored?

If not reboot the computer and check again. Restored?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#14 scott_ph

scott_ph
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 11 August 2011 - 05:08 PM

I'm responding to your last post from my own computer, now successfully connected to the Internet.

I was down in the shop doing some work when I got the notification you had posted. I had left this computer running after I ran the CFScript and when I returned, there was message on the desktop that the bluetooth driver was preventing the computer from entering standby mode. When I tried to reboot, it wouldn't. I tried shutting down, it wouldn't. Some of the items from the tray disappeared, but the computer wouldn't shut down. I help down the power button and restarted it. If it hangs up again, I'll let you know. Since the script performed some esoteric, magical function that I can't comprehend, I'll assume you know what's going on and it was one of those Windows "things" that resets itself after reboot.

(and it's nice to be off the Mac...it's humiliating having to ask where the Notepad is...=)

#15 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 11 August 2011 - 05:12 PM

Good!

There is more work to be done.
However it's late here.
I'll get some sleep and get back to you tomorrow.

Edited by heir, 11 August 2011 - 05:13 PM.
grammar

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users