Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing virus definition vptray exe - Windows XP


  • This topic is locked This topic is locked
12 replies to this topic

#1 meenzie

meenzie

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 21 October 2011 - 09:36 AM

Hi there,
i had a virus infection and manage to remove them via malwarebytes in safe mode.
I have than restarted the machine and getting the message that missing virus definition vptray exe - the oridinal 1109 missing.

DSS Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2008 04:52:07
System Uptime: 21/10/2011 14:00:03 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30DC
Processor: Intel Pentium III Xeon processor | Intel® Genuine processor | 2660/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 156 GiB total, 73.013 GiB free.
D: is FIXED (NTFS) - 77 GiB total, 73.595 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VPN-1 SecureClient Adapter
Device ID: ROOT\NET\0000
Manufacturer: Check Point
Name: VPN-1 SecureClient Adapter
PNP Device ID: ROOT\NET\0000
Service: OMVA
.
==== System Restore Points ===================
.
RP6: 31/07/2011 02:27:18 - System Checkpoint
RP7: 01/08/2011 19:31:04 - System Checkpoint
RP8: 04/08/2011 18:43:33 - System Checkpoint
RP9: 24/08/2011 20:00:49 - System Checkpoint
RP10: 03/09/2011 14:52:27 - Installed iTunes
RP11: 13/09/2011 21:14:11 - System Checkpoint
RP12: 15/09/2011 20:44:56 - System Checkpoint
RP13: 17/09/2011 11:48:24 - System Checkpoint
RP14: 18/09/2011 13:36:31 - System Checkpoint
RP15: 22/09/2011 09:10:55 - System Checkpoint
RP16: 24/09/2011 16:00:41 - System Checkpoint
RP17: 29/09/2011 12:08:42 - System Checkpoint
RP18: 01/10/2011 12:16:47 - System Checkpoint
RP19: 03/10/2011 16:50:35 - System Checkpoint
RP20: 05/10/2011 08:52:44 - System Checkpoint
RP21: 10/10/2011 23:51:57 - System Checkpoint
RP22: 13/10/2011 00:30:32 - System Checkpoint
RP23: 14/10/2011 03:47:44 - System Checkpoint
RP24: 15/10/2011 04:24:18 - System Checkpoint
RP25: 16/10/2011 04:26:11 - System Checkpoint
RP26: 17/10/2011 05:32:37 - System Checkpoint
RP27: 18/10/2011 22:00:50 - System Checkpoint
RP28: 19/10/2011 22:46:40 - System Checkpoint
RP29: 20/10/2011 23:44:15 - System Checkpoint
RP30: 21/10/2011 14:10:38 - Removed Adobe Reader 8.1.3
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
ActivClient 6.1 x86
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Audible Download Manager
AuthenTec Fingerprint System
Betfair Poker
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Check Point VPN-1 SecureClient NG_AI_R56
Citrix Endpoint Analysis Plugin
Connect
Credential Manager for HP ProtectTools
CutePDF Writer 2.7
dj_sf_software_req
Drive Encryption for HP ProtectTools
Embedded Security for HP ProtectTools Driver
Google Talk (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP 3D DriveGuard
HP Deskjet Printer Driver Software 9.0
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Webcam
ImTOO Audio Maker
ImTOO DVD Copy Express
ImTOO DVD Creator
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® Active Management Technology
Intel® Matrix Storage Manager
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java™ 6 Update 20
K-Lite Codec Pack 5.8.3 (Basic)
kuler
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Standard 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Visio Standard 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 7 Premium
neroxml
NetScreen-Remote
Octoshape Streaming Services
ParetoLogic Data Recovery
PDF Settings CS4
Photomatix Pro version 4.0.2
Photoshop Camera Raw
QuickTime
Rapport
RICOH R5C853 Media Driver Ver.1.02.00.09
SAP Active Components Framework
SAP Front End
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skins
Skype™ 5.3
SoundMAX
Suite Shared Configuration CS4
Symantec AntiVirus
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VirtualLab Client 5.7.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Vodafone Mobile Connect Lite
VoipCheapCom
WebEx
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR archiver
WinZip
XEAN Extranet Access Client
Yahoo! Messenger
YouTube Downloader 2.5.5
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
21/10/2011 12:05:25, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
21/10/2011 11:53:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/10/2011 11:52:44, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm RsvLock SAVRT SAVRTPEL SPBBCDrv SYMTDI
21/10/2011 11:48:51, error: Service Control Manager [7024] - The Computer Browser service terminated with service-specific error 2102 (0x836).
21/10/2011 11:47:37, error: Workstation [3870] - . is not a valid computer name.
21/10/2011 11:46:24, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The filename, directory name, or volume label syntax is incorrect.
21/10/2011 11:46:24, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The filename, directory name, or volume label syntax is incorrect.
21/10/2011 11:44:58, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
21/10/2011 11:35:08, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: Access is denied.
21/10/2011 11:35:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
21/10/2011 11:35:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SavRoam service to connect.
21/10/2011 11:35:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Check Point SecuRemote Service service to connect.
21/10/2011 11:35:07, error: Service Control Manager [7001] - The Net Logon service depends on the Workstation service which failed to start because of the following error: The filename, directory name, or volume label syntax is incorrect.
21/10/2011 11:35:07, error: Service Control Manager [7000] - The Remote Connections Service service failed to start due to the following error: The system cannot find the file specified.
21/10/2011 11:35:07, error: Service Control Manager [7000] - The Nortel Extranet Access Protocol service failed to start due to the following error: The system cannot find the file specified.
21/10/2011 11:04:49, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "G:\Meens_Adobe\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
21/10/2011 09:21:35, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a.
18/10/2011 16:18:05, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 002481F73D9A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
18/10/2011 14:49:55, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================


DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by mthevi at 14:45:01 on 2011-10-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1411 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
c:\SvcTools\6.8\bin\lnchr.exe
c:\SvcTools\pkg\swmeter\swmeter.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\SvcTools\6.8\bin\lnchr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uWindow Title = Windows Internet Explorer provided by Axon Solutions Ltd.
uInternet Settings,ProxyServer = hxxp://http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [sosdxllt] c:\documents and settings\mthevi.axon\local settings\application data\uuwgmgdhq\hxepdbwshdw.exe
uRun: [VoipCheapCom] "c:\program files\voipcheapcom.com\voipcheapcom\VoipCheapCom.exe" -nosplash -minimized
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SMA6.8] c:\svctools\6.8\bin\lnchr.exe --context=user --control-dir=c:\svctools\6.8\ctrl
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [sosdxllt] c:\documents and settings\mthevi.axon\local settings\application data\uuwgmgdhq\hxepdbwshdw.exe
mRun: [dnscacheprop.exe] "c:\windows\system32\config\systemprofile\local settings\application data\dnscacheprop.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netscr~1.lnk - c:\program files\juniper\netscreen-remote\SafeCfg.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\provappbridge.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: axonglobal.com\support
Trusted Zone: sap-ag.de\websmp202
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274173809250
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://axonit.webex.com/client/T26L/support/ieatgpc.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0403D2AB-3DCF-449C-ABD7-71F1E0C450DC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7389769D-535A-410F-ABD5-A744DE6946BB} : DhcpNameServer = 10.203.65.70 10.203.65.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mthevi.axon\application data\mozilla\firefox\profiles\3t9cuqng.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - plugin: c:\documents and settings\mthevi.axon\application data\mozilla\plugins\npCtxCAO.dll
FF - plugin: c:\documents and settings\mthevi.axon\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {ff8a2039-286d-8344-72e2-5eaa0bc2a824} - c:\program files\mozilla firefox\extensions\{ff8a2039-286d-8344-72e2-5eaa0bc2a824}
FF - Ext: XULRunner: {02E63755-F2FD-4F27-9E27-A31FDA6A577C} - c:\documents and settings\mthevi.axon\local settings\application data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-14 64512]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-6-5 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-5 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-5 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-11-24 24064]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2008-11-24 138296]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-5 12496]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-15 1176824]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2008-11-24 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-6-5 256512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2152152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [2008-11-24 17424]
R2 SMA6.8;Software Management Agent 6.8;c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl --> c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl [?]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.EXE [2008-11-24 2058776]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-11-24 670128]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2008-11-24 29184]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-24 244368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-9-17 26137]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-30 105592]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-11-24 2041744]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-29 38224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111019.003\naveng.sys [2011-10-20 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111019.003\navex15.sys [2011-10-20 1576312]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-11-24 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-16 115952]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-16 1799408]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-24 193840]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-9 112640]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\xerox external access network\Extranet_serv.exe [2009-9-17 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-9-17 155152]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [2008-11-24 14924]
S3 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-21 15:31:17 16432 ----a-w- c:\windows\system32\lsdelete.exe
.
==================== Find3M ====================
.
2011-09-07 18:52:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:46:18.95 ===============


GMEX txt is as follows
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-21 15:31:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FCDO
Running: gmer.exe; Driver: C:\DOCUME~1\MTHEVI~1.AXO\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xAD377E26]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwClose [0xAA14AB6F]
SSDT 89BB5AE8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwCreateDirectoryObject [0xAA14AB9B]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwCreateFile [0xAA14ABCF]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwCreateKey [0xAA14AC23]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xAD378864]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwDeleteKey [0xAA14AC67]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xAD37C0B8]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwEnumerateKey [0xAA14AC93]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwEnumerateValueKey [0xAA14ACD3]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwFlushKey [0xAA14AD13]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xAD37C21A]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwMakeTemporaryObject [0xAA14AD3F]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwMapViewOfSection [0xAA14AD6B]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xAD3787C8]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwOpenKey [0xAA14ADBB]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xAD377F6A]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwOpenSection [0xAA14ADEF]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xAD37815C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xAD37828E]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwQueryInformationFile [0xAA14AE23]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwQueryKey [0xAA14AE5F]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwQueryValueKey [0xAA14AE9B]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwReadFile [0xAA14AEDB]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xAD37C0FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xAD37C12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xAD37C15E]
SSDT 89FD6850 ZwResumeThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xAD377DCC]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwSetInformationFile [0xAA14AF27]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwSetInformationThread [0xAA14AF63]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwSetValueKey [0xAA14AF9B]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xAD377D68]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xAD377CBC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xAD377D04]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwUnmapViewOfSection [0xAA14AFDB]
SSDT \??\C:\WINDOWS\system32\Drivers\Crypto.sys (SafeNet Crypto Driver/SafeNet) ZwWriteFile [0xAA14B00B]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C60 805044FC 4 Bytes [E8, 5A, BB, 89]
? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF0BA9000, 0x18A3B6, 0xE8000020]
.text netbt.sys!n_uvpkundadCKQ__NZW AD44F000 77 Bytes [89, 01, 81, 7D, 10, 16, 00, ...]
.text netbt.sys!n_uvpkundadCKQ__NZW + 4E AD44F04E 14 Bytes [47, 18, 8B, 70, 0C, 85, F6, ...]
.text netbt.sys!n_uvpkundadCKQ__NZW + 5E AD44F05E 258 Bytes [8B, 46, 08, 3D, 43, 6F, 6E, ...]
.text netbt.sys!n_uvpkundadCKQ__NZW + 161 AD44F161 159 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text netbt.sys!n_uvpkundadCKQ__NZW + 201 AD44F201 15 Bytes [76, 68, FF, 73, 64, FF, 53, ...]
.text ...
.text netbt.sys!TONl_vq_nETGAYRP__PH_ + 15F AD44F3E8 28 Bytes [66, 83, 7E, 1C, 02, 75, 16, ...]
.text netbt.sys!TONl_vq_nETGAYRP__PH_ + 17C AD44F405 666 Bytes [8B, 47, 48, 89, 4F, 3C, 89, ...]
.text netbt.sys!LWRLKC_ijbuq_tkedoxrkjkn_anF_Y__D + 18F AD44F6A0 13 Bytes [C7, 01, 0E, 00, 66, C7, 41, ...]
.text netbt.sys!LWRLKC_ijbuq_tkedoxrkjkn_anF_Y__D + 19D AD44F6AE 199 Bytes [51, 06, 83, 03, 12, 8B, 4D, ...]
.text netbt.sys!LWRLKC_ijbuq_tkedoxrkjkn_anF_Y__D + 265 AD44F776 245 Bytes [00, 00, 0F, 95, C0, 40, 50, ...]
.text netbt.sys!xesaxl_fyz__jzgco__u_huq_lhc__mc_x_rnywo___c_bs_bmmxw + E3 AD44F86D 179 Bytes [23, 48, 40, 23, 50, 44, 0B, ...]
.text netbt.sys!xesaxl_fyz__jzgco__u_huq_lhc__mc_x_rnywo___c_bs_bmmxw + 197 AD44F921 199 Bytes [1D, 74, 0A, 80, 7D, FB, 01, ...]
.text netbt.sys!xesaxl_fyz__jzgco__u_huq_lhc__mc_x_rnywo___c_bs_bmmxw + 25F AD44F9E9 97 Bytes [8B, 10, 89, 15, 78, 98, 46, ...]
.text netbt.sys!xesaxl_fyz__jzgco__u_huq_lhc__mc_x_rnywo___c_bs_bmmxw + 2C1 AD44FA4B 37 Bytes JMP AD44FBE4 \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation)
.text netbt.sys!xesaxl_fyz__jzgco__u_huq_lhc__mc_x_rnywo___c_bs_bmmxw + 2E7 AD44FA71 39 Bytes [8B, EC, 51, 53, 56, 57, BF, ...]
.text ...
.text netbt.sys!n__xq__iK__Umd_ghkhqk_cxndG_K_O_VMi_dmax__zhttfqmb + 1E7 AD450B41 117 Bytes [5E, C9, C2, 08, 00, 90, 90, ...]
.text netbt.sys!n__xq__iK__Umd_ghkhqk_cxndG_K_O_VMi_dmax__zhttfqmb + 25D AD450BB7 8 Bytes [8C, 99, 46, AD, 0F, 84, 5E, ...]
.text netbt.sys!n__xq__iK__Umd_ghkhqk_cxndG_K_O_VMi_dmax__zhttfqmb + 267 AD450BC1 104 Bytes [57, 8B, 7D, 20, 85, FF, 74, ...]
.text netbt.sys!XYLEUohsa__vlgx_cq_ujc_ciiSQ__BZXNv_ + 10 AD450C2A 365 Bytes [0C, 89, 7E, 14, 8D, 7E, 38, ...]
.text netbt.sys!XYLEUohsa__vlgx_cq_ujc_ciiSQ__BZXNv_ + 17E AD450D98 109 Bytes [AD, 8B, 47, 34, 85, C0, 89, ...]
.text netbt.sys!XYLEUohsa__vlgx_cq_ujc_ciiSQ__BZXNv_ + 1EC AD450E06 89 Bytes [41, 50, 50, FF, 75, FC, E8, ...]
.text netbt.sys!XYLEUohsa__vlgx_cq_ujc_ciiSQ__BZXNv_ + 246 AD450E60 220 Bytes [4E, 10, 33, FF, 3B, CF, C7, ...]
.text netbt.sys!EE_e_ie__z_H_T___NQ_LQZBH_S_JRh_ + A3 AD450F3D 20 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text netbt.sys!EE_e_ie__z_H_T___NQ_LQZBH_S_JRh_ + B8 AD450F52 42 Bytes [98, 90, 00, 00, 00, 57, 8B, ...]
.text netbt.sys!EE_e_ie__z_H_T___NQ_LQZBH_S_JRh_ + E5 AD450F7F 260 Bytes [89, 0F, 89, 79, 04, 8B, 4E, ...]
.text netbt.sys!EE_e_ie__z_H_T___NQ_LQZBH_S_JRh_ + 1EA AD451084 9 Bytes CALL ACF25721
.text netbt.sys!EE_e_ie__z_H_T___NQ_LQZBH_S_JRh_ + 1F4 AD45108E 215 Bytes [6C, 92, 46, AD, FF, 15, 70, ...]
.text netbt.sys!KJGPQs_rnyo_WEL__RZOG_UQUNOE_BR_F_OVSp + 21 AD451166 122 Bytes [4D, F8, 8B, 3D, 80, 90, 46, ...]
.text netbt.sys!KJGPQs_rnyo_WEL__RZOG_UQUNOE_BR_F_OVSp + 9C AD4511E1 195 Bytes [FD, 4C, 8B, 45, FC, 8B, C8, ...]
.text netbt.sys!KJGPQs_rnyo_WEL__RZOG_UQUNOE_BR_F_OVSp + 161 AD4512A6 92 Bytes [8B, 45, 0C, 3B, C3, 0F, 85, ...]
.text netbt.sys!KJGPQs_rnyo_WEL__RZOG_UQUNOE_BR_F_OVSp + 1BE AD451303 81 Bytes [00, 89, 30, EB, E9, 89, 18, ...]
.text netbt.sys!KJGPQs_rnyo_WEL__RZOG_UQUNOE_BR_F_OVSp + 210 AD451355 41 Bytes [04, 00, 00, C7, 46, 08, 00, ...]
.text ...
.text netbt.sys!zwarC_LWOUdG_IjpWz_kpsm_uHANBMKb_kyakslz_jmvbr_ + E AD451416 25 Bytes [45, 08, 8B, 40, 18, 53, 56, ...]
.text netbt.sys!zwarC_LWOUdG_IjpWz_kpsm_uHANBMKb_kyakslz_jmvbr_ + 28 AD451430 50 Bytes [08, BB, 43, 6F, 6E, 31, 3B, ...]
.text netbt.sys!zwarC_LWOUdG_IjpWz_kpsm_uHANBMKb_kyakslz_jmvbr_ + 5C AD451464 122 Bytes [83, F8, 09, 0F, 84, E9, A9, ...]
.text netbt.sys!zwarC_LWOUdG_IjpWz_kpsm_uHANBMKb_kyakslz_jmvbr_ + D7 AD4514DF 2 Bytes [30, 00] {XOR [EAX], AL}
.text netbt.sys!zwarC_LWOUdG_IjpWz_kpsm_uHANBMKb_kyakslz_jmvbr_ + DB AD4514E3 32 Bytes [8A, 55, 0B, 8B, 4D, FC, FF, ...]
.text ...
.text netbt.sys!nugwrso_letrq + 61 AD4522EA 362 Bytes [8B, 45, 0C, 6A, 07, 59, 89, ...]
.text netbt.sys!nugwrso_letrq + 1CC AD452455 136 Bytes [89, DC, 00, 00, 33, FF, 39, ...]
.text netbt.sys!nugwrso_letrq + 255 AD4524DE 6 Bytes [85, C0, 0F, 8C, 96, DC]
.text netbt.sys!nugwrso_letrq + 25D AD4524E6 167 Bytes [A1, 50, 99, 46, AD, 8B, 4D, ...]
.text netbt.sys!nugwrso_letrq + 305 AD45258E 46 Bytes [A4, 0F, B7, 45, CC, 83, F8, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification
? C:\DOCUME~1\MTHEVI~1.AXO\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[452] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 012279B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[452] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[452] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71510022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 71480022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71450022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!DialogBoxIndirectParamW 7E432072 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352076 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FF7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35203B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F83 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351FBD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3520B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201772 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 714B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[452] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 71650022
.text C:\Program Files\Internet Explorer\iexplore.exe[452] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352273 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71010022
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 71050022
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetCloseHandle 3D944261 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpAddRequestHeadersA 3D94632F 6 Bytes PUSH 713F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpOpenRequestA 3D94AA7B 6 Bytes PUSH 713C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetConnectA 3D94B0D2 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetConnectW 3D94C2C0 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpOpenRequestW 3D94C49A 6 Bytes PUSH 71390022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetQueryDataAvailable 3D951615 6 Bytes PUSH 71150022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetOpenA 3D953081 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpSendRequestA 3D953558 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetOpenW 3D9536B1 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetSetStatusCallback 3D957D7B 6 Bytes PUSH 710F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpSendRequestExW 3D958C49 6 Bytes PUSH 71300022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetWriteFile 3D958D5C 6 Bytes PUSH 710C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpSendRequestW 3D95FDF9 6 Bytes PUSH 712D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetReadFileExA 3D963384 6 Bytes PUSH 71120022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetGetCookieExA 3D963A49 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!HttpSendRequestExA 3D9AA92E 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[452] WININET.dll!InternetGetCookieA 3D9AC120 6 Bytes PUSH 71210022; RET
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[684] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414A50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[684] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[684] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[684] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3060] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00438CE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3060] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3060] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3060] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Tcpip \Device\RawIp Scap.sys (Check Point Software Technologies)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CXCJLK2J\dis[1].htm 9 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550 0 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\bckfg.tmp 800 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\cfg.ini 176 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\kwrd.dll 208896 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\L 0 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\L\mnggusum 162816 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\U 0 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\U\00000002.@ 209920 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB29347$\1658130550\U\80000032.@ 71168 bytes
File C:\WINDOWS\$NtUninstallKB29347$\2499993883 0 bytes

---- EOF - GMER 1.0.15 ----

svchost.exe seems to taking up 100 of the cpu

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 22 October 2011 - 11:44 AM

Hi,

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 meenzie

meenzie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 22 October 2011 - 06:29 PM

Hi,

TDS Killer log - TDSSKiller.2.6.12.0_22.10.2011_23.36.56_log.txt

23:36:57.0009 3548 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
23:36:57.0166 3548 ============================================================
23:36:57.0166 3548 Current date / time: 2011/10/22 23:36:57.0166
23:36:57.0166 3548 SystemInfo:
23:36:57.0166 3548
23:36:57.0166 3548 OS Version: 5.1.2600 ServicePack: 3.0
23:36:57.0166 3548 Product type: Workstation
23:36:57.0166 3548 ComputerName: .
23:36:57.0166 3548 UserName: mthevi
23:36:57.0166 3548 Windows directory: C:\WINDOWS
23:36:57.0166 3548 System windows directory: C:\WINDOWS
23:36:57.0166 3548 Processor architecture: Intel x86
23:36:57.0166 3548 Number of processors: 2
23:36:57.0166 3548 Page size: 0x1000
23:36:57.0166 3548 Boot type: Normal boot
23:36:57.0166 3548 ============================================================
23:36:57.0511 3548 Initialize success
23:37:00.0099 4896 ============================================================
23:37:00.0099 4896 Scan started
23:37:00.0099 4896 Mode: Manual;
23:37:00.0099 4896 ============================================================
23:37:00.0617 4896 Abiosdsk - ok
23:37:00.0648 4896 abp480n5 - ok
23:37:00.0695 4896 Accelerometer (a0c1821966de98dd7729e07fa31043ca) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
23:37:00.0695 4896 Accelerometer - ok
23:37:00.0805 4896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:37:00.0821 4896 ACPI - ok
23:37:00.0836 4896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:37:00.0868 4896 ACPIEC - ok
23:37:00.0899 4896 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
23:37:00.0899 4896 adfs - ok
23:37:00.0946 4896 ADIHdAudAddService (ff60db2aca88543c025eacba25cee5c1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
23:37:00.0946 4896 ADIHdAudAddService - ok
23:37:00.0978 4896 adpu160m - ok
23:37:00.0978 4896 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
23:37:00.0978 4896 AEAudio - ok
23:37:01.0025 4896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:37:01.0025 4896 aec - ok
23:37:01.0119 4896 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
23:37:01.0119 4896 AFD - ok
23:37:01.0228 4896 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23:37:01.0260 4896 AgereSoftModem - ok
23:37:01.0276 4896 Aha154x - ok
23:37:01.0291 4896 aic78u2 - ok
23:37:01.0323 4896 aic78xx - ok
23:37:01.0417 4896 AliIde - ok
23:37:01.0464 4896 amsint - ok
23:37:01.0511 4896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:37:01.0511 4896 Arp1394 - ok
23:37:01.0558 4896 asc - ok
23:37:01.0574 4896 asc3350p - ok
23:37:01.0574 4896 asc3550 - ok
23:37:01.0652 4896 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
23:37:01.0652 4896 Aspi32 - ok
23:37:01.0683 4896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:37:01.0699 4896 AsyncMac - ok
23:37:01.0730 4896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:37:01.0730 4896 atapi - ok
23:37:01.0746 4896 Atdisk - ok
23:37:01.0840 4896 ati2mtag (831c6ef1bf3300dae49637844e05da17) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:37:01.0856 4896 ati2mtag - ok
23:37:02.0044 4896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:37:02.0044 4896 Atmarpc - ok
23:37:02.0138 4896 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
23:37:02.0138 4896 ATSwpWDF - ok
23:37:02.0201 4896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:37:02.0201 4896 audstub - ok
23:37:02.0248 4896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:37:02.0248 4896 Beep - ok
23:37:02.0436 4896 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:37:02.0452 4896 BTKRNL - ok
23:37:02.0483 4896 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
23:37:02.0483 4896 BTWUSB - ok
23:37:02.0499 4896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:37:02.0515 4896 cbidf2k - ok
23:37:02.0546 4896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:37:02.0546 4896 CCDECODE - ok
23:37:02.0577 4896 cd20xrnt - ok
23:37:02.0703 4896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:37:02.0703 4896 Cdaudio - ok
23:37:02.0766 4896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:37:02.0766 4896 Cdfs - ok
23:37:02.0860 4896 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:37:02.0860 4896 Cdrom - ok
23:37:02.0875 4896 Changer - ok
23:37:02.0969 4896 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:37:02.0985 4896 CmBatt - ok
23:37:02.0985 4896 CmdIde - ok
23:37:03.0001 4896 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:37:03.0016 4896 Compbatt - ok
23:37:03.0032 4896 Cpqarray - ok
23:37:03.0079 4896 Crypto (ff47f8c027394814db9c1361fcc36b85) C:\WINDOWS\system32\Drivers\Crypto.sys
23:37:03.0079 4896 Crypto - ok
23:37:03.0111 4896 dac2w2k - ok
23:37:03.0142 4896 dac960nt - ok
23:37:03.0173 4896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:37:03.0189 4896 Disk - ok
23:37:03.0314 4896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:37:03.0330 4896 dmboot - ok
23:37:03.0346 4896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:37:03.0362 4896 dmio - ok
23:37:03.0362 4896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:37:03.0377 4896 dmload - ok
23:37:03.0424 4896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:37:03.0424 4896 DMusic - ok
23:37:03.0456 4896 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\WINDOWS\system32\DRIVERS\dne2000.sys
23:37:03.0471 4896 DNE - ok
23:37:03.0471 4896 DniVap (dea17133e5f64a70c21f1a9e9692f8c3) C:\WINDOWS\system32\DRIVERS\vap.sys
23:37:03.0487 4896 DniVap - ok
23:37:03.0503 4896 dpti2o - ok
23:37:03.0518 4896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:37:03.0518 4896 drmkaud - ok
23:37:03.0644 4896 e1yexpress (96967facc0307093b9098f817a4409e6) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
23:37:03.0660 4896 e1yexpress - ok
23:37:03.0675 4896 Eacfilt (128622a56a7cf32042b8a914d787c97b) C:\WINDOWS\system32\DRIVERS\eacfilt.sys
23:37:03.0675 4896 Eacfilt - ok
23:37:03.0848 4896 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:37:03.0848 4896 eeCtrl - ok
23:37:03.0863 4896 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:37:03.0879 4896 EraserUtilRebootDrv - ok
23:37:04.0005 4896 ewusbnet (9032405f762f1afa92dfef99cb078306) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
23:37:04.0005 4896 ewusbnet - ok
23:37:04.0099 4896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:37:04.0146 4896 Fastfat - ok
23:37:04.0208 4896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:37:04.0208 4896 Fdc - ok
23:37:04.0256 4896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:37:04.0256 4896 Fips - ok
23:37:04.0287 4896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:37:04.0303 4896 Flpydisk - ok
23:37:04.0334 4896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:37:04.0350 4896 FltMgr - ok
23:37:04.0428 4896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:37:04.0428 4896 Fs_Rec - ok
23:37:04.0444 4896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:37:04.0459 4896 Ftdisk - ok
23:37:04.0522 4896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:37:04.0522 4896 GEARAspiWDM - ok
23:37:04.0569 4896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:37:04.0569 4896 Gpc - ok
23:37:04.0616 4896 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
23:37:04.0632 4896 HBtnKey - ok
23:37:04.0648 4896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:37:04.0648 4896 HDAudBus - ok
23:37:04.0695 4896 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
23:37:04.0695 4896 HECI - ok
23:37:04.0789 4896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:37:04.0789 4896 HidUsb - ok
23:37:04.0867 4896 hpdskflt (54cda2171102db1199830d8de6786057) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
23:37:04.0867 4896 hpdskflt - ok
23:37:04.0914 4896 hpn - ok
23:37:04.0961 4896 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
23:37:04.0977 4896 HpqKbFiltr - ok
23:37:05.0024 4896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:37:05.0024 4896 HTTP - ok
23:37:05.0071 4896 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:37:05.0071 4896 hwdatacard - ok
23:37:05.0087 4896 i2omgmt - ok
23:37:05.0087 4896 i2omp - ok
23:37:05.0118 4896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:37:05.0118 4896 i8042prt - ok
23:37:05.0259 4896 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:37:05.0338 4896 ialm - ok
23:37:05.0463 4896 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:37:05.0463 4896 iaStor - ok
23:37:05.0479 4896 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
23:37:05.0495 4896 IFXTPM - ok
23:37:05.0526 4896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:37:05.0526 4896 Imapi - ok
23:37:05.0557 4896 ini910u - ok
23:37:05.0604 4896 IntelIde - ok
23:37:05.0636 4896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:37:05.0636 4896 intelppm - ok
23:37:05.0683 4896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:37:05.0683 4896 Ip6Fw - ok
23:37:05.0714 4896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:37:05.0730 4896 IpFilterDriver - ok
23:37:05.0746 4896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:37:05.0746 4896 IpInIp - ok
23:37:05.0777 4896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:37:05.0777 4896 IpNat - ok
23:37:05.0808 4896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:37:05.0808 4896 IPSec - ok
23:37:05.0824 4896 IPSECDRV (0dae09ea43f5afb0a06fbabc4dcccc34) C:\WINDOWS\system32\Drivers\IPSECDRV.sys
23:37:05.0840 4896 IPSECDRV - ok
23:37:05.0871 4896 IPSECEXT (c399687188fecfcfee4ed846c6a6e3ab) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
23:37:05.0871 4896 IPSECEXT - ok
23:37:05.0887 4896 IPSECSHM (c399687188fecfcfee4ed846c6a6e3ab) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
23:37:05.0887 4896 IPSECSHM - ok
23:37:05.0918 4896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:37:05.0918 4896 IRENUM - ok
23:37:05.0934 4896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:37:05.0934 4896 isapnp - ok
23:37:05.0981 4896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:37:05.0981 4896 Kbdclass - ok
23:37:05.0996 4896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:37:05.0996 4896 kbdhid - ok
23:37:06.0091 4896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:37:06.0091 4896 kmixer - ok
23:37:06.0138 4896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:37:06.0138 4896 KSecDD - ok
23:37:06.0263 4896 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:37:06.0279 4896 Lavasoft Kernexplorer - ok
23:37:06.0294 4896 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:37:06.0310 4896 Lbd - ok
23:37:06.0310 4896 lbrtfdc - ok
23:37:06.0420 4896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:37:06.0420 4896 mnmdd - ok
23:37:06.0451 4896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:37:06.0451 4896 Modem - ok
23:37:06.0483 4896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:37:06.0483 4896 Mouclass - ok
23:37:06.0514 4896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:37:06.0514 4896 mouhid - ok
23:37:06.0530 4896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:37:06.0530 4896 MountMgr - ok
23:37:06.0545 4896 mraid35x - ok
23:37:06.0545 4896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:37:06.0545 4896 MRxDAV - ok
23:37:06.0608 4896 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:37:06.0608 4896 MRxSmb - ok
23:37:06.0702 4896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:37:06.0702 4896 Msfs - ok
23:37:06.0749 4896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:37:06.0749 4896 MSKSSRV - ok
23:37:06.0781 4896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:37:06.0781 4896 MSPCLOCK - ok
23:37:06.0796 4896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:37:06.0812 4896 MSPQM - ok
23:37:06.0843 4896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:37:06.0843 4896 mssmbios - ok
23:37:06.0875 4896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:37:06.0875 4896 MSTEE - ok
23:37:06.0906 4896 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:37:06.0922 4896 Mup - ok
23:37:06.0938 4896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:37:06.0953 4896 NABTSFEC - ok
23:37:07.0063 4896 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111019.003\naveng.sys
23:37:07.0063 4896 NAVENG - ok
23:37:07.0126 4896 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111019.003\navex15.sys
23:37:07.0126 4896 NAVEX15 - ok
23:37:07.0267 4896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:37:07.0267 4896 NDIS - ok
23:37:07.0298 4896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:37:07.0298 4896 NdisIP - ok
23:37:07.0314 4896 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:37:07.0330 4896 NdisTapi - ok
23:37:07.0345 4896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:37:07.0345 4896 Ndisuio - ok
23:37:07.0377 4896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:37:07.0377 4896 NdisWan - ok
23:37:07.0392 4896 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:37:07.0392 4896 NDProxy - ok
23:37:07.0408 4896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:37:07.0408 4896 NetBIOS - ok
23:37:07.0424 4896 NetBT (7d093da5cc1a2bdf3f4fa8ceee9fe175) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:37:07.0424 4896 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 7d093da5cc1a2bdf3f4fa8ceee9fe175, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
23:37:07.0424 4896 NetBT ( Rootkit.Win32.ZAccess.j ) - infected
23:37:07.0424 4896 NetBT - detected Rootkit.Win32.ZAccess.j (0)
23:37:07.0565 4896 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
23:37:07.0612 4896 NETw5x32 - ok
23:37:07.0643 4896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:37:07.0659 4896 NIC1394 - ok
23:37:07.0784 4896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:37:07.0784 4896 Npfs - ok
23:37:07.0832 4896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:37:07.0863 4896 Ntfs - ok
23:37:07.0910 4896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:37:07.0910 4896 Null - ok
23:37:07.0988 4896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:37:07.0988 4896 NwlnkFlt - ok
23:37:08.0020 4896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:37:08.0020 4896 NwlnkFwd - ok
23:37:08.0035 4896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:37:08.0035 4896 ohci1394 - ok
23:37:08.0098 4896 OMVA (73c74eb8b231974b7a961fddd878ae01) C:\WINDOWS\system32\DRIVERS\OMVA.sys
23:37:08.0114 4896 OMVA - ok
23:37:08.0145 4896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:37:08.0161 4896 Parport - ok
23:37:08.0161 4896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:37:08.0177 4896 PartMgr - ok
23:37:08.0208 4896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:37:08.0208 4896 ParVdm - ok
23:37:08.0224 4896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:37:08.0224 4896 PCI - ok
23:37:08.0239 4896 PCIDump - ok
23:37:08.0271 4896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:37:08.0271 4896 PCIIde - ok
23:37:08.0286 4896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:37:08.0302 4896 Pcmcia - ok
23:37:08.0302 4896 PDCOMP - ok
23:37:08.0318 4896 PDFRAME - ok
23:37:08.0333 4896 PDRELI - ok
23:37:08.0349 4896 PDRFRAME - ok
23:37:08.0349 4896 perc2 - ok
23:37:08.0365 4896 perc2hib - ok
23:37:08.0428 4896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:37:08.0443 4896 PptpMiniport - ok
23:37:08.0490 4896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:37:08.0490 4896 PSched - ok
23:37:08.0490 4896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:37:08.0506 4896 Ptilink - ok
23:37:08.0522 4896 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:37:08.0522 4896 PxHelp20 - ok
23:37:08.0537 4896 ql1080 - ok
23:37:08.0553 4896 Ql10wnt - ok
23:37:08.0553 4896 ql12160 - ok
23:37:08.0569 4896 ql1240 - ok
23:37:08.0569 4896 ql1280 - ok
23:37:08.0647 4896 RapportKELL (915b82d664cd38743a59b3a3524a5d3a) C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys
23:37:08.0647 4896 RapportKELL - ok
23:37:08.0678 4896 RapportPG (25f126fdd8df81a71ff518c914055cd8) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
23:37:08.0678 4896 RapportPG - ok
23:37:08.0726 4896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:37:08.0726 4896 RasAcd - ok
23:37:08.0773 4896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:37:08.0773 4896 Rasl2tp - ok
23:37:08.0804 4896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:37:08.0804 4896 RasPppoe - ok
23:37:08.0820 4896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:37:08.0820 4896 Raspti - ok
23:37:08.0835 4896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:37:08.0851 4896 Rdbss - ok
23:37:08.0882 4896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:37:08.0882 4896 RDPCDD - ok
23:37:08.0898 4896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:37:08.0898 4896 rdpdr - ok
23:37:08.0929 4896 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:37:08.0929 4896 RDPWD - ok
23:37:08.0961 4896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:37:08.0961 4896 redbook - ok
23:37:08.0992 4896 rimmptsk (ded01a389926a89540b82373e4c550ee) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:37:09.0008 4896 rimmptsk - ok
23:37:09.0008 4896 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\WINDOWS\system32\DRIVERS\rismc32.sys
23:37:09.0008 4896 rismc32 - ok
23:37:09.0039 4896 RsvLock (c0ef0f85c03e57686973932b6e46b172) C:\WINDOWS\system32\drivers\RsvLock.sys
23:37:09.0039 4896 RsvLock - ok
23:37:09.0071 4896 SafeBoot (b48c00f75e7afcd122abb2ad87dfd270) C:\WINDOWS\system32\drivers\SafeBoot.sys
23:37:09.0086 4896 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: b48c00f75e7afcd122abb2ad87dfd270
23:37:09.0086 4896 SafeBoot ( LockedFile.Multi.Generic ) - warning
23:37:09.0086 4896 SafeBoot - detected LockedFile.Multi.Generic (1)
23:37:09.0165 4896 SAVRT (cdb565c093b0105086cc630b32f9e6e6) C:\Program Files\Symantec AntiVirus\savrt.sys
23:37:09.0180 4896 SAVRT - ok
23:37:09.0180 4896 SAVRTPEL (1042cb5a003f9aed8d6cec56a0fc6c49) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
23:37:09.0180 4896 SAVRTPEL - ok
23:37:09.0196 4896 SbAlg (5f1a459d5dd0feafb430328123be2836) C:\WINDOWS\system32\drivers\SbAlg.sys
23:37:09.0196 4896 SbAlg - ok
23:37:09.0212 4896 SbFsLock (10cc92eab610dfe1e5bd68a38c76256b) C:\WINDOWS\system32\drivers\SbFsLock.sys
23:37:09.0212 4896 SbFsLock - ok
23:37:09.0243 4896 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:37:09.0243 4896 sdbus - ok
23:37:09.0259 4896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:37:09.0274 4896 Secdrv - ok
23:37:09.0306 4896 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:37:09.0306 4896 Serenum - ok
23:37:09.0322 4896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:37:09.0322 4896 Serial - ok
23:37:09.0353 4896 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
23:37:09.0353 4896 SFAUDIO - ok
23:37:09.0384 4896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:37:09.0400 4896 Sfloppy - ok
23:37:09.0416 4896 Simbad - ok
23:37:09.0431 4896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:37:09.0447 4896 SLIP - ok
23:37:09.0525 4896 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
23:37:09.0541 4896 SNP2UVC - ok
23:37:09.0573 4896 Sparrow - ok
23:37:09.0635 4896 SPBBCDrv (cc22bf5631c4837abcd81d75de8fb1aa) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:37:09.0635 4896 SPBBCDrv - ok
23:37:09.0682 4896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:37:09.0682 4896 splitter - ok
23:37:09.0714 4896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:37:09.0729 4896 sr - ok
23:37:09.0792 4896 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
23:37:09.0792 4896 Srv - ok
23:37:09.0823 4896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:37:09.0823 4896 streamip - ok
23:37:09.0871 4896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:37:09.0871 4896 swenum - ok
23:37:09.0902 4896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:37:09.0902 4896 swmidi - ok
23:37:09.0918 4896 symc810 - ok
23:37:09.0933 4896 symc8xx - ok
23:37:09.0949 4896 SymEvent (5156f63e684e8c864ff40e40d5309f41) C:\Program Files\Symantec\SYMEVENT.SYS
23:37:09.0965 4896 SymEvent - ok
23:37:09.0980 4896 SYMREDRV (5314e345dfc068504cfb2676d3b2ca39) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
23:37:09.0996 4896 SYMREDRV - ok
23:37:10.0027 4896 SYMTDI (8cd0a1478256240249b8ee88e6f25e94) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
23:37:10.0027 4896 SYMTDI - ok
23:37:10.0027 4896 sym_hi - ok
23:37:10.0043 4896 sym_u3 - ok
23:37:10.0090 4896 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:37:10.0106 4896 SynTP - ok
23:37:10.0137 4896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:37:10.0137 4896 sysaudio - ok
23:37:10.0153 4896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:37:10.0153 4896 Tcpip - ok
23:37:10.0169 4896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:37:10.0169 4896 TDPIPE - ok
23:37:10.0200 4896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:37:10.0200 4896 TDTCP - ok
23:37:10.0247 4896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:37:10.0247 4896 TermDD - ok
23:37:10.0278 4896 TosIde - ok
23:37:10.0310 4896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:37:10.0325 4896 Udfs - ok
23:37:10.0341 4896 ultra - ok
23:37:10.0357 4896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:37:10.0372 4896 Update - ok
23:37:10.0435 4896 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:37:10.0451 4896 USBAAPL - ok
23:37:10.0467 4896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:37:10.0482 4896 usbccgp - ok
23:37:10.0529 4896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:37:10.0529 4896 usbehci - ok
23:37:10.0561 4896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:37:10.0561 4896 usbhub - ok
23:37:10.0608 4896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:37:10.0623 4896 usbprint - ok
23:37:10.0639 4896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:37:10.0655 4896 usbscan - ok
23:37:10.0686 4896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:37:10.0686 4896 USBSTOR - ok
23:37:10.0702 4896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:37:10.0702 4896 usbuhci - ok
23:37:10.0733 4896 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:37:10.0749 4896 usbvideo - ok
23:37:10.0765 4896 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:37:10.0780 4896 usb_rndisx - ok
23:37:10.0796 4896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:37:10.0796 4896 VgaSave - ok
23:37:10.0812 4896 ViaIde - ok
23:37:10.0827 4896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:37:10.0843 4896 VolSnap - ok
23:37:10.0906 4896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:37:10.0906 4896 Wanarp - ok
23:37:10.0984 4896 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:37:10.0984 4896 Wdf01000 - ok
23:37:11.0000 4896 WDICA - ok
23:37:11.0031 4896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:37:11.0031 4896 wdmaud - ok
23:37:11.0094 4896 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:37:11.0094 4896 WmiAcpi - ok
23:37:11.0141 4896 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:37:11.0157 4896 WpdUsb - ok
23:37:11.0188 4896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:37:11.0204 4896 WS2IFSL - ok
23:37:11.0235 4896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:37:11.0235 4896 WSTCODEC - ok
23:37:11.0266 4896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:37:11.0266 4896 WudfPf - ok
23:37:11.0298 4896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:37:11.0298 4896 WudfRd - ok
23:37:11.0361 4896 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
23:37:11.0361 4896 zumbus - ok
23:37:11.0455 4896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:37:11.0564 4896 \Device\Harddisk0\DR0 - ok
23:37:11.0564 4896 Boot (0x1200) (8d45d59056e053758ed73f9ea9b10963) \Device\Harddisk0\DR0\Partition0
23:37:11.0564 4896 \Device\Harddisk0\DR0\Partition0 - ok
23:37:11.0596 4896 Boot (0x1200) (6cbbbbd1d5d691977cd654258ba91387) \Device\Harddisk0\DR0\Partition1
23:37:11.0596 4896 \Device\Harddisk0\DR0\Partition1 - ok
23:37:11.0596 4896 ============================================================
23:37:11.0596 4896 Scan finished
23:37:11.0596 4896 ============================================================
23:37:11.0627 3280 Detected object count: 2
23:37:11.0627 3280 Actual detected object count: 2
23:37:50.0408 3280 Backup copy found, using it..
23:37:50.0423 3280 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
23:37:50.0423 3280 NetBT ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
23:37:50.0423 3280 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
23:37:50.0423 3280 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
23:37:55.0117 3004 Deinitialize success

aaw7boot.log

================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-03-30 07:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-03-30 07:41


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-03-31 07:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-01 07:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-02 09:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-03 05:23


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-03 20:24


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-04 11:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-04 14:18


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-04 15:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-05 07:20


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-06 07:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-06 19:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-07 07:39


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-07 19:17


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-08 07:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-08 19:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-09 06:19


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-09 07:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-09 14:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-09 20:03


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-09 20:19


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-10 10:03


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-11 09:19


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-12 07:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-12 19:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-13 07:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-13 19:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-14 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-15 07:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-16 07:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-19 07:32


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-20 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-21 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-22 08:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-22 18:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-23 08:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-23 19:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-24 07:29


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-25 09:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 07:29


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 18:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 19:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 19:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 19:49


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 19:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 20:01


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-26 20:03


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-27 07:29


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-27 15:48


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-27 20:32


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-29 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-04-30 06:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-02 10:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-02 16:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-04 07:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-05 07:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-06 07:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-06 18:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-06 18:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-08 14:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-10 07:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-10 18:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-11 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-11 20:12


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-12 07:32


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-12 09:38


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-13 07:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-13 23:15


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-14 06:03


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-16 19:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-17 07:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-17 08:25


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-18 07:39


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-18 07:49


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-18 09:04


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-18 12:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-19 07:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-19 19:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-20 07:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-20 08:38


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-21 07:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-22 07:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-22 14:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-22 19:29


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-23 12:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-24 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-25 07:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-25 20:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-26 07:27


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-26 18:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-27 07:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-27 19:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-28 07:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-05-29 10:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-01 07:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-01 19:14


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-02 07:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-02 08:45


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-03 07:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-03 20:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-04 08:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-04 22:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-05 09:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-06 09:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-07 07:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-07 19:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-08 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-09 08:18


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-10 07:27


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-10 17:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-10 20:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-11 07:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-12 09:04


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-12 23:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-27 08:12


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-29 08:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-30 07:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-06-30 22:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-01 08:07


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-01 19:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-02 08:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-04 10:21


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-04 14:21


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-05 07:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-05 20:32


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-06 07:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-06 18:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-07 08:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-08 07:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-08 22:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-09 07:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-10 20:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-11 11:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-11 17:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-12 08:14


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-12 15:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-13 07:41


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-13 08:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-13 17:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-14 07:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-14 18:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-15 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-16 07:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-16 16:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-17 20:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-18 15:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-19 07:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-20 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-21 07:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-21 19:39


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-22 08:04


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-22 19:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-23 07:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-23 22:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-24 07:11


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-25 19:20


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-26 07:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-27 07:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-28 07:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-29 08:06


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-30 07:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-30 17:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-07-31 06:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-01 06:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-01 22:32


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-02 07:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-02 08:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-03 07:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-03 19:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-04 07:49


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-04 22:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-05 07:57


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-06 07:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-09 08:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-10 07:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-11 07:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-11 07:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-12 07:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 06:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 17:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 18:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 18:55


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 19:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 20:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-13 20:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-14 07:25


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-14 07:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-14 07:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-15 22:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-15 22:39


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-15 22:46


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-16 05:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-16 19:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-17 22:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-19 19:58


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-20 18:38


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-20 19:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-21 11:47


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-22 22:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-23 18:46


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-23 19:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-24 18:01


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-25 17:47


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-26 20:06


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-28 20:27


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-29 06:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-29 17:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-30 14:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-31 09:17


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-08-31 21:48


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-01 05:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-01 17:55


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-01 20:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-02 05:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-06 18:13


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-07 18:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-08 17:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-09 18:57


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-10 17:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-11 11:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-12 21:13


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-13 19:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-14 17:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-15 20:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-16 21:46


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-18 07:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-20 08:03


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-21 20:07


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-22 19:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-24 18:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-26 16:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-30 11:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-09-30 14:43


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-04 17:01


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-04 21:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-05 18:32


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-15 17:57


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-15 18:03


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-23 18:13


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-24 14:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-26 09:48


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-26 19:21


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-27 09:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-27 14:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-27 19:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-29 13:57


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-29 17:12


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-29 18:01


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-30 06:12


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-30 22:47


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-10-31 07:14


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-11-01 06:20


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-11-01 19:05


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-11-10 19:29


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-11-29 10:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-02 06:23


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-03 19:20


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-09 20:12


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-10 21:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-11 09:05


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-11 10:43


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-15 18:27


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-15 21:11


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-15 21:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-16 07:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-16 19:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-16 21:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-17 06:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-17 23:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-18 00:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-18 11:46


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-19 14:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-19 19:09


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-21 20:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-24 10:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2010-12-24 16:13


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-03 20:21


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-04 18:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-06 22:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-07 22:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-09 21:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-12 09:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-12 17:43


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-15 06:15


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-17 19:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-01-18 19:28


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-14 08:57


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-14 10:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-14 13:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-16 12:44


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-17 05:24


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-22 18:25


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-22 22:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-23 18:14


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-24 19:33


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-25 18:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-02-28 18:38


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-02 19:41


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-03 20:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-04 22:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-06 10:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-09 12:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-11 09:49


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-13 07:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-14 18:46


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-16 21:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-23 20:27


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-24 08:13


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-24 09:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-25 20:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-26 14:57


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-28 18:49


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-30 19:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-30 22:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-03-31 09:18


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-02 06:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-02 16:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-05 19:38


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-07 17:20


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-14 19:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-17 17:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-18 18:53


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-19 19:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-20 17:19


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-21 18:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-23 09:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-24 11:29


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-25 19:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-27 06:35


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-29 08:17


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-04-30 14:14


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-01 09:27


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-01 20:59


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-02 08:24


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-03 13:02


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-08 19:16


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-10 06:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-10 17:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-11 19:30


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-12 06:37


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-12 18:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-12 19:41


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-12 19:49


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-12 21:36


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-05-14 06:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-21 18:22
[~] Preparing to execute queued commands
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\My Documents\MPLSetup.exe
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\Local Settings\Temp\Bit5F.tmp
[~] Deleting file: C:\RECYCLER\S-1-5-21-43600022-1654802775-2145397984-10270\Dc1.exe
[~] Deleting file: C:\WINDOWS\system32\mqsnapi.dll
[~] Finished processing queued commands


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-21 18:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-22 09:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-22 12:22


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-24 08:10


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-25 10:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-29 10:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-09-30 17:54


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-01 09:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-03 07:15


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-05 07:34


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-08 11:39


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-10 12:58


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-12 06:07


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-16 10:51


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-16 11:01


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-17 16:45


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-18 13:42


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 08:18


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 10:33
[~] Preparing to execute queued commands
[~] Deleting file: C:\WINDOWS\system32\msgobjpage.exe
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\senrmodk70.exe
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\Local Settings\Temp\Bit5F.tmp
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\Local Settings\Temp\FY1.tmp
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\Local Settings\Temp\FY4.tmp
[~] Deleting file: C:\Documents and Settings\mthevi.AXON\Local Settings\Temp\FY5.tmp
[~] Finished processing queued commands


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 10:47


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 10:52


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 11:26


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 11:40


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 12:08


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 12:15


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 12:50


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 13:00


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 14:55


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 17:41


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 17:56


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 18:07


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-21 18:11


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-22 22:31


================================================================================
Boot Cleaner
================================================================================
[~] Cleaning started at 2011-10-22 22:38


Combofix Log
ComboFix 11-10-21.06 - mthevi 23/10/2011 0:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2022 [GMT 1:00]
Running from: c:\documents and settings\mthevi.AXON\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mthevi.AXON\Application Data\Adobe\plugs
c:\documents and settings\mthevi.AXON\Application Data\Adobe\shed
c:\documents and settings\mthevi.AXON\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentom System Guard.lnk
c:\windows\$NtUninstallKB29347$
c:\windows\$NtUninstallKB29347$\1658130550\@
c:\windows\$NtUninstallKB29347$\1658130550\bckfg.tmp
c:\windows\$NtUninstallKB29347$\1658130550\cfg.ini
c:\windows\$NtUninstallKB29347$\1658130550\Desktop.ini
c:\windows\$NtUninstallKB29347$\1658130550\keywords
c:\windows\$NtUninstallKB29347$\1658130550\kwrd.dll
c:\windows\$NtUninstallKB29347$\1658130550\L\mnggusum
c:\windows\$NtUninstallKB29347$\1658130550\U\00000001.@
c:\windows\$NtUninstallKB29347$\1658130550\U\00000002.@
c:\windows\$NtUninstallKB29347$\1658130550\U\80000000.@
c:\windows\$NtUninstallKB29347$\1658130550\U\80000032.@
c:\windows\$NtUninstallKB29347$\2499993883
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\AutoRun.inf
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-10-21 18:04 . 2004-07-13 20:12 14924 ----a-w- c:\windows\system32\drivers\OMVA.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 22:38 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-07 18:52 . 2011-09-07 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-10-24 06:53 . 2010-10-24 06:54 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VoipCheapCom"="c:\program files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" [2011-08-27 14054712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-16 124656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SMA6.8"="c:\svctools\6.8\bin\lnchr.exe" [2006-02-02 364544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2008-11-24 77876]
provappbridge.exe [2011-10-21 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 08:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 08:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\0\0]
"Script"=\\axongroup.co.uk\sysvol\axongroup.co.uk\scripts\logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\0\1]
"Script"=\\axongroup.co.uk\sysvol\axongroup.co.uk\scripts\WebEx\Global_WebEx_Install_Script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\1\0]
"Script"=\\ntfileserver1\test\test.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\2\0]
"Script"=\\axongroup.co.uk\SysVol\axongroup.co.uk\scripts\Printers\pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\documents and settings\mthevi.AXON\Application Data\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 18:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\mthevi.AXON\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 03:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2011-08-27 08:22 14054712 ----a-w- c:\program files\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 09:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 12:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\mthevi.AXON\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26243:TCP"= 26243:TCP:BitComet 26243 TCP
"26243:UDP"= 26243:UDP:BitComet 26243 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/05/2011 08:18 64512]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [05/06/2008 10:08 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [05/06/2008 10:08 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [05/06/2008 10:08 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [24/11/2008 06:42 24064]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [24/11/2008 09:36 138296]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [05/06/2008 10:08 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 09:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 13:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 13:00 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2008 08:11 1176824]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [24/11/2008 09:36 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [10/06/2008 04:13 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [05/06/2008 10:07 256512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 2152152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [16/03/2006 23:34 115952]
R2 SMA6.8;Software Management Agent 6.8;c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl --> c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl [?]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE [24/11/2008 06:47 2058776]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/2009 19:48 9216]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 06:29 475520]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [24/11/2008 09:35 29184]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [24/11/2008 07:06 244368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [17/09/2009 22:47 26137]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/07/2011 09:32 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 04:31 44800]
R3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [21/10/2011 19:04 14924]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [24/11/2008 07:05 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [24/11/2008 07:14 193840]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09/03/2011 14:16 112640]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [17/09/2009 22:47 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [17/09/2009 22:47 155152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [29/04/2011 12:11 15232]
S3 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 13:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2011-10-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]
.
2011-10-20 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyServer = hxxp://http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: axonglobal.com\support
Trusted Zone: sap-ag.de\websmp202
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\mthevi.AXON\Application Data\Mozilla\Firefox\Profiles\3t9cuqng.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {ff8a2039-286d-8344-72e2-5eaa0bc2a824} - c:\program files\Mozilla Firefox\extensions\{ff8a2039-286d-8344-72e2-5eaa0bc2a824}
FF - Ext: XULRunner: {02E63755-F2FD-4F27-9E27-A31FDA6A577C} - c:\documents and settings\mthevi.AXON\Local Settings\Application Data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-sosdxllt - c:\documents and settings\mthevi.AXON\Local Settings\Application Data\uuwgmgdhq\hxepdbwshdw.exe
HKLM-Run-sosdxllt - c:\documents and settings\mthevi.AXON\Local Settings\Application Data\uuwgmgdhq\hxepdbwshdw.exe
Notify-ckpNotify - (no file)
SafeBoot-32352142.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 00:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(10136)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Juniper\NetScreen-Remote\IPSecMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Juniper\NetScreen-Remote\IreIKE.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\svctools\pkg\swmeter\swmeter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-10-23 00:25:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-22 23:25
.
Pre-Run: 78,133,157,888 bytes free
Post-Run: 81,732,804,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DA1F9627C37DD707CFDDF7369524034F

Appreciate for your reply.

Thanks,
meena

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 22 October 2011 - 07:02 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uInternet Settings,ProxyServer = hxxp://http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local

FireFox::
FF - ProfilePath - c:\documents and settings\mthevi.AXON\Application Data\Mozilla\Firefox\Profiles\3t9cuqng.default\
FF - Ext: XULRunner: {02E63755-F2FD-4F27-9E27-A31FDA6A577C} - c:\documents and settings\mthevi.AXON\Local Settings\Application Data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 meenzie

meenzie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 23 October 2011 - 02:39 AM

Hi,

Here is the log from combofix

ComboFix 11-10-21.06 - mthevi 23/10/2011 8:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1866 [GMT 1:00]
Running from: c:\documents and settings\mthevi.AXON\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mthevi.AXON\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mthevi.AXON\Local Settings\Application Data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}
c:\documents and settings\mthevi.AXON\Local Settings\Application Data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}\chrome.manifest
c:\documents and settings\mthevi.AXON\Local Settings\Application Data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}\chrome\content\_cfg.js
c:\documents and settings\mthevi.AXON\Local Settings\Application Data\{02E63755-F2FD-4F27-9E27-A31FDA6A577C}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-21 18:04 . 2004-07-13 20:12 14924 ----a-w- c:\windows\system32\drivers\OMVA.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 22:38 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-07 18:52 . 2011-09-07 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-10-24 06:53 . 2010-10-24 06:54 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-22_23.19.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-23 07:30 . 2011-10-23 07:30 16384 c:\windows\Temp\Perflib_Perfdata_d40.dat
+ 2011-10-23 07:28 . 2011-10-23 07:28 16384 c:\windows\Temp\Perflib_Perfdata_c5c.dat
+ 2011-10-23 07:00 . 2011-10-23 07:00 16384 c:\windows\Temp\Perflib_Perfdata_16f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VoipCheapCom"="c:\program files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" [2011-08-27 14054712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-16 124656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SMA6.8"="c:\svctools\6.8\bin\lnchr.exe" [2006-02-02 364544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2008-11-24 77876]
provappbridge.exe [2011-10-21 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 08:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 08:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\0\0]
"Script"=\\axongroup.co.uk\sysvol\axongroup.co.uk\scripts\logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\0\1]
"Script"=\\axongroup.co.uk\sysvol\axongroup.co.uk\scripts\WebEx\Global_WebEx_Install_Script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\1\0]
"Script"=\\ntfileserver1\test\test.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\2\0]
"Script"=\\axongroup.co.uk\SysVol\axongroup.co.uk\scripts\Printers\pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\documents and settings\mthevi.AXON\Application Data\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 18:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\mthevi.AXON\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 03:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2011-08-27 08:22 14054712 ----a-w- c:\program files\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 09:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 12:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\mthevi.AXON\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26243:TCP"= 26243:TCP:BitComet 26243 TCP
"26243:UDP"= 26243:UDP:BitComet 26243 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/05/2011 08:18 64512]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [05/06/2008 10:08 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [05/06/2008 10:08 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [05/06/2008 10:08 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [24/11/2008 06:42 24064]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [24/11/2008 09:36 138296]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [05/06/2008 10:08 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 09:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 13:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 13:00 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2008 08:11 1176824]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [24/11/2008 09:36 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [10/06/2008 04:13 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [05/06/2008 10:07 256512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 2152152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [16/03/2006 23:34 115952]
R2 SMA6.8;Software Management Agent 6.8;c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl --> c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl [?]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE [24/11/2008 06:47 2058776]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/2009 19:48 9216]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 06:29 475520]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [24/11/2008 09:35 29184]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [24/11/2008 07:06 244368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [17/09/2009 22:47 26137]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/07/2011 09:32 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 04:31 44800]
R3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [21/10/2011 19:04 14924]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [24/11/2008 07:05 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [24/11/2008 07:14 193840]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09/03/2011 14:16 112640]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [17/09/2009 22:47 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [17/09/2009 22:47 155152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [29/04/2011 12:11 15232]
S3 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 13:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2011-10-20 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]
.
2011-10-22 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyServer = hxxp://http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: axonglobal.com\support
Trusted Zone: sap-ag.de\websmp202
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\mthevi.AXON\Application Data\Mozilla\Firefox\Profiles\3t9cuqng.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {ff8a2039-286d-8344-72e2-5eaa0bc2a824} - c:\program files\Mozilla Firefox\extensions\{ff8a2039-286d-8344-72e2-5eaa0bc2a824}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 08:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(9196)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Juniper\NetScreen-Remote\IPSecMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Juniper\NetScreen-Remote\IreIKE.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\svctools\pkg\swmeter\swmeter.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-10-23 08:35:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-23 07:35
ComboFix2.txt 2011-10-22 23:25
.
Pre-Run: 81,684,193,280 bytes free
Post-Run: 81,677,701,120 bytes free
.
- - End Of File - - 566DA1467EEBA1D9E25372C736503EEE

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 23 October 2011 - 02:53 AM

Hi,

Please do the following:

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.


In I.E.
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes


NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 meenzie

meenzie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 23 October 2011 - 10:45 AM

Hi,

MBAM Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8004

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23/10/2011 14:00:18
mbam-log-2011-10-23 (14-00-18).txt

Scan type: Quick scan
Objects scanned: 205954
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESET SCAN Log

C:\Documents and Settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Documents and Settings\mthevi.AXON\My Documents\Downloads\SoftonicDownloader_for_yahoo-messenger.exe a variant of Win32/SoftonicDownloader.A application
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP14\A0022203.exe a variant of Win32/Adware.HotBar.N application
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0027965.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0027976.exe Win32/Spy.Agent.NXC trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0027983.exe a variant of Win32/Kryptik.UGR trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0028965.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0028976.exe Win32/Spy.Agent.NXC trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0029965.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0029975.exe Win32/Spy.Agent.NXC trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0029978.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0029983.exe Win32/Spy.Agent.NXC trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0030978.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0030992.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0031992.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0032021.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0032035.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP29\A0033035.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP30\A0033167.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP30\A0033220.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP30\A0033439.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP30\A0033468.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP30\A0033477.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{F4D299F6-7A65-44DE-95E9-41D455D4C20D}\RP30\A0033497.sys Win32/Sirefef.DA trojan

Attached Files



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 23 October 2011 - 12:37 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\enemies-names.txt 
C:\Documents and Settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\local.ini 
C:\Documents and Settings\mthevi.AXON\My Documents\Downloads\SoftonicDownloader_for_yahoo-messenger.exe 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 meenzie

meenzie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 23 October 2011 - 03:38 PM

Combo fix log...

ComboFix 11-10-23.02 - mthevi 23/10/2011 21:26:49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1887 [GMT 1:00]
Running from: c:\documents and settings\mthevi.AXON\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mthevi.AXON\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\documents and settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\enemies-names.txt"
"c:\documents and settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\local.ini"
"c:\documents and settings\mthevi.AXON\My Documents\Downloads\SoftonicDownloader_for_yahoo-messenger.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\enemies-names.txt
c:\documents and settings\mthevi.AXON\Application Data\EAB9BAC9E6537118379383B8B22F09F1\local.ini
c:\documents and settings\mthevi.AXON\My Documents\Downloads\SoftonicDownloader_for_yahoo-messenger.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))))
.
.
2011-10-23 13:06 . 2011-10-23 13:06 -------- d-----w- c:\program files\ESET
2011-10-21 18:04 . 2004-07-13 20:12 14924 ----a-w- c:\windows\system32\drivers\OMVA.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 22:38 . 2006-02-28 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-07 18:52 . 2011-09-07 18:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00 . 2010-03-29 20:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-24 06:53 . 2010-10-24 06:54 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-22_23.19.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-23 12:17 . 2011-10-23 12:17 16384 c:\windows\Temp\Perflib_Perfdata_f68.dat
+ 2011-10-23 12:14 . 2011-10-23 12:14 16384 c:\windows\Temp\Perflib_Perfdata_c78.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"VoipCheapCom"="c:\program files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe" [2011-08-27 14054712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-02 367128]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-05-08 77616]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-10 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-02 24848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-03-16 124656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SMA6.8"="c:\svctools\6.8\bin\lnchr.exe" [2006-02-02 364544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - c:\program files\Juniper\NetScreen-Remote\SafeCfg.exe [2008-11-24 77876]
provappbridge.exe [2011-10-21 209920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 08:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 08:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-02 12:06 112400 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\0\0]
"Script"=\\axongroup.co.uk\sysvol\axongroup.co.uk\scripts\logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\0\1]
"Script"=\\axongroup.co.uk\sysvol\axongroup.co.uk\scripts\WebEx\Global_WebEx_Install_Script.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\1\0]
"Script"=\\ntfileserver1\test\test.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-43600022-1654802775-2145397984-10270\Scripts\Logon\2\0]
"Script"=\\axongroup.co.uk\SysVol\axongroup.co.uk\scripts\Printers\pushprinterconnections.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\documents and settings\mthevi.AXON\Application Data\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-26 13:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 18:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\documents and settings\mthevi.AXON\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-05-14 03:26 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 17:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 14:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom]
2011-08-27 08:22 14054712 ----a-w- c:\program files\VoipCheapCom.com\VoipCheapCom\voipcheapcom.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 09:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 12:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\WINDOWS\\system32\\mstsc.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\mthevi.AXON\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\VoipCheapCom.com\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Juniper\\NetScreen-Remote\\IreIKE.exe"=
"c:\program files\Juniper\NetScreen-Remote\ViewLog.exe"= c:\program files\Juniper\NetScreen-Remote\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"c:\program files\Juniper\NetScreen-Remote\CmonApp.exe"= c:\program files\Juniper\NetScreen-Remote\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"c:\program files\Juniper\NetScreen-Remote\vpn.exe"= c:\program files\Juniper\NetScreen-Remote\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26243:TCP"= 26243:TCP:BitComet 26243 TCP
"26243:UDP"= 26243:UDP:BitComet 26243 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14/05/2011 08:18 64512]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [05/06/2008 10:08 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [05/06/2008 10:08 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [05/06/2008 10:08 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [24/11/2008 06:42 24064]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [24/11/2008 09:36 138296]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [05/06/2008 10:08 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [15/05/2007 09:08 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 13:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 13:00 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [15/05/2008 08:11 1176824]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [24/11/2008 09:36 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [10/06/2008 04:13 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [05/06/2008 10:07 256512]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [16/03/2006 23:34 115952]
R2 SMA6.8;Software Management Agent 6.8;c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl --> c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl [?]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE [24/11/2008 06:47 2058776]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/2009 19:48 9216]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [15/05/2008 06:29 475520]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [24/11/2008 09:35 29184]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [24/11/2008 07:06 244368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [17/09/2009 22:47 26137]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/07/2011 09:32 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 04:31 44800]
R3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [21/10/2011 19:04 14924]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [24/11/2008 07:05 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [29/04/2011 12:11 2152152]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [24/11/2008 07:14 193840]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09/03/2011 14:16 112640]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Xerox External Access Network\Extranet_serv.exe [17/09/2009 22:47 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [17/09/2009 22:47 155152]
S3 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 13:57 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]
.
2011-10-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]
.
2011-10-22 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: axonglobal.com\support
Trusted Zone: sap-ag.de\websmp202
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\mthevi.AXON\Application Data\Mozilla\Firefox\Profiles\3t9cuqng.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {ff8a2039-286d-8344-72e2-5eaa0bc2a824} - c:\program files\Mozilla Firefox\extensions\{ff8a2039-286d-8344-72e2-5eaa0bc2a824}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-23 21:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-10-23 21:35:19
ComboFix-quarantined-files.txt 2011-10-23 20:35
ComboFix2.txt 2011-10-23 07:35
ComboFix3.txt 2011-10-22 23:25
.
Pre-Run: 81,542,709,248 bytes free
Post-Run: 81,568,223,232 bytes free
.
- - End Of File - - 49822A3624755CA1C9BB0C060EEEEA79

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 23 October 2011 - 08:37 PM

Hi

Please do the following:

Posted Image Your Java is out of date.
Java™ 6 Update 20 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 meenzie

meenzie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 24 October 2011 - 02:28 PM

Hi,

Attach is the DDS log / Attach log - however the computer seems to be running slow and specially when i am between different webpages...

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_29
Run by mthevi at 20:23:46 on 2011-10-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1388 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\SvcTools\6.8\bin\lnchr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\SvcTools\pkg\swmeter\swmeter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\SvcTools\6.8\bin\lnchr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\VoipCheapCom.com\VoipCheapCom\VoipCheapCom.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyServer = hxxp://http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [VoipCheapCom] "c:\program files\voipcheapcom.com\voipcheapcom\VoipCheapCom.exe" -nosplash -minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SMA6.8] c:\svctools\6.8\bin\lnchr.exe --context=user --control-dir=c:\svctools\6.8\ctrl
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netscr~1.lnk - c:\program files\juniper\netscreen-remote\SafeCfg.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\provappbridge.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: axonglobal.com\support
Trusted Zone: sap-ag.de\websmp202
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274173809250
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://axonit.webex.com/client/T26L/support/ieatgpc.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1E0087D1-93FE-4375-B01D-20CD6533BEFB} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7389769D-535A-410F-ABD5-A744DE6946BB} : DhcpNameServer = 10.203.65.70 10.203.65.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: c:\windows\system32\APSHook.dll APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mthevi.axon\application data\mozilla\firefox\profiles\3t9cuqng.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LoudMo Contextual Ad Assistant: {ff8a2039-286d-8344-72e2-5eaa0bc2a824} - c:\program files\mozilla firefox\extensions\{ff8a2039-286d-8344-72e2-5eaa0bc2a824}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-14 64512]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-6-5 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-6-5 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-6-5 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-11-24 24064]
R1 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [2008-11-24 138296]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-6-5 12496]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-15 1176824]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [2008-11-24 536634]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-10 18944]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-6-5 256512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2152152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-16 115952]
R2 SMA6.8;Software Management Agent 6.8;c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl --> c:\svctools\6.8\bin\lnchr.exe --service --context=system --control-dir=c:\svctools\6.8\ctrl [?]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-16 1799408]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.EXE [2008-11-24 2058776]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2009-9-18 9216]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-15 475520]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [2008-11-24 29184]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-11-24 244368]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-9-17 26137]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-30 105592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111023.005\naveng.sys [2011-10-24 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111023.005\navex15.sys [2011-10-24 1576312]
R3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [2011-10-21 14924]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-11-24 47616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-24 193840]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-3-9 112640]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\xerox external access network\Extranet_serv.exe [2009-9-17 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-9-17 155152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
S3 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-24 18:44:16 94896 ----a-w- c:\windows\system32\drivers\79493965.sys
2011-10-24 05:23:24 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-10-23 20:25:18 -------- d-----w- C:\ComboFix
2011-10-23 13:06:35 -------- d-----w- c:\program files\ESET
2011-10-22 22:57:02 -------- d-sha-r- C:\cmdcons
2011-10-22 22:54:02 98816 ----a-w- c:\windows\sed.exe
2011-10-22 22:54:02 518144 ----a-w- c:\windows\SWREG.exe
2011-10-22 22:54:02 256000 ----a-w- c:\windows\PEV.exe
2011-10-22 22:54:02 208896 ----a-w- c:\windows\MBR.exe
2011-10-21 18:04:20 14924 ----a-w- c:\windows\system32\drivers\OMVA.sys
.
==================== Find3M ====================
.
2011-10-22 22:38:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-07 18:52:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:24:30.74 ===============


Attach Log
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2008 04:52:07
System Uptime: 24/10/2011 20:12:56 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30DC
Processor: Intel Pentium III Xeon processor | Intel® Genuine processor | 2100/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 156 GiB total, 75.605 GiB free.
D: is FIXED (NTFS) - 77 GiB total, 73.595 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VPN-1 SecureClient Adapter
Device ID: ROOT\NET\0000
Manufacturer: Check Point
Name: VPN-1 SecureClient Adapter
PNP Device ID: ROOT\NET\0000
Service: OMVA
.
==== System Restore Points ===================
.
RP6: 31/07/2011 02:27:18 - System Checkpoint
RP7: 01/08/2011 19:31:04 - System Checkpoint
RP8: 04/08/2011 18:43:33 - System Checkpoint
RP9: 24/08/2011 20:00:49 - System Checkpoint
RP10: 03/09/2011 14:52:27 - Installed iTunes
RP11: 13/09/2011 21:14:11 - System Checkpoint
RP12: 15/09/2011 20:44:56 - System Checkpoint
RP13: 17/09/2011 11:48:24 - System Checkpoint
RP14: 18/09/2011 13:36:31 - System Checkpoint
RP15: 22/09/2011 09:10:55 - System Checkpoint
RP16: 24/09/2011 16:00:41 - System Checkpoint
RP17: 29/09/2011 12:08:42 - System Checkpoint
RP18: 01/10/2011 12:16:47 - System Checkpoint
RP19: 03/10/2011 16:50:35 - System Checkpoint
RP20: 05/10/2011 08:52:44 - System Checkpoint
RP21: 10/10/2011 23:51:57 - System Checkpoint
RP22: 13/10/2011 00:30:32 - System Checkpoint
RP23: 14/10/2011 03:47:44 - System Checkpoint
RP24: 15/10/2011 04:24:18 - System Checkpoint
RP25: 16/10/2011 04:26:11 - System Checkpoint
RP26: 17/10/2011 05:32:37 - System Checkpoint
RP27: 18/10/2011 22:00:50 - System Checkpoint
RP28: 19/10/2011 22:46:40 - System Checkpoint
RP29: 20/10/2011 23:44:15 - System Checkpoint
RP30: 21/10/2011 14:10:38 - Removed Adobe Reader 8.1.3
RP31: 23/10/2011 08:19:22 - ComboFix created restore point
RP32: 24/10/2011 06:22:46 - Installed Java™ 6 Update 29
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
ActivClient 6.1 x86
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Lightroom 2.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Audible Download Manager
AuthenTec Fingerprint System
Betfair Poker
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Citrix Endpoint Analysis Plugin
Connect
Credential Manager for HP ProtectTools
CutePDF Writer 2.7
dj_sf_software_req
Drive Encryption for HP ProtectTools
Embedded Security for HP ProtectTools Driver
ESET Online Scanner v3
Google Talk (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP 3D DriveGuard
HP Deskjet Printer Driver Software 9.0
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 E1
HP Webcam
ImTOO Audio Maker
ImTOO DVD Copy Express
ImTOO DVD Creator
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel® Active Management Technology
Intel® Matrix Storage Manager
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java™ 6 Update 29
K-Lite Codec Pack 5.8.3 (Basic)
kuler
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project Standard 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Visio Standard 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 7 Premium
neroxml
NetScreen-Remote
Octoshape Streaming Services
ParetoLogic Data Recovery
PDF Settings CS4
Photomatix Pro version 4.0.2
Photoshop Camera Raw
QuickTime
Rapport
RICOH R5C853 Media Driver Ver.1.02.00.09
SAP Active Components Framework
SAP Front End
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skins
Skype™ 5.3
SoundMAX
Suite Shared Configuration CS4
Symantec AntiVirus
Synaptics Pointing Device Driver
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VirtualLab Client 5.7.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Vodafone Mobile Connect Lite
VoipCheapCom
WebEx
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinRAR archiver
WinZip
XEAN Extranet Access Client
Yahoo! Messenger
YouTube Downloader 2.5.5
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
24/10/2011 20:16:19, error: System Error [1003] - Error code 10000050, parameter1 93eccaa8, parameter2 00000000, parameter3 f71e1aba, parameter4 00000000.
24/10/2011 20:04:09, error: Service Control Manager [7031] - The Vodafone Mobile Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/10/2011 13:13:49, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 00216B44334C has been denied by the DHCP server 10.1.243.1 (The DHCP Server sent a DHCPNACK message).
23/10/2011 00:03:47, error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.
22/10/2011 23:55:40, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
22/10/2011 23:55:10, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
22/10/2011 23:39:28, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
21/10/2011 19:17:27, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 545543445200. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
21/10/2011 19:11:41, error: Dhcp [1002] - The IP address lease 10.1.243.6 for the Network Card with network address 00216B44334C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
21/10/2011 19:09:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
21/10/2011 19:09:13, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
21/10/2011 19:04:41, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 545543445200. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
21/10/2011 18:55:28, error: PSched [14107] - QoS [Adapter {1E0087D1-93FE-4375-B01D-20CD6533BEFB}]: The Packet Scheduler could not initialize the virtual miniport with NDIS.
21/10/2011 15:39:49, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
21/10/2011 13:10:16, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
21/10/2011 13:10:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Check Point SecuRemote Service service to connect.
21/10/2011 13:10:11, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
21/10/2011 13:10:11, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
21/10/2011 13:10:11, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SavRoam service to connect.
21/10/2011 13:10:11, error: Service Control Manager [7001] - The Net Logon service depends on the Workstation service which failed to start because of the following error: The filename, directory name, or volume label syntax is incorrect.
21/10/2011 13:10:11, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The filename, directory name, or volume label syntax is incorrect.
21/10/2011 13:10:11, error: Service Control Manager [7000] - The Remote Connections Service service failed to start due to the following error: The system cannot find the file specified.
21/10/2011 13:10:10, error: Service Control Manager [7023] - The Workstation service terminated with the following error: The filename, directory name, or volume label syntax is incorrect.
21/10/2011 13:10:10, error: Service Control Manager [7000] - The Nortel Extranet Access Protocol service failed to start due to the following error: The system cannot find the file specified.
21/10/2011 13:09:00, error: Workstation [3870] - . is not a valid computer name.
21/10/2011 12:39:35, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/10/2011 12:39:20, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "G:\Meens_Adobe\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
21/10/2011 12:36:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
21/10/2011 12:26:25, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm RsvLock SAVRT SAVRTPEL SPBBCDrv SYMTDI
21/10/2011 11:48:51, error: Service Control Manager [7024] - The Computer Browser service terminated with service-specific error 2102 (0x836).
21/10/2011 11:35:08, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: Access is denied.
21/10/2011 09:21:35, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a.
18/10/2011 16:18:05, error: Dhcp [1002] - The IP address lease 192.168.0.6 for the Network Card with network address 002481F73D9A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

Attached Files



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 24 October 2011 - 04:32 PM

Hi,

There are still a couple of leftovers remaining

Please do the following:


the logs show you have two antivirus products installed
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

Having more than one can cause system slowdowns, conflicts and crashes, please uninstall one of them.

Now please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic424447.html/page__pid__2452912#entry2452912

Collect::
c:\windows\system32\drivers\79493965.sys

DDS::
uInternet Settings,ProxyServer = hxxp://http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - 
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - 
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - 



Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.



NEXT


  • Open My Computer.
  • Right-click the local disk volume that you want to defragment (usually your C:\ drive) > then click Properties.
  • On the Tools tab > click Defragment Now.
  • Click Defragment.


NEXT



Please let me know how the computer is running now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:15 PM

Posted 05 November 2011 - 03:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users