Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS file not working correct


  • This topic is locked This topic is locked
16 replies to this topic

#1 chwalt964

chwalt964

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 09 February 2012 - 11:48 PM

Hello All

Got a rootkit.tdss virus and trying to remove it. Following your preperation guide and when I download and run your DDS program. it opens a text file which I can not attach. but here is part of it.
It doesnt do what your instructions say.

Any info or help would be great.

MZ   @  !L!This program cannot be run in DOS mode.

$ 1:uiuiuiֵiwiuiiַidi!iiitiRichui PE L K   P   0   @               `    ` UPX0    UPX1 P  F  @ .rsrc    J @ 3.07 UPX!
 $И 'C & "U\} t+FEu
H
>Bl HPu Hr@  uS݌}V5EWPLel1E P}Dp; FRVVUu+M‰M3ҊQNUM1Tv>PE3m sPBprEP T޾9}qw ~Xtev453tn۶/jW: "͹* )XWKpgXh -PgWjh6%Xr 9Yw\_^3[_L$FSiAVWTtOq3;5sBi}YDGt /BOt 
u 3ڃ9ٴ۳F1Art[w7QQUi{3W?BF^~ 9M t$B;DiG|B
,R#u(@Ewt ;Ar7
͈,l t/N@狀?? V3 s49v,P $uGzt ~^$F[? seZmB=#+39tK;sEr5db(p۠<@w#ȋ;vCxw[w{rt
V rmCDN}@m @e
+Q;Jqvt$jxkt]8C\P!0=k iCu@FH+&|$ /{jv7{w5th0u
u0qu/PheDޯa{}^[|'Ctljhps˝? Qo8^Mʡ"JWjcY}NKcm
]
M܉
hM؃A׷$(S?(
ll߽9]c
!S9vBH-9w_S
ՃP8-׈|Fܿ-
^u" ?s7y`<-k){/4a;#ǶC64VÆ[ /Wp]`xl7+tRQ%ǜ<>[j=V}ຄ=!XWF_f;tBj\V
SWE c:u |=j5ۆW
x,{'F:utjBwmWh Kb.t<>j`SnN]co vjj}E#WVpj<1o?ؿfk
WHjani M~Po:Hl#;v%8c!C;t,`Vv mD#6I7WhdB{QVzSmd>9o,jh
j1VuckzFVpVYI P"wK~MĿp}|1ʸm]Qw7i`
р#\ouu5Ch$@۴19uv(SF@WV
-EZ1WPPD#6/еS'HVj<lN/js|(fTSSzu
6(^
Pߌ;$~ujV`~j~%hR pS4
['PYVjiD;J򴹅Ww21' zsKxj!j6G0 nԷJ}td*[woh37;~vx/sUnoc}x,ysoC7MN: o1vIRp5")WN)KPOl,6wV?]
yB m9{KOo-n;|~sov'',Jռ7 wm腥)ޠ b+^ϋ- lWЖm/J F#B3>Z04[v+u+ t/>
8 E&9ٽW]P -p}DH|?u
у #W.]KVP;t%}8
.GW6<d'hj@pF.GR5ƘT \!˄3 פD8Cm!uDM'fjjUkɆf`q?D,E/F슇f5v1Q#/-v
CY&h& FPg6ʭs(rQT1&N%,J8pg&A0Rq/*.iv\5. j[ m0 SS 5븙4hr)VOf| P HjZf{c\8.@PS*t\ ?F
6Fh m8B))6nއlC `
<S [\X

8jҥbpؖ訐Z%
S#p\[K!hu
gDpHVvUp~C)T,z8F9njjd=p'[m[t#(`b
0JŶ $$yaZps:ꊱN}Q6ZP`k8!a7̜ؐ jƈ456J4n0N@DTp܄ |& q9Xs܌U]͎o
q[wjStzOW:=ketVW8Ab1ī+(Ԫh(o=
vLjJ=ʓ&K
|rqj6ؼ߲,gCl E" VDb!sܒ@^rq,D۶w뾄Rh)QLѷb<.$
-!K-:QR<+ܣl@R4)pߖU#>0ٜQDr ,~}|/hImoN+&п_#h@3q^̍=g
Gpd>[Ih4;nu
Sj^uOW\u0 8vf-+fM'hc@7o`q4B,=
t-j *p"g 943V `:8 ht
"RcfW 2Hv!N~ Bh V"ll$kVcu+n;ʟ.lѺ;VU uQ=R:2a`udX͘#S]
P
S UV"Rw2<PЪߓp@V!XRMouc }SεU
:^yh BC˶9V͐GQVQD n+UAG4t9WtuI~O%0q6k 8C
gVmv#\[Uw3''4uY QVu'A8;: &d׌Zup8K:\P&5jӈ,>0
6Xs0c.$(]Զ  3Do>;~̟ v v] >~}:(467Ե08zЈJ$,eZdx_ru!}
t+ou
)>st@;|9wlPM>$]8<6<
u1Bc4t|>|lXtLSm4ؖ!aNf-."8q웵t\i< 1Hpu?Ybq{,Q#EfD1w"+قSVV:
D$f@6h=ub@dg׻`DWW5pV?{g!w!C]:dV#MuЀTuQQX]MG#W&{ЯQG;W`K»Hj^}^2`DV@҃V5n_{| ,Vo=¬mRQt+ȺYj Ed%DN '_MBȥn,y ~O;J$t#XAcȮXQ"/c]:A;дe%V-+Qj́WsTpr@ba?# Ml֛f4g45Ml9ZEYvn!4Ͳ
"4le&XYmLus 6P r!#"lM#'$Y6M%4˦&>|}'3u`fy}4MM4M@2h4j?0gPlW}ďȠm%*N.ؙB''/R}WSRA *WP 3]-* >i
=( @,d^huKΚ"JW1>uqcN$5hHjbB$~c3 "u>ÇDG
$ ɠ( ):Z;p8EM0#']mX@} Ku9h4v !8NJ=6[8u;Yp<?3C h?=D9
@pA ·;|dQ×692 ȡL(;"`诈5v9Y f&j
dXt-~tGhP&~B?R#Vh;+]jo=ojP1i^;(ls/W|~q 
Sxcc,=B
t=
V@kV,P3V0h ^5e@Yp~% ~yRW>;mW\.u~j]P*/M;uqᆳuhInstu_sofVNulluM EZW(ƒ \c
_/kF@"9/DBp;vÅ\SY;5
=i}SNnS=_+,!0YWh*(/
j}򨄌w6U?k`O^jjЉ
%m*;ph0ؐ0Y=PcKqUU֮rјT+J.pVTDEHݍs޸`TƅA設>ʼ DY0I@D<nc]0F<T $z w(EW|w$WWD5j?&X3^o ?(6`gj,,TI,wQ`5N>>A\h |!})kx+ݾ@0" }+ZapY?tm;}wodV 7ula`)Es3 0jS3T9
jm|Z)2[:4F1zjXk*gUOUQ+x#&tzchp[; nTBx&1Kcω@.c+9LF`[^@R=h t)@<!0SGx~kc։-rˮdO~|{+t2$̶n<SUfϽ U;O|k
j
&=u73}o҅+
&L-ɣBW :҆n
', 3][Y~ , ÐA{2,
9e3
k  ('NgH;䶱V^ U2V2M;gfƀUǃa\y6m  10hAd68K'|p$L#գ@AM4h`KnӽXAXhKQ:oj'jHeS@="Ǫs
|"t|o |c X@8 t".}{6/u3SuH +8NCRC[Vx /D=eiQ[u@:uXb0HfUfЬk" hQͳuUHU"t~yD6Ônpue4x6M > _?N;sfztrdSG6Cn*V
]Wz
Li%fɝv%pfAV<DpFDUtf4,Gt8Yu N7Z+=jf[
_UX] oHVt?Y(&p-S-,W6$j́Pc_jOu5R $$9t{ 4љtHD@˽j(T][Մ,$ǧS(lth08D f$v ;"M8t i{

oָסEej!mW<\-2pZT;V6Y
vRum۱:%t.lw._%<}* OM HMV
|@N3hn~vVy
J@,j Ps_3 pHH^):1mC+Wj}fU*luJ[WR9N5MhJ0x k"I}!u#hs"]'hWK⑃)tMn3/ UO<\hRx Q2NHzVL3@.]؇vD{]:T<.A V<w3_h#%8yv&h76PB5Wb[vb Ue
׭_jgTC6~a5µ
w|`6TW_N65bD6.
P d^fllj0^ Sk9hqq i
0(POHhx21OID.\X)l^kmpa*Ƭ`
-:5B
#vWUIhlֽ-ȡs/
SihE:
T7B.{ +?ұ[l6Np'5 v(,  W`(mffiEDId
Nf)f3#mojzQ]oXHQ
uf%m`%|h1!~X^E=D}⋅"LP0V)Õ
\mf;W
;% /|3G9U Wp`Ǜu,H#n
PF
u0g6+^.xo>uRx (t0rz)bt/h %DoȠV.5X^ȥ-đ~^ _Pu47,WmhM*x.POJu%1a/{b?G/{߯u2KMckkֈm#W j `)}j?Yjр3<bN/<Ў5ޠ;|>u1Up"U$o$Z[DLZ'9.
 (`c_e Z_wHC997s{/
$^P Ƹ@b
hA($y(hzK- F; W`U˃,)%Px<PF6R;tUAeh|grx*`lO 8=AeO҃ߡfI7SbSprg Ҕϥ--t9dsDmg Hnw6vm#L<Ū>4wXBfFWG|[;hovK#y`Z,rt|pe5 U Vψu\
ÜKT Nbl@q^isx6j
WCzpzv(J\*,x5[
h>d C">)5 PO ! -4<N MKMd{Pv N&VQ}FP5܌A}@ߝ P9נ%*_.m)g<0!(=Cu$ H8=:Z[GdQ?F;c|M J!4]n6
1y$ L
 ]{0}M#+ȋ92s4pk/)C؃e
G}ۅM,@} s8j#*Z* ~8
ZPt;h8 DzScDcmh[47 @h bv~$hCRE&߄d&5㰭RuI&6&!2EuZh׀T.s3
*
ōy \ňo-æ$mٍP ȉnNF -} er iOW7+ʁ %Up?sLMQKj=s~F`kuE\c <
( Pz KɯuB
Јt3D+0FN ]B|"F%SWxFDP=$t(u(3Vu&T0R <50P;Nƀ
Vl^Hjp<DB%h8 7=M@WuE
VSH KaS[E<tk]^=b-\p4+
0j8$j<5n,=z9!3τlԋA,=* ׆- $|{hpE[v=PuRHݶPATc VPwN{S(@+ VP<WW[Bl~Pst
Qu [: Ah.̨&vCS7
4t5t-Ad"];lۢf!Q+]Zf\EAJH' qP";P:Ѿ Cpxf0-#U $~

0
v$ 9j7 ;sx <9Y+Q>;}'6WjV
VL
GãDL
A;Apt2\uFU:p 9q%} i4Lp:00
Vf(u-@8F[]Re2@[T _j[s8[1sj3 3V @-YhՄnύjߠ-5S
% *I3ҀYN
RVh'@W,TOi*oԋV>
ȋt'A

PJpXu8FWh\C. fap8<2 cv&@
Bp;3Al BPS,h0\
g 1AwBXpR4L"R.RH wm}[RcĆ]?jn\ѸT
\hTN!n
v:j!C+`43Ep|( 5Sh Wm/4l }
IrZ8BJ' 6^%AC/Q uvC'!|ɹtpC6v
u,=TNğaSB8 dժIYn^#ѣC
c328ʰMэ ؓqS:(}.tSjV*KLE>73'Q }G=KǶc:.$Ah-[4 "u!ӽ4&68>;&(mQb4 tA B~sn6syk5[v+9yuhT6V=Qs7SȨzBT
Ėj~@TCwńy
P
taWHPФ[G#9t7N
xnn,\0Pj(xڞPmV\DibsY\#RiMf OlH^=8D Gc#Pwl49<^X[[S g# 9~s][q"z ^Në2[A_!w,͔d{_]}= g7SGTx(t[Syt?Y{0 T2W~⻽tA@SWQhN+
&VT bg@y{0yKM
XYno7t )ԽC ̀c4Xml4-oK 6: 8A+Rh
R qGWHOgWD@2x
4$$ 56S,M Eɗ Wh6!qjouL u}h0U>w|SQBeZ
;NIt3WEcƪXCV+
_?S]Y4wm!C<0ҩJxqQu CCM% l =-Cbss~@&Z`b6DSZ04_ ~+ǔPDsw]P%3Os
t  o\V^" | x wj OFf6a
Զޅ `#6l T܄f PlAY!K}aB!(Mh }'+q૫=q,|H\`x,`d h霩t?0hTzw2t)Rs6TXYC̼xBr+,Ua6 U6f|&
& Y/|$!qybf0t4Skm

ţlkv!2շ Q@0uSX@fk΁ $6ή tC$'f;(h֯*<O,8  Bu6b];ֲZW[Ut&jx։,m7S

6"zV ;Aj
n{u4D FfMQj;Tģ\$ 1:Pak6m\j3;Ŗg^ u##,-&0Mu\(tS#>[ }jBPGfpfԏ<bf
FFC;vߣ3[sn+@gLBv.q$D޷h P 1TFtW4%qNktUP0 YG@l/46uG
HZWu*Gu; @A>
c_H|WuUܛDqeF5
Os]@+>3A ! 
hH 47wƀaр=(\u DW à+0} fj?P/ᨣcٍuۅ>.uFuh<
~%b#^VZ[<-N+=WZ pاH"[gmL4R[<z[ntMG@W >T9Yp V!1ӴPO\td'<rV^O


:L/R>uF> KB\w;@AVLȟ9\" <a|
<zmy:%Z>%&Sz |T8;:b!D?u8 ^j\PN@o;`VJ0'brL86sR'1t
!lu<+c,F ѭ RJVWW'*s{Z#3xx7"7$7h#{PNc[}Կ=47VBw~+JANu^' En
$hůAPWQj bѡ?
+d_Onsa܌33X(V~*d
n
OЀ& ];^[Q7+}Vj9MhpZnk0&B&ULU4޽a0UJWl/@ŏ ;_> X .UhT$,^& EaoTf(h']Eփ>lK/*6UǍD=0
oD<UQnۇ[;|uy s/_Z>P}
),P9QE43UW(n2ٳo]#
hPYkt@ >;s U +E;r-4,t+SFP(De
JX?8K>x,ߥIV  6ru tA1(@;F" : QQz9-Ѱ
ArHA0| 7F XuAֵ( ;0<oo!߃A|F )$)$f[ MZKS-1vp%}'T jW_ȸM+Ӂf:}"=V'M+AM mEA fq/< 6π[-J ̀7ZъTY0`yf=Zj#>Zt.JH7%$% y7\?q@Ps@nd_x) %>U萷fq$uhHh<GXTNB)tWQѯ\t8
,XdwAD[ă/u'޲! Hs XD#uj6&Wa,W[i!&s2fE@O3D,l߃oJ
#GAL,\
&䑵Vd81 n
Zt8ZWomdj?+ AٍߨJZޑt9{-$<v"\Lup[դFW5\ m:;9$
u]Ǎ
< t6pMX$HB@tʼn85OoW "01q`:3
$=
x0~W4
!A0TfI4*^UVu-0~V^ ҁt3
0'Aؾ|T'Ņv#W9/EƋ423AmJ_&C_(t HuIxE˲݊Ahd`\ "7Y$޵pШvDmtY鬋
~!H
:Wi֔ maՐ#%j-dj Y
1׾o҉}BJU

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 10 February 2012 - 10:10 PM

Hello and Welcome to the forums!

Use link 2 or 3 for DDS!


My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 10 February 2012 - 10:33 PM

Hello Gringo

Thank you for your responce. My PC Tool anti virus says, I have a virus rootkit.TDSS.V3. Every day it does a scan and comes up with it. I tell it to clean and then it says it does but on the next scan it is back.

I have run your dds and here is the results.

Thank You
Chuck
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by CWalters at 21:15:36 on 2012-02-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.651 [GMT -6:00]
.
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1275019419\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\CWalters\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Documents and Settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Automated Conveyor Systems
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = acs-isa:8080
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80227
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80227
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~2\wzwmcie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: BluePhone Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: BluePhone Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - c:\program files\winzipbar\prxtbWinZ.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SanDiskSecureAccess_Manager.exe] c:\documents and settings\cwalters\application data\sandisk\SanDiskSecureAccess_Manager.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\cwalters\local settings\application data\akamai\netsession_win.exe"
uRun: [AOL Fast Start] "c:\program files\aol desktop 9.7\AOL.EXE" -b
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\udaterui.exe" /StartedFromRunKey
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usbcip driver package\usbciphelper\UsbCipHelper.exe
mRun: [pdfFactory Pro Dispatcher v1] c:\windows\system32\spool\drivers\w32x86\2\fppdis1.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1275019419\ee\AOLSoftware.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Boingo Wi-Finder] "c:\program files\boingo\boingo wi-finder\Boingo.lnk"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISTray] "c:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kasper~1.lnk - c:\program files\kaspersky security scan\KSS.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~3.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoThemesTab = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-system: SetVisualStyle =
mPolicies-system: HideStartupScripts = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.acsconveyor.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275023903109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275023878718
DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rockwellautomation.webex.com/client/T27L10NSP11EP5/support/ieatgpc.cab
DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
TCP: DhcpNameServer = 192.168.111.1
TCP: Interfaces\{72C6A62C-7E08-4D3E-9B0F-BD2C70E0B0C1} : DhcpNameServer = 192.168.111.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: DeviceNP - DeviceNP.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = ASWLNPkg scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 192.168.0.3 acs-m2msql
Hosts: 192.168.0.31 acs-vmmail
Hosts: 192.168.0.120 acs-fs1
Hosts: 192.168.0.7 csbackup
Hosts: 192.168.0.13 acs-nas
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [2011-12-5 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-3 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-17 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-17 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-6-15 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-6-15 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-6-3 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-6-15 185560]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\abbyy screenshot reader\NetworkLicenseServer.exe [2009-5-14 759048]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-7-4 14336]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\aol computer checkup\AOLDefragSrv.exe [2010-11-9 248328]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2010-7-4 14336]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\rockwell software\factorytalk activation\lmgrd.exe [2010-5-17 1122568]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-5-28 54760]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\rockwell software\factorytalk activation\tools\FTActivationBoost.exe [2011-5-31 152936]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\common files\rockwell\FTAEArchiver.exe [2011-6-1 71016]
R2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\common files\rockwell\FTAE_HistServ.exe [2011-6-1 152936]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-1 363344]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2009-9-22 103744]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files\microsoft sql server\mssql10_50.ftviewx64tagdb\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 NmspHost;Rockwell Namespace Services;c:\program files\common files\rockwell\NmspHost.exe [2011-5-27 224104]
R3 EventServer;Rockwell Event Server;c:\program files\common files\rockwell\EventServer.exe [2011-5-27 250216]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-1 20952]
R3 PcmkWdm;%PcmkWdm.DeviceDesc%;c:\windows\system32\drivers\PcmkWdm.sys [2002-4-22 64840]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-6-3 70536]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-1-23 47616]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-6-15 35264]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2010-7-4 14336]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-9 135664]
S3 cpuz132;cpuz132;\??\c:\docume~1\cwalters\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\cwalters\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-4-23 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-4-30 172131]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-9 135664]
S3 LogReceiver;LogReceiver;c:\program files\rockwell software\rslinx enterprise\LogReceiver.exe [2011-6-24 80232]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2010-6-17 8320]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
S3 pcidnt;pcidnt;c:\windows\system32\drivers\pcidnt.sys --> c:\windows\system32\drivers\pcidnt.sys [?]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2011-12-5 56840]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [2002-11-13 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2011-6-29 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\RsiKtNG.sys [2002-4-23 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [2011-6-29 155440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-02-04 00:56:04 98992 ----a-w- c:\windows\system32\drivers\95990557.sys
2012-02-04 00:56:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 01:39:46 -------- d-----w- c:\documents and settings\cwalters\application data\AVG2012
2012-02-03 01:33:26 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-02-03 01:26:53 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-01-31 02:46:02 -------- d-----w- c:\documents and settings\cwalters\application data\PerformerSoft
2012-01-31 02:45:06 -------- d-----w- c:\program files\PC Performer
2012-01-27 23:03:37 -------- d-----w- c:\program files\AOL Desktop 9.7
2012-01-21 00:28:30 -------- d-----w- c:\documents and settings\cwalters\local settings\application data\Akamai
2012-01-21 00:28:11 -------- d-----w- c:\program files\common files\Akamai
.
==================== Find3M ====================
.
2012-01-31 04:01:05 2420 ----a-w- c:\windows\system32\ASOROSet.bin
2012-01-27 23:02:04 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-01-24 01:18:45 110456 ----a-w- c:\documents and settings\cwalters\g2ax_customer_downloadhelper_win32_x86.exe
2012-01-04 01:11:46 17464 ----a-w- c:\windows\system32\roboot.exe
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-01-02 17:34:36 1476 ----a-w- c:\windows\system32\Rsvchost.reg
2012-01-02 17:34:36 1476 ----a-w- c:\windows\system32\RdcyReg.reg
2011-12-07 02:04:11 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 01:43:02 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 01:42:40 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 01:41:28 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 01:38:04 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 00:20:06 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-23 00:20:06 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-23 00:20:04 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 01:41:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 22:07:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 22:07:04 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 22:07:04 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 22:06:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 21:12:26 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 21:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
.
============= FINISH: 21:20:11.81 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2008 6:24:11 PM
System Uptime: 2/10/2012 3:16:52 PM (6 hours ago)
.
Motherboard: Hewlett-Packard | | 30C3
Processor: Intel Pentium III Xeon processor | U10 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 18.883 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 10 GiB total, 9.693 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
==== System Restore Points ===================
.
RP771: 1/13/2012 3:27:42 AM - System Checkpoint
RP772: 1/14/2012 3:35:06 AM - System Checkpoint
RP773: 1/15/2012 3:53:34 AM - System Checkpoint
RP774: 1/16/2012 4:10:22 AM - System Checkpoint
RP775: 1/17/2012 4:52:47 AM - System Checkpoint
RP776: 1/18/2012 9:30:58 AM - System Checkpoint
RP777: 1/19/2012 12:16:40 PM - System Checkpoint
RP778: 1/20/2012 12:51:25 PM - System Checkpoint
RP779: 1/21/2012 3:00:29 AM - Software Distribution Service 3.0
RP780: 1/22/2012 3:43:29 AM - System Checkpoint
RP781: 1/23/2012 4:26:40 AM - System Checkpoint
RP782: 1/24/2012 3:00:29 AM - Software Distribution Service 3.0
RP783: 1/25/2012 7:50:15 AM - System Checkpoint
RP784: 1/26/2012 11:35:09 AM - System Checkpoint
RP785: 1/28/2012 12:56:36 AM - System Checkpoint
RP786: 1/29/2012 1:45:37 AM - System Checkpoint
RP787: 1/30/2012 3:22:17 AM - System Checkpoint
RP788: 1/30/2012 9:05:42 PM - PC Performer Mon, Jan 30, 12 21:05
RP789: 1/31/2012 9:23:16 PM - System Checkpoint
RP790: 2/1/2012 11:42:04 PM - System Checkpoint
RP791: 2/2/2012 3:01:49 PM - PC Performer Thu, Feb 02, 12 15:01
RP792: 2/3/2012 11:27:15 PM - System Checkpoint
RP793: 2/5/2012 12:15:39 AM - System Checkpoint
RP794: 2/5/2012 5:46:13 AM - PC Performer Sun, Feb 05, 12 05:45
RP795: 2/6/2012 11:49:29 AM - System Checkpoint
RP796: 2/7/2012 10:02:38 PM - System Checkpoint
RP797: 2/8/2012 10:59:41 PM - System Checkpoint
RP798: 2/10/2012 1:37:20 AM - System Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 192.168.0.3 acs-m2msql
Hosts: 192.168.0.31 acs-vmmail
Hosts: 192.168.0.120 acs-fs1
Hosts: 192.168.0.7 csbackup
Hosts: 192.168.0.13 acs-nas
Hosts: 192.168.0.16 CSFaxPress
Hosts: 192.168.0.28 pentek
Hosts: 192.168.0.120 acs
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
ABBYY Screenshot Reader
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Computer Checkup
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
Application Installer 4.00.B13
Ask Toolbar
AutoCAD 2002
Autodesk Design Review 2012
Autodesk DWG Viewer
Autodesk Inventor View 2009
Bing Bar
BIOS Configuration for HP ProtectTools
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Boingo Wi-Finder
BootP-DHCP Server
Browser Defender 4.0
CDS 3.5.2
Cisco AnyConnect VPN Client
ClearKeeper
CLP Setup V1.1
CLV Setup V 4.3
CLVMain V 5.0
Compatibility Pack for the 2007 Office system
ControlFLASH
Credential Manager for HP ProtectTools
CWGenericBase-Runtime Setup
Device Access Manager for HP ProtectTools
DeviceNet Node Commissioning Tool
DivX Setup
Driver Whiz
DWG TrueView 2010
FactoryTalk Activation Manager 3.40 (CPR 9 SR 4)
FactoryTalk Alarms and Events 2.40.00000 (CPR 9 SR 4)
FactoryTalk Diagnostics 2.40 (CPR 9 SR 4)
FactoryTalk Services Platform 2.40 (CPR 9 SR 4)
FactoryTalk View Machine Edition 6.10.00 (CPR 9 SR 4)
FinePrint pdfFactory Pro (1.x)
Flexi Soft Designer
FTDI USB Serial Converter Drivers
Google Earth
Google SketchUp Pro 8
Google Toolbar for Internet Explorer
Google Update Helper
HASP Device Drivers
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP 3D DriveGuard
HP Backup and Recovery Manager Installer
HP Doc Viewer
HP Help and Support
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.40 B2
HP Update
HP User Guide Bluetooth Addendum 0062
HP User Guides 0074
HP Wireless Assistant
Inbox Toolbar
Intel® Network Connections Drivers
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 23
Jetset Spanish
Kaspersky Security Scan
LightScribe 1.6.43.1
Logix CPU Security Tool
Logix5000 Clock Update Tool
Logix5000 PLM Sync Utility
Logix5000 Task Monitor
Malwarebytes' Anti-Malware
McAfee Agent
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Outlook 2003
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NORD CON 2.0
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
PanelBuilder32
Parker Isysnet Analog Module Profiles
Parker Isysnet ASCII Module Profile
Parker Isysnet Discrete Module Profiles
Parker Isysnet Discrete Module Profiles 2
Parker Isysnet Discrete Module Profiles 3
PC Performer
PC Tools Spyware Doctor with AntiVirus 9.0
pdfFactory
pdfFactory Pro (3.x)
PID Calculation Program
Radioshack USB-to-Serial cable
RadioShack USB to Serial Driver
Redundancy Module Config Tool
RK512 Communication DTM 1.3.0.125
Road Crew 1.0
Rockwell Automation 1440 XM Dynamic Measurement Module Profile
Rockwell Automation 1732 Discrete Module Profiles
Rockwell Automation 1732 Discrete Module Profiles 2
Rockwell Automation 1734 Analog Module Profiles
Rockwell Automation 1734 ASCII Module Profiles
Rockwell Automation 1734 ControlNet Adapter Module Profile
Rockwell Automation 1734 Discrete Module Profile, DeviceLogix
Rockwell Automation 1734 Discrete Module Profiles
Rockwell Automation 1734 Discrete Module Profiles 2
Rockwell Automation 1734 Discrete Module Profiles 4
Rockwell Automation 1734 Ethernet Adapter Module Profile
Rockwell Automation 1734 Ethernet Adapter,2-Port,Module Profile
Rockwell Automation 1734 Specialty Module Profiles
Rockwell Automation 1738 Analog Module Profile
Rockwell Automation 1738 Analog Module Profiles
Rockwell Automation 1738 ASCII Module Profiles
Rockwell Automation 1738 ControlNet Adapter Module Profile
Rockwell Automation 1738 Discrete Module Profile, DeviceLogix
Rockwell Automation 1738 Discrete Module Profiles
Rockwell Automation 1738 Discrete Module Profiles 2
Rockwell Automation 1738 Discrete Module Profiles 3
Rockwell Automation 1738 Discrete Module Profiles 4
Rockwell Automation 1738 Ethernet Adapter Module Profile
Rockwell Automation 1738 Ethernet Adapter,2-Port,Module Profile
Rockwell Automation 1738 Specialty Module Profiles
Rockwell Automation 1756 CNet Comms Module Profiles
Rockwell Automation 1756 ENet Comms Module Profiles
Rockwell Automation 1756 Ethernet Bridge Module Profile
Rockwell Automation 1756 HART Module Profiles
Rockwell Automation 1756 Historian Module Profiles
Rockwell Automation 1756 Remote I/O Interface Module Profile
Rockwell Automation 1769 Analog Module Profiles
Rockwell Automation 1769 ASCII Module Profiles
Rockwell Automation 1769 Boolean Module Profiles
Rockwell Automation 1769 Controller Module Profiles
Rockwell Automation 1769 Discrete Module Profiles
Rockwell Automation 1769 Embedded Module Profiles
Rockwell Automation 1769 Specialty Module Profiles
Rockwell Automation 1783 Ethernet Managed Switch Module Profile
Rockwell Automation 1791DS Discrete Module Profiles
Rockwell Automation 1799 Embedded Discrete Module Profile
Rockwell Automation 2097 Kinetix Module Profiles
Rockwell Automation 48MS Vision Sensor Module Profiles
Rockwell Automation 5XRF RFID Reader Module Profiles
Rockwell Automation DIO DeviceNet Safety Module Profile
Rockwell Automation DIO DeviceNet Safety Module Profiles
Rockwell Automation DIO EtherNet Safety Module Profiles
Rockwell Automation Drives PowerFlex 4 Module Profiles
Rockwell Automation Drives PowerFlex 7 2 Module Profiles
Rockwell Automation Drives PowerFlex 7 3 Module Profiles
Rockwell Automation Drives PowerFlex 7 Module Profiles
Rockwell Automation Drives SCANport Module Profiles
Rockwell Automation DTM Library 1756 Family
Rockwell Automation DTM Library FLEX Family
Rockwell Automation EtherNet/IP Tap Family Module Profiles
Rockwell Automation Foundation Fieldbus 1757-FFLD Communication DTM
Rockwell Automation Foundation Fieldbus 1757-FFLDC Communication DTM
Rockwell Automation Generic Safety Module Profiles
Rockwell Automation Stratix 8000/8300 Module Profiles
Rockwell Automation USBCIP Driver Package
Rockwell Software Hardware Maintenance Tool
Rockwell Windows Firewall Configuration Utility 1.00.06
Rosetta Stone Version 3
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RSLinx Classic 2.58.00 CPR 9 SR 4
RSLinx Enterprise 5.40.00000 (CPR 9 SR 4)
RSLogix 5 English 7.30.00 (CPR 9)
RSLogix 500 English 8.40.00 (CPR 9)
RSLogix 5000 Compare
RSLogix 5000 DeviceNet Tag Generator
RSLogix 5000 IEC61131-3 Translation Tool
RSLogix 5000 Module Profile Core
RSLogix 5000 Module Profile Core System Updates
RSLogix 5000 Module Profile Setup Utility
RSLogix 5000 Online Books v19.00.00
RSLogix 5000 Setup Installer
RSLogix 5000 Start Page Media v19.00.00
RSLogix 5000 System Updates
RSLogix 5000 v16.03.00 (CPR 9)
RSLogix 5000 v17.01.00 (CPR 9 SR 1)
RSLogix 5000 v19.01.00 (CPR 9 SR 3)
RSLogix5000 Data Preserved Download Tool
RSNetWorx for DeviceNet 9.00.00 (CPR 9 SR 1)
RSTrainer Enterprise Edition for RSLogix 5
RSTrainer Enterprise Edition for RSLogix 500 - Offline Programming ESP
RSTrainer Enterprise Edition for RSLogix 500 Software - Documenting and Searching
RSTrainer Enterprise Edition for RSLogix 500 Software - Offline Programming
RSTrainer for Enterprise Edition ControlLogix Fundamentals
RSTrainer for RSLinx
RSTrainer for RSLogix 5000 Software - Motion
RSTrainer for RSLogix 5000 Software - Offline Programming
RSTrainer for RSLogix 5000 Software - Online Monitoring
RSTrainer for RSLogix 5000 Software - Project Configuration
SanDiskSecureAccess_Manager.exe
SeaCOM
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sentinel System Driver
Setting and Monitoring Tool
SICK CDSDTM 3.6.3.28
SICK Shared
Skype Click to Call
Skype 5.5
Soft Data Fax Modem with SmartCP
Sonic Activation Module
SoundMAX
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
SyncToy
Tag Data Monitor Tool
Tag Upload Download Tool
Translate PLC-5_SLC 2.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
VLC media player 1.1.7
Volo View Express
WebEx
WebFldrs XP
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Photo Gallery
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinZip 16.0
WinZip Command Line Support Add-On
WinZip Courier
WinZipBar Toolbar
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/6/2012 5:25:22 PM, error: PCTCore [280] - The item store is corrupted: @5512.
2/4/2012 6:17:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde Fips IntelIde intelppm ohci1394 PCTSD TfFsMon TfSysMon ViaIde
2/4/2012 6:17:55 AM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 6:17:55 AM, error: Service Control Manager [7001] - The Rockwell Directory Multiplexer service depends on the Rockwell Event Multiplexer service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 6:17:55 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2012 6:17:55 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
2/3/2012 6:11:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
2/3/2012 6:11:48 AM, error: Service Control Manager [7022] - The McAfee Framework Service service hung on starting.
2/3/2012 6:11:48 AM, error: Service Control Manager [7000] - The A-B Virtual Backplane service failed to start due to the following error: The system cannot find the file specified.
2/3/2012 6:08:48 AM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
2/3/2012 6:07:28 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AUTOCONVSYS.COM due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 10 February 2012 - 10:39 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 11 February 2012 - 09:56 PM

Hello

I ran the combo fix program, My laptop crashed during the first time. After it re-started I ran it again. Here is the log.

Chuck

ComboFix 12-02-10.03 - CWalters 02/10/2012 22:52:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1147 [GMT -6:00]
Running from: c:\documents and settings\CWalters\Desktop\ComboFix.exe
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\CWalters\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\CWalters\Local Settings\Application Data\assembly\tmp
c:\documents and settings\RLee\GoToAssistDownloadHelper.exe
c:\documents and settings\RLee\Local Settings\Application Data\assembly\tmp
C:\install.exe
c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.ini
C:\Thumbs.db
c:\windows\system32\Cache
c:\windows\system32\regobj.dll
c:\windows\system32\roboot.exe
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET4DE.tmp
c:\windows\system32\SET4E5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\spool\prtprocs\w32x86\hpzpp5no.dll
c:\windows\system32\UNWISE.EXE
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-04 00:56 . 2012-02-04 00:56 98992 ----a-w- c:\windows\system32\drivers\95990557.sys
2012-02-04 00:56 . 2012-02-04 00:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 01:39 . 2012-02-03 01:39 -------- d-----w- c:\documents and settings\CWalters\Application Data\AVG2012
2012-02-03 01:33 . 2012-02-03 01:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-03 01:26 . 2012-02-04 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-31 02:46 . 2012-01-31 02:46 -------- d-----w- c:\documents and settings\CWalters\Application Data\PerformerSoft
2012-01-31 02:45 . 2012-01-31 02:45 -------- d-----w- c:\program files\PC Performer
2012-01-27 23:03 . 2012-01-28 23:39 -------- d-----w- c:\program files\AOL Desktop 9.7
2012-01-21 00:28 . 2012-02-09 03:22 -------- d-----w- c:\documents and settings\CWalters\Local Settings\Application Data\Akamai
2012-01-21 00:28 . 2012-02-11 05:39 -------- d-----w- c:\program files\Common Files\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 23:02 . 2011-02-20 01:42 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-01-02 17:34 . 2009-03-17 12:57 1476 ----a-w- c:\windows\system32\Rsvchost.reg
2012-01-02 17:34 . 2009-03-17 12:57 1476 ----a-w- c:\windows\system32\RdcyReg.reg
2011-12-07 02:04 . 2010-11-18 01:21 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-25 21:57 . 2010-07-04 22:31 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-07-04 22:30 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 01:43 . 2010-06-03 16:32 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 01:42 . 2011-06-16 00:45 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 01:41 . 2011-12-06 03:40 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 01:38 . 2010-06-03 16:32 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 00:20 . 2011-06-16 00:50 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-23 00:20 . 2011-06-16 00:50 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-23 00:20 . 2011-06-16 00:50 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-18 12:35 . 2010-07-04 22:31 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 01:41 . 2011-05-18 13:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 14:21 . 2010-07-04 22:31 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-07-04 22:30 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-14 22:07 . 2010-06-03 16:39 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-14 22:07 . 2010-06-03 16:39 2246608 ----a-w- c:\windows\PCTBDCore.dll
2011-11-14 22:07 . 2010-06-03 16:39 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-11-14 22:06 . 2010-06-03 16:39 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-14 21:12 . 2010-06-03 16:32 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-14 21:12 . 2010-06-03 16:32 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WinZipBar\prxtbWinZ.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\CWalters\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2010-11-11 31095432]
"Akamai NetSession Interface"="c:\documents and settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 177456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-10 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2009-09-22 136512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2011-05-12 434176]
"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-02-28 360448]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HostManager"="c:\program files\Common Files\AOL\1275019419\ee\AOLSoftware.exe" [2010-03-08 41800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2010-01-18 614400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Boingo Wi-Finder"="c:\program files\Boingo\Boingo Wi-Finder\Boingo.lnk" [2012-02-11 2203]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-12-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-12-17 192512]
Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-10 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 51984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 16:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-1108\Scripts\Logon\0\0]
"Script"=MapEEDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-11975\Scripts\Logon\0\0]
"Script"=UpdateAntiVirus.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-12507\Scripts\Logon\0\0]
"Script"=UpdateAntiVirus.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-12507\Scripts\Logon\1\0]
"Script"=MapEEDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-1258\Scripts\Logon\0\0]
"Script"=UpdateAntiVirus.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-1258\Scripts\Logon\1\0]
"Script"=MapEEDrives.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RdcyHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\NmspHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\lmgrd.exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\flexsvr.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1275019419\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1275019419\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v17\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\Rockwell\\FTSPVStudio.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\CounterMonitor.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rockwell Automation\\BootP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rockwell Software\\BOOTP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v19\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAeServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAlarmMux.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAlarmDetector.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\VStudio.exe"=
"c:\\Documents and Settings\\CWalters\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:Port 135 TCP
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"5985:TCP"= 5985:TCP:Windows Remote Management
"1998:TCP"= 1998:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [12/5/2011 9:40 PM 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/3/2010 10:32 AM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/17/2010 7:21 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/17/2010 7:21 PM 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/15/2011 6:50 PM 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/15/2011 6:50 PM 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/3/2010 10:32 AM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/15/2011 6:45 PM 185560]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [5/14/2009 8:07 AM 759048]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/4/2010 4:31 PM 14336]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\AOL Computer Checkup\AOLDefragSrv.exe [11/9/2010 10:35 PM 248328]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [7/4/2010 4:31 PM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [7/4/2010 4:31 PM 14336]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [5/17/2010 10:07 PM 1122568]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [5/31/2011 12:56 PM 152936]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [6/1/2011 2:31 PM 71016]
R2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [6/1/2011 2:31 PM 152936]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/1/2010 7:18 PM 363344]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [4/3/2010 12:56 PM 42884448]
R2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [5/27/2011 4:37 PM 224104]
R2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [5/27/2011 4:39 PM 224104]
R2 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [6/1/2011 2:31 PM 202088]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [6/1/2011 2:31 PM 927080]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 1:32 PM 592120]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [5/27/2011 4:27 PM 250216]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 2:13 PM 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/1/2010 7:18 PM 20952]
R3 PcmkWdm;%PcmkWdm.DeviceDesc%;c:\windows\system32\drivers\PcmkWdm.sys [4/22/2002 1:12 PM 64840]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [1/23/2008 9:37 AM 47616]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2009 12:15 PM 135664]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 3:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 10:28 AM 172131]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2009 12:15 PM 135664]
S3 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [6/24/2011 9:36 PM 80232]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [6/17/2010 10:52 AM 8320]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/24/2009 6:28 PM 30560]
S3 pcidnt;pcidnt;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/5/2011 9:45 PM 56840]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/3/2010 10:32 AM 70536]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 12:38 PM 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [6/29/2011 2:14 PM 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\RsiKtNG.sys [4/23/2002 5:02 PM 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [6/29/2011 2:14 PM 155440]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/5/2011 9:39 PM 402336]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/15/2011 6:50 PM 35264]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/4/2010 4:31 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 12:56 PM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 12:56 PM 367456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c283776268a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 18:15]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb0c2837a5d592.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 18:15]
.
2011-12-12 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]
.
2010-06-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2012-02-09 c:\windows\Tasks\PC Performer.job
- c:\program files\PC Performer\PCPerformer.exe [2012-01-31 01:11]
.
2012-02-10 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2012-01-31 01:11]
.
2012-02-09 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2012-01-31 01:11]
.
2012-02-08 c:\windows\Tasks\PCO-AOLOneClickCare.job
- c:\program files\AOL Computer Checkup\AOLCCP.exe [2010-11-10 16:34]
.
2012-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = acs-isa:8080
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.111.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.acsconveyor.com/CACHE/stc/1/binaries/vpnweb.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-55679627.sys
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-WZCLINE - c:\program files\WinZip\winzip32
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 05:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????Nj?w??????@???D????????|P?E????|???????????????|????P?E?????????0???????????????????>?@?????P???<???+??|?????????????$???? ???D??????>@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll
.
- - - - - - - > 'explorer.exe'(5276)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Rockwell Software\RSView Enterprise\TagSrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
c:\program files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
c:\program files\Common Files\Rockwell\RsvcHost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Common Files\Rockwell\RnaDirServer.exe
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Network Associates\Common Framework\McTray.exe
c:\program files\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AOL Desktop 9.7\waol.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\AOL Desktop 9.7\shellmon.exe
c:\program files\Common Files\AOL\1275019419\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2012-02-11 05:53:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 11:52
.
Pre-Run: 20,115,542,016 bytes free
Post-Run: 22,922,977,280 bytes free
.
- - End Of File - - 9716050AC32C21CFC07575C9BCBFC9E2

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 11 February 2012 - 10:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 11 February 2012 - 10:56 PM

gringo

I have ran the scans and here are the log files.
Chuck

21:43:15.0953 2256 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
21:43:16.0312 2256 ============================================================
21:43:16.0312 2256 Current date / time: 2012/02/11 21:43:16.0312
21:43:16.0312 2256 SystemInfo:
21:43:16.0312 2256
21:43:16.0312 2256 OS Version: 5.1.2600 ServicePack: 3.0
21:43:16.0312 2256 Product type: Workstation
21:43:16.0312 2256 ComputerName: EERLEE
21:43:16.0312 2256 UserName: CWalters
21:43:16.0312 2256 Windows directory: C:\WINDOWS
21:43:16.0312 2256 System windows directory: C:\WINDOWS
21:43:16.0312 2256 Processor architecture: Intel x86
21:43:16.0312 2256 Number of processors: 2
21:43:16.0312 2256 Page size: 0x1000
21:43:16.0312 2256 Boot type: Normal boot
21:43:16.0312 2256 ============================================================
21:43:16.0765 2256 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:43:16.0765 2256 \Device\Harddisk0\DR0:
21:43:16.0765 2256 MBR used
21:43:16.0765 2256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1162DE6E
21:43:16.0765 2256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1162DEAD, BlocksNum 0x13EAC14
21:43:16.0859 2256 Initialize success
21:43:16.0859 2256 ============================================================
21:43:20.0218 6088 ============================================================
21:43:20.0218 6088 Scan started
21:43:20.0218 6088 Mode: Manual;
21:43:20.0218 6088 ============================================================
21:43:21.0031 6088 Abiosdsk - ok
21:43:21.0046 6088 abp480n5 - ok
21:43:21.0109 6088 Accelerometer (8356dd18da15d9c42a8584e1841844fe) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
21:43:21.0109 6088 Accelerometer - ok
21:43:21.0171 6088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:43:21.0171 6088 ACPI - ok
21:43:21.0250 6088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:43:21.0250 6088 ACPIEC - ok
21:43:21.0328 6088 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:43:21.0328 6088 ADIHdAudAddService - ok
21:43:21.0468 6088 adpu160m - ok
21:43:21.0484 6088 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
21:43:21.0500 6088 AEAudio - ok
21:43:21.0578 6088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:43:21.0578 6088 aec - ok
21:43:21.0687 6088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:43:21.0687 6088 AFD - ok
21:43:21.0703 6088 Aha154x - ok
21:43:21.0703 6088 aic78u2 - ok
21:43:21.0718 6088 aic78xx - ok
21:43:21.0796 6088 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:43:21.0796 6088 AliIde - ok
21:43:21.0812 6088 amsint - ok
21:43:21.0859 6088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:43:21.0859 6088 Arp1394 - ok
21:43:22.0000 6088 asc - ok
21:43:22.0015 6088 asc3350p - ok
21:43:22.0031 6088 asc3550 - ok
21:43:22.0093 6088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:43:22.0093 6088 AsyncMac - ok
21:43:22.0125 6088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:43:22.0125 6088 atapi - ok
21:43:22.0140 6088 Atdisk - ok
21:43:22.0171 6088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:43:22.0171 6088 Atmarpc - ok
21:43:22.0234 6088 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
21:43:22.0234 6088 ATSWPDRV - ok
21:43:22.0437 6088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:43:22.0437 6088 audstub - ok
21:43:22.0468 6088 avpnnic (255284c2475588f79edea559d8d110f7) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
21:43:22.0468 6088 avpnnic - ok
21:43:22.0578 6088 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:43:22.0578 6088 BCM43XX - ok
21:43:22.0765 6088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:43:22.0765 6088 Beep - ok
21:43:22.0765 6088 catchme - ok
21:43:22.0812 6088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:43:22.0828 6088 cbidf2k - ok
21:43:22.0906 6088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:43:22.0906 6088 CCDECODE - ok
21:43:22.0906 6088 cd20xrnt - ok
21:43:22.0937 6088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:43:22.0937 6088 Cdaudio - ok
21:43:23.0000 6088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:43:23.0000 6088 Cdfs - ok
21:43:23.0046 6088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:43:23.0046 6088 Cdrom - ok
21:43:23.0171 6088 Changer - ok
21:43:23.0203 6088 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:43:23.0203 6088 CmBatt - ok
21:43:23.0218 6088 CmdIde - ok
21:43:23.0328 6088 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:43:23.0328 6088 Compbatt - ok
21:43:23.0343 6088 Cpqarray - ok
21:43:23.0484 6088 cpuz132 - ok
21:43:23.0625 6088 dac2w2k - ok
21:43:23.0640 6088 dac960nt - ok
21:43:23.0703 6088 DAMDrv (5d5984255a4bfaa4262fb750df7cd537) C:\WINDOWS\system32\DRIVERS\DAMDrv.sys
21:43:23.0703 6088 DAMDrv - ok
21:43:23.0765 6088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:43:23.0765 6088 Disk - ok
21:43:23.0859 6088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:43:23.0859 6088 dmboot - ok
21:43:24.0015 6088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:43:24.0015 6088 dmio - ok
21:43:24.0093 6088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:43:24.0093 6088 dmload - ok
21:43:24.0125 6088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:43:24.0125 6088 DMusic - ok
21:43:24.0140 6088 dpti2o - ok
21:43:24.0187 6088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:43:24.0203 6088 drmkaud - ok
21:43:24.0203 6088 DS1410D - ok
21:43:24.0281 6088 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:43:24.0281 6088 e1express - ok
21:43:24.0437 6088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:43:24.0437 6088 Fastfat - ok
21:43:24.0484 6088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:43:24.0484 6088 Fdc - ok
21:43:24.0531 6088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:43:24.0531 6088 Fips - ok
21:43:24.0609 6088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:43:24.0609 6088 Flpydisk - ok
21:43:24.0640 6088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:43:24.0640 6088 FltMgr - ok
21:43:24.0703 6088 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
21:43:24.0703 6088 fssfltr - ok
21:43:24.0890 6088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:43:24.0890 6088 Fs_Rec - ok
21:43:24.0968 6088 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
21:43:24.0968 6088 FTDIBUS - ok
21:43:25.0015 6088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:43:25.0015 6088 Ftdisk - ok
21:43:25.0078 6088 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
21:43:25.0078 6088 FTSER2K - ok
21:43:25.0156 6088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:43:25.0156 6088 Gpc - ok
21:43:25.0250 6088 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
21:43:25.0265 6088 Hardlock - ok
21:43:25.0406 6088 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
21:43:25.0421 6088 Haspnt - ok
21:43:25.0484 6088 HBtnKey (cef316dbbd1b3845a6d53ed620eb1aeb) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
21:43:25.0484 6088 HBtnKey - ok
21:43:25.0546 6088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:43:25.0546 6088 HDAudBus - ok
21:43:25.0625 6088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:43:25.0625 6088 HidUsb - ok
21:43:25.0687 6088 hpdskflt (c1ae4bc866aaf10d8bbb182b35c14986) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
21:43:25.0687 6088 hpdskflt - ok
21:43:25.0828 6088 hpn - ok
21:43:25.0890 6088 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
21:43:25.0890 6088 HpqKbFiltr - ok
21:43:25.0984 6088 HSFHWAZL (3c01c18b866488fb6cc4e7d5472986a0) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:43:25.0984 6088 HSFHWAZL - ok
21:43:26.0062 6088 HSF_DPV (0d7d34441e37e4a41b61cff0cbca1e3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:43:26.0078 6088 HSF_DPV - ok
21:43:26.0265 6088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:43:26.0265 6088 HTTP - ok
21:43:26.0281 6088 i2omgmt - ok
21:43:26.0296 6088 i2omp - ok
21:43:26.0359 6088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:43:26.0359 6088 i8042prt - ok
21:43:26.0437 6088 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:43:26.0437 6088 iaStor - ok
21:43:26.0531 6088 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
21:43:26.0531 6088 IFXTPM - ok
21:43:26.0703 6088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:43:26.0703 6088 Imapi - ok
21:43:26.0718 6088 ini910u - ok
21:43:26.0781 6088 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:43:26.0781 6088 IntelIde - ok
21:43:26.0796 6088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:43:26.0796 6088 intelppm - ok
21:43:26.0843 6088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:43:26.0843 6088 Ip6Fw - ok
21:43:26.0906 6088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:43:26.0906 6088 IpFilterDriver - ok
21:43:26.0968 6088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:43:26.0968 6088 IpInIp - ok
21:43:27.0031 6088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:43:27.0031 6088 IpNat - ok
21:43:27.0218 6088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:43:27.0218 6088 IPSec - ok
21:43:27.0250 6088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:43:27.0250 6088 IRENUM - ok
21:43:27.0312 6088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:43:27.0312 6088 isapnp - ok
21:43:27.0343 6088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:43:27.0343 6088 Kbdclass - ok
21:43:27.0359 6088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:43:27.0359 6088 kbdhid - ok
21:43:27.0375 6088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:43:27.0375 6088 kmixer - ok
21:43:27.0562 6088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:43:27.0578 6088 KSecDD - ok
21:43:27.0593 6088 lbrtfdc - ok
21:43:27.0625 6088 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
21:43:27.0625 6088 MBAMProtector - ok
21:43:27.0687 6088 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:43:27.0687 6088 mdmxsdk - ok
21:43:27.0718 6088 memcard (8239dc1de1605730b595e2b7db3caf70) C:\WINDOWS\system32\DRIVERS\memcard.sys
21:43:27.0718 6088 memcard - ok
21:43:27.0781 6088 mferkdk - ok
21:43:27.0843 6088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:43:27.0843 6088 mnmdd - ok
21:43:28.0031 6088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:43:28.0031 6088 Modem - ok
21:43:28.0093 6088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:43:28.0093 6088 Mouclass - ok
21:43:28.0156 6088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:43:28.0156 6088 mouhid - ok
21:43:28.0187 6088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:43:28.0187 6088 MountMgr - ok
21:43:28.0250 6088 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
21:43:28.0250 6088 MQAC - ok
21:43:28.0390 6088 mraid35x - ok
21:43:28.0453 6088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:43:28.0453 6088 MRxDAV - ok
21:43:28.0531 6088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:43:28.0546 6088 MRxSmb - ok
21:43:28.0703 6088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:43:28.0703 6088 Msfs - ok
21:43:28.0765 6088 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\WINDOWS\system32\Drivers\nx6000.sys
21:43:28.0765 6088 MSHUSBVideo - ok
21:43:28.0828 6088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:43:28.0828 6088 MSKSSRV - ok
21:43:28.0890 6088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:43:28.0890 6088 MSPCLOCK - ok
21:43:28.0906 6088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:43:28.0906 6088 MSPQM - ok
21:43:28.0984 6088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:43:28.0984 6088 mssmbios - ok
21:43:29.0218 6088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:43:29.0218 6088 MSTEE - ok
21:43:29.0281 6088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:43:29.0281 6088 Mup - ok
21:43:29.0343 6088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:43:29.0343 6088 NABTSFEC - ok
21:43:29.0406 6088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:43:29.0421 6088 NDIS - ok
21:43:29.0484 6088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:43:29.0484 6088 NdisIP - ok
21:43:29.0812 6088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:43:29.0828 6088 NdisTapi - ok
21:43:29.0921 6088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:43:29.0953 6088 Ndisuio - ok
21:43:30.0421 6088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:43:30.0453 6088 NdisWan - ok
21:43:30.0875 6088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:43:30.0906 6088 NDProxy - ok
21:43:31.0421 6088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:43:31.0437 6088 NetBIOS - ok
21:43:31.0578 6088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:43:31.0625 6088 NetBT - ok
21:43:32.0531 6088 NETw4x32 (9eb7001200bc53dad5bc531f0e58970e) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
21:43:33.0609 6088 NETw4x32 - ok
21:43:33.0968 6088 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
21:43:34.0078 6088 NETw5x32 - ok
21:43:34.0328 6088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:43:34.0343 6088 NIC1394 - ok
21:43:34.0390 6088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:43:34.0390 6088 Npfs - ok
21:43:34.0421 6088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:43:34.0437 6088 Ntfs - ok
21:43:34.0984 6088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:43:34.0984 6088 Null - ok
21:43:35.0390 6088 nv (6ad9ee567a67c010dfae9f25d172a0aa) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:43:35.0687 6088 nv - ok
21:43:35.0937 6088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:43:35.0937 6088 NwlnkFlt - ok
21:43:35.0953 6088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:43:35.0953 6088 NwlnkFwd - ok
21:43:36.0000 6088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:43:36.0000 6088 ohci1394 - ok
21:43:36.0078 6088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:43:36.0078 6088 Parport - ok
21:43:36.0093 6088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:43:36.0093 6088 PartMgr - ok
21:43:36.0125 6088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:43:36.0125 6088 ParVdm - ok
21:43:36.0359 6088 PCASp50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\WINDOWS\system32\Drivers\PCASp50.sys
21:43:36.0359 6088 PCASp50 - ok
21:43:36.0421 6088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:43:36.0421 6088 PCI - ok
21:43:36.0437 6088 pcidnt - ok
21:43:36.0453 6088 PCIDump - ok
21:43:36.0546 6088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:43:36.0562 6088 PCIIde - ok
21:43:36.0562 6088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:43:36.0578 6088 Pcmcia - ok
21:43:36.0640 6088 PcmkWdm (928ce0170107f2de173ecf1d0681180c) C:\WINDOWS\system32\DRIVERS\PcmkWdm.sys
21:43:36.0640 6088 PcmkWdm - ok
21:43:36.0687 6088 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
21:43:36.0703 6088 PCTBD - ok
21:43:36.0937 6088 pctBTFix (7a88a2ebf975103be7fdf5b288ecfdcd) C:\WINDOWS\system32\Drivers\pctBTFix.sys
21:43:36.0937 6088 pctBTFix - ok
21:43:37.0000 6088 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\WINDOWS\system32\drivers\PCTCore.sys
21:43:37.0000 6088 PCTCore - ok
21:43:37.0125 6088 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
21:43:37.0125 6088 pctDS - ok
21:43:37.0328 6088 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
21:43:37.0328 6088 pctEFA - ok
21:43:37.0406 6088 pctgntdi (44fd6a1042c766df69bc6ba55780019d) C:\WINDOWS\system32\drivers\pctgntdi.sys
21:43:37.0421 6088 pctgntdi - ok
21:43:37.0484 6088 pctplsg (b5d22f79943e156bf8fabf1e4888820c) C:\WINDOWS\system32\drivers\pctplsg.sys
21:43:37.0484 6088 pctplsg - ok
21:43:37.0515 6088 PCTSD (86b9af53e46d0618d230608aed82622f) C:\WINDOWS\system32\Drivers\PCTSD.sys
21:43:37.0515 6088 PCTSD - ok
21:43:37.0640 6088 PDCOMP - ok
21:43:37.0750 6088 PDFRAME - ok
21:43:37.0781 6088 PDRELI - ok
21:43:37.0796 6088 PDRFRAME - ok
21:43:37.0812 6088 perc2 - ok
21:43:37.0812 6088 perc2hib - ok
21:43:37.0875 6088 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
21:43:37.0875 6088 Point32 - ok
21:43:37.0953 6088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:43:37.0953 6088 PptpMiniport - ok
21:43:37.0968 6088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:43:37.0984 6088 PSched - ok
21:43:37.0984 6088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:43:37.0984 6088 Ptilink - ok
21:43:38.0046 6088 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:43:38.0046 6088 PxHelp20 - ok
21:43:38.0078 6088 ql1080 - ok
21:43:38.0093 6088 Ql10wnt - ok
21:43:38.0109 6088 ql12160 - ok
21:43:38.0109 6088 ql1240 - ok
21:43:38.0125 6088 ql1280 - ok
21:43:38.0156 6088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:43:38.0171 6088 RasAcd - ok
21:43:38.0312 6088 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:43:38.0312 6088 Rasirda - ok
21:43:38.0375 6088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:43:38.0375 6088 Rasl2tp - ok
21:43:38.0437 6088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:43:38.0437 6088 RasPppoe - ok
21:43:38.0453 6088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:43:38.0453 6088 Raspti - ok
21:43:38.0531 6088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:43:38.0531 6088 Rdbss - ok
21:43:38.0640 6088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:43:38.0640 6088 RDPCDD - ok
21:43:38.0671 6088 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:43:38.0671 6088 rdpdr - ok
21:43:38.0718 6088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:43:38.0734 6088 RDPWD - ok
21:43:38.0781 6088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:43:38.0781 6088 redbook - ok
21:43:38.0859 6088 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:43:38.0859 6088 rimmptsk - ok
21:43:38.0875 6088 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:43:38.0875 6088 rimsptsk - ok
21:43:39.0093 6088 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:43:39.0093 6088 RimUsb - ok
21:43:39.0171 6088 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:43:39.0171 6088 RimVSerPort - ok
21:43:39.0187 6088 rismc32 (7c21554942bef51cbd84fd7d4e62cb9a) C:\WINDOWS\system32\DRIVERS\rismc32.sys
21:43:39.0187 6088 rismc32 - ok
21:43:39.0250 6088 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:43:39.0250 6088 rismxdp - ok
21:43:39.0312 6088 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
21:43:39.0328 6088 RMCAST - ok
21:43:39.0531 6088 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:43:39.0531 6088 ROOTMODEM - ok
21:43:39.0625 6088 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
21:43:39.0625 6088 RsFx0150 - ok
21:43:39.0796 6088 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS
21:43:39.0796 6088 RSI-PKTX-A - ok
21:43:39.0843 6088 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS
21:43:39.0937 6088 RsiKtControl - ok
21:43:40.0140 6088 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS
21:43:40.0140 6088 RSLINXNGKtControl - ok
21:43:40.0187 6088 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
21:43:40.0187 6088 RSSERIAL - ok
21:43:40.0265 6088 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:43:40.0265 6088 sdbus - ok
21:43:40.0406 6088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:43:40.0406 6088 Secdrv - ok
21:43:40.0484 6088 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
21:43:40.0500 6088 Sentinel - ok
21:43:40.0578 6088 Ser2pl (2d7ebbee1addaa91704db206205073d3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
21:43:40.0578 6088 Ser2pl - ok
21:43:40.0640 6088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:43:40.0640 6088 serenum - ok
21:43:40.0656 6088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:43:40.0656 6088 Serial - ok
21:43:40.0796 6088 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
21:43:40.0796 6088 sermouse - ok
21:43:40.0859 6088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:43:40.0859 6088 Sfloppy - ok
21:43:40.0906 6088 Simbad - ok
21:43:40.0984 6088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:43:40.0984 6088 SLIP - ok
21:43:41.0046 6088 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
21:43:41.0046 6088 SMCIRDA - ok
21:43:41.0125 6088 Sntnlusb (87f799c486302aceff098e067d481d9c) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
21:43:41.0125 6088 Sntnlusb - ok
21:43:41.0265 6088 Sparrow - ok
21:43:41.0343 6088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:43:41.0343 6088 splitter - ok
21:43:41.0421 6088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:43:41.0421 6088 sr - ok
21:43:41.0484 6088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:43:41.0500 6088 Srv - ok
21:43:41.0609 6088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:43:41.0609 6088 streamip - ok
21:43:41.0796 6088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:43:41.0796 6088 swenum - ok
21:43:41.0859 6088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:43:41.0859 6088 swmidi - ok
21:43:41.0875 6088 symc810 - ok
21:43:41.0890 6088 symc8xx - ok
21:43:41.0906 6088 sym_hi - ok
21:43:41.0921 6088 sym_u3 - ok
21:43:42.0015 6088 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:43:42.0031 6088 SynTP - ok
21:43:42.0265 6088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:43:42.0265 6088 sysaudio - ok
21:43:42.0343 6088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:43:42.0359 6088 Tcpip - ok
21:43:42.0546 6088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:43:42.0546 6088 TDPIPE - ok
21:43:42.0593 6088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:43:42.0593 6088 TDTCP - ok
21:43:42.0625 6088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:43:42.0625 6088 TermDD - ok
21:43:42.0687 6088 TfFsMon (754f8fd78ea7fa2b9a0cb8a69e0f0822) C:\WINDOWS\system32\drivers\TfFsMon.sys
21:43:42.0687 6088 TfFsMon - ok
21:43:42.0781 6088 TfNetMon (697f66899b4f0c2d8ae3e7473b4b6244) C:\WINDOWS\system32\drivers\TfNetMon.sys
21:43:42.0781 6088 TfNetMon - ok
21:43:42.0906 6088 TfSysMon (e02f47b841be86bfdf4d7269ed0b95e4) C:\WINDOWS\system32\drivers\TfSysMon.sys
21:43:42.0906 6088 TfSysMon - ok
21:43:43.0015 6088 TosIde - ok
21:43:43.0062 6088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:43:43.0078 6088 Udfs - ok
21:43:43.0093 6088 ultra - ok
21:43:43.0171 6088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:43:43.0171 6088 Update - ok
21:43:43.0437 6088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:43:43.0437 6088 usbaudio - ok
21:43:43.0468 6088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:43:43.0468 6088 usbccgp - ok
21:43:43.0546 6088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:43:43.0562 6088 usbehci - ok
21:43:43.0578 6088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:43:43.0578 6088 usbhub - ok
21:43:43.0640 6088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:43:43.0640 6088 USBSTOR - ok
21:43:43.0671 6088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:43:43.0671 6088 usbuhci - ok
21:43:43.0906 6088 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:43:43.0906 6088 usbvideo - ok
21:43:43.0953 6088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:43:43.0953 6088 VgaSave - ok
21:43:43.0984 6088 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:43:43.0984 6088 ViaIde - ok
21:43:44.0000 6088 VirtualBackplane - ok
21:43:44.0031 6088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:43:44.0031 6088 VolSnap - ok
21:43:44.0093 6088 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
21:43:44.0093 6088 vpnva - ok
21:43:44.0156 6088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:43:44.0156 6088 Wanarp - ok
21:43:44.0390 6088 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:43:44.0390 6088 wanatw - ok
21:43:44.0468 6088 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:43:44.0468 6088 Wdf01000 - ok
21:43:44.0625 6088 WDICA - ok
21:43:44.0718 6088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:43:44.0718 6088 wdmaud - ok
21:43:44.0812 6088 winachsf (bb62e6fadcfe4096151103ac4b07f1ed) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:43:44.0828 6088 winachsf - ok
21:43:45.0078 6088 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:43:45.0078 6088 WmiAcpi - ok
21:43:45.0156 6088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:43:45.0171 6088 WpdUsb - ok
21:43:45.0234 6088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:43:45.0234 6088 WS2IFSL - ok
21:43:45.0296 6088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:43:45.0296 6088 WSTCODEC - ok
21:43:45.0375 6088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:43:45.0375 6088 WudfPf - ok
21:43:45.0578 6088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:43:45.0578 6088 WudfRd - ok
21:43:45.0625 6088 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
21:43:45.0640 6088 xusb21 - ok
21:43:45.0671 6088 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
21:43:45.0890 6088 \Device\Harddisk0\DR0 - ok
21:43:45.0906 6088 Boot (0x1200) (8281b3505f43543ac8de314b8418c568) \Device\Harddisk0\DR0\Partition0
21:43:45.0906 6088 \Device\Harddisk0\DR0\Partition0 - ok
21:43:45.0906 6088 Boot (0x1200) (d69586086157097b5715d63341e16af5) \Device\Harddisk0\DR0\Partition1
21:43:45.0906 6088 \Device\Harddisk0\DR0\Partition1 - ok
21:43:45.0906 6088 ============================================================
21:43:45.0906 6088 Scan finished
21:43:45.0906 6088 ============================================================
21:43:45.0921 2968 Detected object count: 0
21:43:45.0921 2968 Actual detected object count: 0


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 21:47:07
-----------------------------
21:47:07.000 OS Version: Windows 5.1.2600 Service Pack 3
21:47:07.000 Number of processors: 2 586 0x1706
21:47:07.000 ComputerName: EERLEE UserName:
21:47:09.343 Initialize success
21:48:19.250 AVAST engine defs: 12021101
21:48:58.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:48:58.562 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
21:48:58.593 Disk 0 MBR read successfully
21:48:58.609 Disk 0 MBR scan
21:48:58.671 Disk 0 unknown MBR code
21:48:58.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142427 MB offset 63
21:48:58.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10197 MB offset 291692205
21:48:58.718 Disk 0 scanning sectors +312576705
21:48:58.781 Disk 0 scanning C:\WINDOWS\system32\drivers
21:49:16.562 Service scanning
21:49:18.640 Modules scanning
21:49:31.515 Disk 0 trace - called modules:
21:49:31.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys ACPI.sys iaStor.sys
21:49:31.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adfbab8]
21:49:31.937 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> [0x8ae5a2b0]
21:49:31.953 5 hpdskflt.sys[f77205ae] -> nt!IofCallDriver -> [0x8ae5a8f0]
21:49:31.984 7 PCTCore.sys[f7193407] -> nt!IofCallDriver -> \Device\000000af[0x8ae00a28]
21:49:32.015 9 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8adfd030]
21:49:33.359 AVAST engine scan C:\WINDOWS
21:49:51.875 AVAST engine scan C:\WINDOWS\system32
21:54:43.921 AVAST engine scan C:\WINDOWS\system32\drivers
21:55:09.765 AVAST engine scan C:\Documents and Settings\CWalters
21:55:29.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CWalters\Desktop\MBR.dat"
21:55:29.531 The log file has been saved successfully to "C:\Documents and Settings\CWalters\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 12 February 2012 - 01:05 AM

Greetings

How are things working Now?


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 12 February 2012 - 01:06 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 12 February 2012 - 09:03 PM

I have ran the combo fix again as instructed. My laptop seems to be faster.

Can I enable my PC Tools anti virus?

Can you tell if the rrotkitTDSS.V3 is cleaned up, or any other virus?

Here is the log.

Chuck


ComboFix 12-02-10.03 - CWalters 02/12/2012 19:13:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1130 [GMT -6:00]
Running from: c:\documents and settings\CWalters\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CWalters\Desktop\CFScript.txt
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-04 00:56 . 2012-02-04 00:56 98992 ----a-w- c:\windows\system32\drivers\95990557.sys
2012-02-04 00:56 . 2012-02-04 00:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 01:39 . 2012-02-03 01:39 -------- d-----w- c:\documents and settings\CWalters\Application Data\AVG2012
2012-02-03 01:33 . 2012-02-03 01:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-03 01:26 . 2012-02-04 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-31 02:46 . 2012-01-31 02:46 -------- d-----w- c:\documents and settings\CWalters\Application Data\PerformerSoft
2012-01-31 02:45 . 2012-01-31 02:45 -------- d-----w- c:\program files\PC Performer
2012-01-27 23:03 . 2012-01-28 23:39 -------- d-----w- c:\program files\AOL Desktop 9.7
2012-01-21 00:28 . 2012-02-09 03:22 -------- d-----w- c:\documents and settings\CWalters\Local Settings\Application Data\Akamai
2012-01-21 00:28 . 2012-02-13 00:46 -------- d-----w- c:\program files\Common Files\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 23:02 . 2011-02-20 01:42 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-01-02 17:34 . 2009-03-17 12:57 1476 ----a-w- c:\windows\system32\Rsvchost.reg
2012-01-02 17:34 . 2009-03-17 12:57 1476 ----a-w- c:\windows\system32\RdcyReg.reg
2011-12-07 02:04 . 2010-11-18 01:21 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-25 21:57 . 2010-07-04 22:31 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2010-07-04 22:30 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 01:43 . 2010-06-03 16:32 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-23 01:42 . 2011-06-16 00:45 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-11-23 01:41 . 2011-12-06 03:40 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-11-23 01:38 . 2010-06-03 16:32 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-23 00:20 . 2011-06-16 00:50 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-23 00:20 . 2011-06-16 00:50 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-23 00:20 . 2011-06-16 00:50 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-18 12:35 . 2010-07-04 22:31 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-17 01:41 . 2011-05-18 13:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-16 14:21 . 2010-07-04 22:31 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-07-04 22:30 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-11_11.43.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-13 00:46 . 2012-02-13 00:46 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
+ 2012-02-13 00:46 . 2012-02-13 00:46 16384 c:\windows\Temp\Perflib_Perfdata_9f8.dat
+ 2010-08-18 00:30 . 2012-02-13 00:47 215633 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WinZipBar\prxtbWinZ.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}"= "c:\program files\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\CWalters\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2010-11-11 31095432]
"Akamai NetSession Interface"="c:\documents and settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2011-12-14 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-07 177456]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-21 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-10 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\udaterui.exe" [2009-09-22 136512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2011-05-12 434176]
"pdfFactory Pro Dispatcher v1"="c:\windows\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-02-28 360448]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"HostManager"="c:\program files\Common Files\AOL\1275019419\ee\AOLSoftware.exe" [2010-03-08 41800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2010-01-18 614400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Boingo Wi-Finder"="c:\program files\Boingo\Boingo Wi-Finder\Boingo.lnk" [2012-02-13 2203]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-12-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-12-17 192512]
Kaspersky Security Scan.lnk - c:\program files\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-10 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-10 51984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 16:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-1108\Scripts\Logon\0\0]
"Script"=MapEEDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-11975\Scripts\Logon\0\0]
"Script"=UpdateAntiVirus.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-12507\Scripts\Logon\0\0]
"Script"=UpdateAntiVirus.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-12507\Scripts\Logon\1\0]
"Script"=MapEEDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-1258\Scripts\Logon\0\0]
"Script"=UpdateAntiVirus.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1096174113-1497382848-1543859470-1258\Scripts\Logon\1\0]
"Script"=MapEEDrives.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RdcyHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\NmspHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\lmgrd.exe"=
"c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\flexsvr.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1275019419\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1275019419\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v17\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\Rockwell\\FTSPVStudio.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\CounterMonitor.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rockwell Automation\\BootP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Rockwell Software\\BOOTP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v19\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAeServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAlarmMux.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAlarmDetector.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\VStudio.exe"=
"c:\\Documents and Settings\\CWalters\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:Port 135 TCP
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"5985:TCP"= 5985:TCP:Windows Remote Management
"1219:TCP"= 1219:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pctBTFix;PC Tools Boot Fix Driver;c:\windows\system32\drivers\pctBTFix.sys [12/5/2011 9:40 PM 17848]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/3/2010 10:32 AM 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/17/2010 7:21 PM 341656]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/17/2010 7:21 PM 660992]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/15/2011 6:50 PM 54328]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/15/2011 6:50 PM 574424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/3/2010 10:32 AM 253096]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [6/15/2011 6:45 PM 185560]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [5/14/2009 8:07 AM 759048]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/4/2010 4:31 PM 14336]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\AOL Computer Checkup\AOLDefragSrv.exe [11/9/2010 10:35 PM 248328]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [7/4/2010 4:31 PM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [7/4/2010 4:31 PM 14336]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [5/17/2010 10:07 PM 1122568]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [5/31/2011 12:56 PM 152936]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [6/1/2011 2:31 PM 71016]
R2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [6/1/2011 2:31 PM 152936]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/1/2010 7:18 PM 363344]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [4/3/2010 12:56 PM 42884448]
R2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [5/27/2011 4:37 PM 224104]
R2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [5/27/2011 4:39 PM 224104]
R2 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [6/1/2011 2:31 PM 202088]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [6/1/2011 2:31 PM 927080]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [11/15/2010 1:32 PM 592120]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [5/27/2011 4:27 PM 250216]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 2:13 PM 36608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/1/2010 7:18 PM 20952]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/24/2009 6:28 PM 30560]
R3 PcmkWdm;%PcmkWdm.DeviceDesc%;c:\windows\system32\drivers\PcmkWdm.sys [4/22/2002 1:12 PM 64840]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [1/23/2008 9:37 AM 47616]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2009 12:15 PM 135664]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 3:13 PM 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 10:28 AM 172131]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/9/2009 12:15 PM 135664]
S3 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [6/24/2011 9:36 PM 80232]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [6/17/2010 10:52 AM 8320]
S3 pcidnt;pcidnt;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [12/5/2011 9:45 PM 56840]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/3/2010 10:32 AM 70536]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 12:38 PM 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [6/29/2011 2:14 PM 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\RsiKtNG.sys [4/23/2002 5:02 PM 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [6/29/2011 2:14 PM 155440]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/5/2011 9:39 PM 402336]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/15/2011 6:50 PM 35264]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/4/2010 4:31 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 12:56 PM 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 12:56 PM 367456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c283776268a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 18:15]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb0c2837a5d592.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 18:15]
.
2010-06-05 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 19:16]
.
2012-02-09 c:\windows\Tasks\PC Performer.job
- c:\program files\PC Performer\PCPerformer.exe [2012-01-31 01:11]
.
2012-02-12 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2012-01-31 01:11]
.
2012-02-09 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2012-01-31 01:11]
.
2012-02-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = acs-isa:8080
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 192.168.111.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.acsconveyor.com/CACHE/stc/1/binaries/vpnweb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????Nj?w??????@???D????????|P?E????|???????????????|????P?E?????????0???????????????????>?@?????P???<???+??|?????????????$???? ???D??????>@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll
.
- - - - - - - > 'lsass.exe'(1100)
c:\windows\system32\APSHook.dll
.
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-12 19:53:54
ComboFix-quarantined-files.txt 2012-02-13 01:53
ComboFix2.txt 2012-02-11 11:53
.
Pre-Run: 22,646,697,984 bytes free
Post-Run: 22,770,135,040 bytes free
.
- - End Of File - - BF1E67A56CA7FCEB33B1FFD99825F9D1

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 12 February 2012 - 09:14 PM

Hello


looks like it was removed the first time we ran combofix


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Ask Toolbar
Bing Bar
Inbox Toolbar
Java 6 Update 23
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 12 February 2012 - 09:45 PM

hello

I downloaded the Revo. Every thime I tell it to unistall the ask toolbar. It goes to step to and a install window opens. I can't un install it for some reason.

Any info on this?

Chuck

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 12 February 2012 - 11:20 PM

go ahead and continue you shouild be able to remove the folders and such in the next passes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 12 February 2012 - 11:47 PM

I have done everything you asked and here is the logs.

Chuck

00:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
01:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
02:00:00 CWalters MESSAGE Scheduled scan executed successfully
02:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
03:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
04:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
05:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
08:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
10:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
11:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
12:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
13:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
14:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
15:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
16:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
17:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007
19:13:00 CWalters ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12029
20:13:08 CWalters MESSAGE Scheduled update executed successfully
2012/02/12 22:20:03 -0600 EERLEE CWalters MESSAGE Executing scheduled update: Hourly
2012/02/12 22:20:04 -0600 EERLEE CWalters MESSAGE Database already up-to-date
2012/02/12 22:33:09 -0600 EERLEE CWalters MESSAGE Starting protection
2012/02/12 22:33:15 -0600 EERLEE CWalters MESSAGE Protection started successfully
2012/02/12 22:33:18 -0600 EERLEE CWalters MESSAGE Starting IP protection
2012/02/12 22:33:22 -0600 EERLEE CWalters MESSAGE IP Protection started successfully
2012/02/12 22:33:22 -0600 EERLEE CWalters MESSAGE Starting database refresh
2012/02/12 22:33:22 -0600 EERLEE CWalters MESSAGE Stopping IP protection
2012/02/12 22:33:22 -0600 EERLEE CWalters MESSAGE IP Protection stopped
2012/02/12 22:33:27 -0600 EERLEE CWalters MESSAGE Database refreshed successfully
2012/02/12 22:33:27 -0600 EERLEE CWalters MESSAGE Starting IP protection
2012/02/12 22:33:31 -0600 EERLEE CWalters MESSAGE IP Protection started successfully


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:59 PM, on 2/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Network Associates\Common Framework\udaterui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1275019419\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\CWalters\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Documents and Settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office\winword.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80227
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80227
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = acs-isa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R3 - URLSearchHook: PC Tools Browser Defender - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: WinZipBar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~1\WINZIP~2\wzwmcie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PC Tools Browser Defender - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: WinZipBar Toolbar - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWinZ.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1275019419\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Boingo Wi-Finder] "C:\Program Files\Boingo\Boingo Wi-Finder\Boingo.lnk"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\CWalters\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Kaspersky Security Scan.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.acsconveyor.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275023903109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275023878718
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rockwellautomation.webex.com/client/T27L10NSP11EP5/support/ieatgpc.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = autoconvsys.com
O17 - HKLM\Software\..\Telephony: DomainName = autoconvsys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = autoconvsys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = autoconvsys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = autoconvsys.com,autoconvsys.com,autoconvsys.com,globalsuite.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = autoconvsys.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = autoconvsys.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = autoconvsys.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: SearchList = autoconvsys.com,autoconvsys.com,autoconvsys.com,globalsuite.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = autoconvsys.com,autoconvsys.com,autoconvsys.com,globalsuite.net
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\APSHook.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ABBYY - C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOLDiskOptimizer - AOL., (www.aol.com) - C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FactoryTalk Activation Service - Acresso Software Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogReceiver - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe
O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 22508 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 PM

Posted 12 February 2012 - 11:57 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\CWalters\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\CWalters\Local Settings\Application Data\Akamai\netsession_win.exe"
      O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chwalt964

chwalt964
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 13 February 2012 - 06:47 AM

Here is the log

Chuck

C:\Documents and Settings\All Users\Application Data\Rosetta Stone\Content\data\80\a\80a7ffd98927dcdd835a3799ac8b3a8609d410e8 SWF/Exploit.CVE-2007-0071 trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users