Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ie keeps shutting down ,error reports


  • This topic is locked This topic is locked
36 replies to this topic

#1 jstone77

jstone77

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 01:37 PM

Had redirect virus have run antispyware malewarebytes and cc cleaner along with the steps providing in last forum like emting files, resetting ie,and asw problem still persist and now running and posting the logs requested for deeper search as to what virus I have..
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 14:31:04 on 2012-03-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.329 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\73WHJN6P\Defogger[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.shop.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [dplaysvr] c:\documents and settings\networkservice\application data\dplaysvr.exe
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C46D47AA-F59B-4AD9-B431-5F30141E5BE1} : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-1-7 68368]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-1-7 200632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-19 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-19 1691480]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-19 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-30 40776]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
.
=============== Created Last 30 ================
.
2012-03-31 01:57:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-30 23:31:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 21:38:10 190 ----a-w- C:\PPCleanDeleteAtReboot.bat
2012-03-29 22:36:12 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2012-03-29 22:36:11 -------- d-----w- c:\documents and settings\owner\application data\SpeedMaxPc
2012-03-29 22:35:51 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-03-29 12:29:29 -------- d-----w- c:\documents and settings\owner\application data\Vuow
2012-03-29 12:29:17 -------- d-----w- c:\documents and settings\owner\application data\Uvn
2012-03-29 07:06:33 -------- dc-h--w- c:\windows\ie8
2012-03-27 17:56:29 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-03-27 14:32:21 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2012-03-27 03:15:46 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2012-03-27 03:15:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\ID Vault
2012-03-27 03:14:45 -------- d-----w- c:\documents and settings\owner\application data\comcasttb
2012-03-27 03:13:59 -------- d-----w- c:\documents and settings\owner\application data\ID Vault
2012-03-27 03:12:37 -------- d-----w- c:\documents and settings\owner\application data\CallingID
2012-03-27 03:12:21 -------- d-----w- c:\program files\common files\scanner
2012-03-27 03:12:20 -------- d-----w- c:\program files\comcasttb
2012-03-27 03:12:08 -------- d-----w- c:\program files\CA
2012-03-27 03:12:01 -------- d-----w- c:\windows\Downloaded Installations
2012-03-27 03:10:02 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2012-03-26 18:10:37 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-03-26 18:09:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 16:43:11 -------- d-----w- c:\documents and settings\all users\application data\B399
2012-03-26 16:42:04 -------- d-----w- C:\My Downloads
2012-03-26 14:46:41 -------- d-----w- c:\documents and settings\all users\application data\29271
2012-03-26 14:41:38 22032 ----a-w- c:\windows\DCEBoot.exe
2012-03-26 13:42:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\NPE
2012-03-26 13:42:01 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-03-25 21:59:21 -------- d-----w- c:\documents and settings\owner\application data\Heilo
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-19 03:39:29 -------- d-----w- C:\Rbackup
2012-03-19 02:52:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 02:52:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 01:45:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-19 01:45:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-19 00:14:53 -------- d-----w- c:\documents and settings\all users\application data\35261
2012-03-19 00:11:31 -------- d-----w- c:\documents and settings\owner\local settings\application data\Ilivid Player
2012-03-18 23:57:24 -------- dc-h--w- c:\documents and settings\all users\application data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
2012-03-18 23:56:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
.
==================== Find3M ====================
.
2012-03-31 01:56:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 13:22:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 16:26:41 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 19:20:37 4 ----a-w- c:\windows\system32\PTfile1.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-08 02:19:11 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
.
============= FINISH: 14:31:42.76 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2011 3:46:19 PM
System Uptime: 3/31/2012 10:52:55 AM (4 hours ago)
.
Motherboard: Intel Corporation | | D101GGC
Processor: Intel® Pentium® D CPU 2.66GHz | Socket 775 | 2666/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 214.963 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 596 GiB total, 529.183 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&FB75CB&0&19A4
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&FB75CB&0&19A4
Service:
.
==== System Restore Points ===================
.
RP62: 1/2/2012 11:10:08 AM - Software Distribution Service 3.0
RP63: 1/3/2012 8:52:39 AM - Software Distribution Service 3.0
RP64: 1/3/2012 2:32:08 PM - Printer Driver Microsoft XPS Document Writer Installed
RP65: 1/4/2012 9:06:23 AM - Software Distribution Service 3.0
RP66: 1/5/2012 9:45:37 AM - System Checkpoint
RP67: 1/6/2012 1:08:49 PM - System Checkpoint
RP68: 1/7/2012 2:47:57 PM - System Checkpoint
RP69: 1/8/2012 5:20:52 PM - System Checkpoint
RP70: 1/10/2012 10:27:38 AM - System Checkpoint
RP71: 1/11/2012 7:41:46 AM - Software Distribution Service 3.0
RP72: 1/12/2012 3:31:55 AM - Software Distribution Service 3.0
RP73: 1/13/2012 9:31:19 AM - System Checkpoint
RP74: 1/14/2012 10:52:29 AM - System Checkpoint
RP75: 1/15/2012 2:52:57 PM - System Checkpoint
RP76: 1/16/2012 6:19:42 PM - System Checkpoint
RP77: 1/17/2012 6:43:47 PM - System Checkpoint
RP78: 1/19/2012 8:10:24 AM - System Checkpoint
RP79: 1/20/2012 10:00:41 AM - System Checkpoint
RP80: 1/21/2012 12:02:41 PM - System Checkpoint
RP81: 1/22/2012 12:26:42 PM - System Checkpoint
RP82: 1/23/2012 4:06:20 PM - System Checkpoint
RP83: 1/24/2012 7:01:17 AM - Software Distribution Service 3.0
RP84: 1/25/2012 9:39:04 AM - System Checkpoint
RP85: 1/26/2012 2:22:51 PM - System Checkpoint
RP86: 1/27/2012 3:27:23 PM - System Checkpoint
RP87: 1/28/2012 9:11:51 PM - System Checkpoint
RP88: 1/31/2012 8:02:42 AM - System Checkpoint
RP89: 2/1/2012 12:47:31 PM - System Checkpoint
RP90: 2/2/2012 4:10:32 PM - System Checkpoint
RP91: 2/3/2012 10:41:58 PM - System Checkpoint
RP92: 2/4/2012 11:02:13 PM - System Checkpoint
RP93: 2/6/2012 9:37:56 PM - System Checkpoint
RP94: 2/7/2012 10:05:02 PM - System Checkpoint
RP95: 2/9/2012 8:17:22 AM - System Checkpoint
RP96: 2/10/2012 2:56:11 PM - System Checkpoint
RP97: 2/11/2012 4:30:14 PM - System Checkpoint
RP98: 2/12/2012 7:57:25 PM - System Checkpoint
RP99: 2/13/2012 9:22:05 PM - System Checkpoint
RP100: 2/15/2012 10:27:16 AM - System Checkpoint
RP101: 2/16/2012 11:05:51 AM - System Checkpoint
RP102: 2/17/2012 7:54:09 AM - Software Distribution Service 3.0
RP103: 2/18/2012 11:26:59 AM - System Checkpoint
RP104: 2/19/2012 1:07:15 PM - System Checkpoint
RP105: 2/20/2012 6:17:33 PM - Installed The Sims 3
RP106: 2/20/2012 6:41:50 PM - Installed The Sims 3
RP107: 2/20/2012 6:51:41 PM - Installed TheSims3EP5
RP108: 2/20/2012 6:52:59 PM - Installed TheSims3EP5
RP109: 2/20/2012 7:30:00 PM - Installed The Sims 3
RP110: 2/21/2012 9:41:28 PM - System Checkpoint
RP111: 2/23/2012 8:38:06 AM - System Checkpoint
RP112: 2/24/2012 2:32:45 PM - System Checkpoint
RP113: 2/25/2012 3:07:25 PM - System Checkpoint
RP114: 2/26/2012 4:12:12 PM - System Checkpoint
RP115: 2/28/2012 7:41:32 AM - System Checkpoint
RP116: 2/29/2012 8:00:06 AM - System Checkpoint
RP117: 3/1/2012 6:21:50 PM - System Checkpoint
RP118: 3/3/2012 1:02:12 PM - System Checkpoint
RP119: 3/4/2012 3:12:27 PM - System Checkpoint
RP120: 3/5/2012 5:07:50 PM - System Checkpoint
RP121: 3/6/2012 6:05:53 PM - System Checkpoint
RP122: 3/7/2012 8:16:13 PM - System Checkpoint
RP123: 3/9/2012 9:38:49 AM - System Checkpoint
RP124: 3/10/2012 10:42:02 AM - System Checkpoint
RP125: 3/11/2012 11:56:34 AM - System Checkpoint
RP126: 3/12/2012 1:58:31 PM - System Checkpoint
RP127: 3/13/2012 3:42:37 PM - System Checkpoint
RP128: 3/14/2012 6:08:58 PM - System Checkpoint
RP129: 3/15/2012 11:10:35 AM - Software Distribution Service 3.0
RP130: 3/16/2012 1:38:22 PM - System Checkpoint
RP131: 3/18/2012 5:23:29 AM - System Checkpoint
RP132: 3/18/2012 7:58:48 PM - Removed The Sims 3
RP133: 3/18/2012 8:26:20 PM - Removed TheSims3EP5
RP134: 3/18/2012 9:43:15 PM - Restore Operation
RP135: 3/18/2012 11:23:19 PM - TITANUIMRES5[0x01001101]
RP136: 3/20/2012 7:30:22 AM - System Checkpoint
RP137: 3/22/2012 7:53:52 AM - System Checkpoint
RP138: 3/23/2012 9:20:14 PM - System Checkpoint
RP139: 3/25/2012 9:11:05 AM - System Checkpoint
RP140: 3/26/2012 9:50:19 AM - Norton_Power_Eraser_20120326095015328
RP141: 3/26/2012 12:13:59 PM - Installed Microsoft Fix it 50267
RP142: 3/26/2012 12:19:34 PM - Installed Microsoft Fix it 50267
RP143: 3/27/2012 7:28:23 AM - Software Distribution Service 3.0
RP144: 3/27/2012 1:53:35 PM - Installed %1 %2.
RP145: 3/27/2012 11:28:47 PM - Restore Point before Corrupt Patch Registry keys
RP146: 3/27/2012 11:29:05 PM - Restore Point before iMesh was removed using Program Install and Uninstall troubleshooter
RP147: 3/27/2012 11:30:03 PM - iMesh
RP148: 3/27/2012 11:35:01 PM - Installed Microsoft Fix it 50267
RP149: 3/28/2012 3:00:15 AM - Software Distribution Service 3.0
RP150: 3/28/2012 8:34:14 AM - Installed Microsoft Fix it 50267
RP151: 3/29/2012 3:00:19 AM - Software Distribution Service 3.0
RP152: 3/29/2012 6:52:18 PM - Removed Microsoft Fix it Center
RP153: 3/29/2012 8:53:17 PM - ARO 2012 - Before Installation
RP154: 3/29/2012 8:55:08 PM - ARO 2012 - FIRST RUN
RP155: 3/29/2012 9:01:25 PM - ARO 2012 Thu, Mar 29, 12 21:01
RP156: 3/29/2012 9:08:24 PM - Installed HiJackThis
RP157: 3/29/2012 10:25:50 PM - Removed Support.com Toolbar.
RP158: 3/30/2012 3:00:19 AM - Software Distribution Service 3.0
RP159: 3/30/2012 5:18:54 PM - Removed HiJackThis
RP160: 3/30/2012 7:34:48 PM - TITANUIMRES5[0x01000100]
RP161: 3/30/2012 9:54:53 PM - Removed Java™ 6 Update 22
RP162: 3/30/2012 9:56:18 PM - Installed Java™ 6 Update 31
RP163: 3/31/2012 10:22:07 AM - Software Distribution Service 3.0
RP164: 3/31/2012 10:44:17 AM - Restore Operation
RP165: 3/31/2012 10:53:53 AM - Restore Operation
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
ATI Display Driver
CA Pest Patrol Realtime Protection
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImgBurn
Internet Explorer (Enable DEP)
Java Auto Updater
Java™ 6 Update 31
Lexmark 7300 Series
Malwarebytes Anti-Malware version 1.60.1.1000
Memeo Instant Backup
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
OpenOffice.org 3.3
Picasa 3
Picturetrail Photo Editor 2.1.0.0
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Print to Fax
Realtek High Definition Audio Driver
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
swMSM
Trend Micro Titanium
Trend Micro Titanium Maximum Security 2012
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows PowerShell™ 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/30/2012 9:15:42 AM, error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 5:55:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL tmactmon tmcomm tmevtmgr tmtdi
3/30/2012 12:53:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/30/2012 12:34:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/30/2012 12:32:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/30/2012 12:31:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip tmactmon tmcomm tmevtmgr tmtdi
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/30/2012 12:31:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 1:34:13 PM, error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 2 time(s).
3/30/2012 1:34:13 PM, error: Service Control Manager [7034] - The lxci_device service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Seagate Dashboard Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The MemeoBackgroundService service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/29/2012 6:53:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/29/2012 3:28:58 AM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/29/2012 3:28:58 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 01:46 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 14:43:14 on 2012-03-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.233 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\73WHJN6P\Defogger[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.shop.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [dplaysvr] c:\documents and settings\networkservice\application data\dplaysvr.exe
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C46D47AA-F59B-4AD9-B431-5F30141E5BE1} : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-1-7 68368]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-1-7 200632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-19 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-19 1691480]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-19 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-30 40776]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
.
=============== Created Last 30 ================
.
2012-03-31 01:57:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-30 23:31:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 21:38:10 190 ----a-w- C:\PPCleanDeleteAtReboot.bat
2012-03-29 22:36:12 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2012-03-29 22:36:11 -------- d-----w- c:\documents and settings\owner\application data\SpeedMaxPc
2012-03-29 22:35:51 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-03-29 12:29:29 -------- d-----w- c:\documents and settings\owner\application data\Vuow
2012-03-29 12:29:17 -------- d-----w- c:\documents and settings\owner\application data\Uvn
2012-03-29 07:06:33 -------- dc-h--w- c:\windows\ie8
2012-03-27 17:56:29 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-03-27 14:32:21 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2012-03-27 03:15:46 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2012-03-27 03:15:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\ID Vault
2012-03-27 03:14:45 -------- d-----w- c:\documents and settings\owner\application data\comcasttb
2012-03-27 03:13:59 -------- d-----w- c:\documents and settings\owner\application data\ID Vault
2012-03-27 03:12:37 -------- d-----w- c:\documents and settings\owner\application data\CallingID
2012-03-27 03:12:21 -------- d-----w- c:\program files\common files\scanner
2012-03-27 03:12:20 -------- d-----w- c:\program files\comcasttb
2012-03-27 03:12:08 -------- d-----w- c:\program files\CA
2012-03-27 03:12:01 -------- d-----w- c:\windows\Downloaded Installations
2012-03-27 03:10:02 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2012-03-26 18:10:37 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-03-26 18:09:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 16:43:11 -------- d-----w- c:\documents and settings\all users\application data\B399
2012-03-26 16:42:04 -------- d-----w- C:\My Downloads
2012-03-26 14:46:41 -------- d-----w- c:\documents and settings\all users\application data\29271
2012-03-26 14:41:38 22032 ----a-w- c:\windows\DCEBoot.exe
2012-03-26 13:42:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\NPE
2012-03-26 13:42:01 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-03-25 21:59:21 -------- d-----w- c:\documents and settings\owner\application data\Heilo
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-19 03:39:29 -------- d-----w- C:\Rbackup
2012-03-19 02:52:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 02:52:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 01:45:02 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-03-19 01:45:02 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-19 00:14:53 -------- d-----w- c:\documents and settings\all users\application data\35261
2012-03-19 00:11:31 -------- d-----w- c:\documents and settings\owner\local settings\application data\Ilivid Player
2012-03-18 23:57:24 -------- dc-h--w- c:\documents and settings\all users\application data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
2012-03-18 23:56:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
.
==================== Find3M ====================
.
2012-03-31 01:56:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 13:22:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 16:26:41 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 19:20:37 4 ----a-w- c:\windows\system32\PTfile1.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-08 02:19:11 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
.
============= FINISH: 14:43:30.15 ===============

A.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/19/2011 3:46:19 PM
System Uptime: 3/31/2012 10:52:55 AM (4 hours ago)
.
Motherboard: Intel Corporation | | D101GGC
Processor: Intel® Pentium® D CPU 2.66GHz | Socket 775 | 2666/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 214.967 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 596 GiB total, 529.183 GiB free.A
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&FB75CB&0&19A4
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7004&SUBSYS_10031102&REV_00\4&FB75CB&0&19A4
Service:
.
==== System Restore Points ===================
.
RP62: 1/2/2012 11:10:08 AM - Software Distribution Service 3.0
RP63: 1/3/2012 8:52:39 AM - Software Distribution Service 3.0
RP64: 1/3/2012 2:32:08 PM - Printer Driver Microsoft XPS Document Writer Installed
RP65: 1/4/2012 9:06:23 AM - Software Distribution Service 3.0
RP66: 1/5/2012 9:45:37 AM - System Checkpoint
RP67: 1/6/2012 1:08:49 PM - System Checkpoint
RP68: 1/7/2012 2:47:57 PM - System Checkpoint
RP69: 1/8/2012 5:20:52 PM - System Checkpoint
RP70: 1/10/2012 10:27:38 AM - System Checkpoint
RP71: 1/11/2012 7:41:46 AM - Software Distribution Service 3.0
RP72: 1/12/2012 3:31:55 AM - Software Distribution Service 3.0
RP73: 1/13/2012 9:31:19 AM - System Checkpoint
RP74: 1/14/2012 10:52:29 AM - System Checkpoint
RP75: 1/15/2012 2:52:57 PM - System Checkpoint
RP76: 1/16/2012 6:19:42 PM - System Checkpoint
RP77: 1/17/2012 6:43:47 PM - System Checkpoint
RP78: 1/19/2012 8:10:24 AM - System Checkpoint
RP79: 1/20/2012 10:00:41 AM - System Checkpoint
RP80: 1/21/2012 12:02:41 PM - System Checkpoint
RP81: 1/22/2012 12:26:42 PM - System Checkpoint
RP82: 1/23/2012 4:06:20 PM - System Checkpoint
RP83: 1/24/2012 7:01:17 AM - Software Distribution Service 3.0
RP84: 1/25/2012 9:39:04 AM - System Checkpoint
RP85: 1/26/2012 2:22:51 PM - System Checkpoint
RP86: 1/27/2012 3:27:23 PM - System Checkpoint
RP87: 1/28/2012 9:11:51 PM - System Checkpoint
RP88: 1/31/2012 8:02:42 AM - System Checkpoint
RP89: 2/1/2012 12:47:31 PM - System Checkpoint
RP90: 2/2/2012 4:10:32 PM - System Checkpoint
RP91: 2/3/2012 10:41:58 PM - System Checkpoint
RP92: 2/4/2012 11:02:13 PM - System Checkpoint
RP93: 2/6/2012 9:37:56 PM - System Checkpoint
RP94: 2/7/2012 10:05:02 PM - System Checkpoint
RP95: 2/9/2012 8:17:22 AM - System Checkpoint
RP96: 2/10/2012 2:56:11 PM - System Checkpoint
RP97: 2/11/2012 4:30:14 PM - System Checkpoint
RP98: 2/12/2012 7:57:25 PM - System Checkpoint
RP99: 2/13/2012 9:22:05 PM - System Checkpoint
RP100: 2/15/2012 10:27:16 AM - System Checkpoint
RP101: 2/16/2012 11:05:51 AM - System Checkpoint
RP102: 2/17/2012 7:54:09 AM - Software Distribution Service 3.0
RP103: 2/18/2012 11:26:59 AM - System Checkpoint
RP104: 2/19/2012 1:07:15 PM - System Checkpoint
RP105: 2/20/2012 6:17:33 PM - Installed The Sims 3
RP106: 2/20/2012 6:41:50 PM - Installed The Sims 3
RP107: 2/20/2012 6:51:41 PM - Installed TheSims3EP5
RP108: 2/20/2012 6:52:59 PM - Installed TheSims3EP5
RP109: 2/20/2012 7:30:00 PM - Installed The Sims 3
RP110: 2/21/2012 9:41:28 PM - System Checkpoint
RP111: 2/23/2012 8:38:06 AM - System Checkpoint
RP112: 2/24/2012 2:32:45 PM - System Checkpoint
RP113: 2/25/2012 3:07:25 PM - System Checkpoint
RP114: 2/26/2012 4:12:12 PM - System Checkpoint
RP115: 2/28/2012 7:41:32 AM - System Checkpoint
RP116: 2/29/2012 8:00:06 AM - System Checkpoint
RP117: 3/1/2012 6:21:50 PM - System Checkpoint
RP118: 3/3/2012 1:02:12 PM - System Checkpoint
RP119: 3/4/2012 3:12:27 PM - System Checkpoint
RP120: 3/5/2012 5:07:50 PM - System Checkpoint
RP121: 3/6/2012 6:05:53 PM - System Checkpoint
RP122: 3/7/2012 8:16:13 PM - System Checkpoint
RP123: 3/9/2012 9:38:49 AM - System Checkpoint
RP124: 3/10/2012 10:42:02 AM - System Checkpoint
RP125: 3/11/2012 11:56:34 AM - System Checkpoint
RP126: 3/12/2012 1:58:31 PM - System Checkpoint
RP127: 3/13/2012 3:42:37 PM - System Checkpoint
RP128: 3/14/2012 6:08:58 PM - System Checkpoint
RP129: 3/15/2012 11:10:35 AM - Software Distribution Service 3.0
RP130: 3/16/2012 1:38:22 PM - System Checkpoint
RP131: 3/18/2012 5:23:29 AM - System Checkpoint
RP132: 3/18/2012 7:58:48 PM - Removed The Sims 3
RP133: 3/18/2012 8:26:20 PM - Removed TheSims3EP5
RP134: 3/18/2012 9:43:15 PM - Restore Operation
RP135: 3/18/2012 11:23:19 PM - TITANUIMRES5[0x01001101]
RP136: 3/20/2012 7:30:22 AM - System Checkpoint
RP137: 3/22/2012 7:53:52 AM - System Checkpoint
RP138: 3/23/2012 9:20:14 PM - System Checkpoint
RP139: 3/25/2012 9:11:05 AM - System Checkpoint
RP140: 3/26/2012 9:50:19 AM - Norton_Power_Eraser_20120326095015328
RP141: 3/26/2012 12:13:59 PM - Installed Microsoft Fix it 50267
RP142: 3/26/2012 12:19:34 PM - Installed Microsoft Fix it 50267
RP143: 3/27/2012 7:28:23 AM - Software Distribution Service 3.0
RP144: 3/27/2012 1:53:35 PM - Installed %1 %2.
RP145: 3/27/2012 11:28:47 PM - Restore Point before Corrupt Patch Registry keys
RP146: 3/27/2012 11:29:05 PM - Restore Point before iMesh was removed using Program Install and Uninstall troubleshooter
RP147: 3/27/2012 11:30:03 PM - iMesh
RP148: 3/27/2012 11:35:01 PM - Installed Microsoft Fix it 50267
RP149: 3/28/2012 3:00:15 AM - Software Distribution Service 3.0
RP150: 3/28/2012 8:34:14 AM - Installed Microsoft Fix it 50267
RP151: 3/29/2012 3:00:19 AM - Software Distribution Service 3.0
RP152: 3/29/2012 6:52:18 PM - Removed Microsoft Fix it Center
RP153: 3/29/2012 8:53:17 PM - ARO 2012 - Before Installation
RP154: 3/29/2012 8:55:08 PM - ARO 2012 - FIRST RUN
RP155: 3/29/2012 9:01:25 PM - ARO 2012 Thu, Mar 29, 12 21:01
RP156: 3/29/2012 9:08:24 PM - Installed HiJackThis
RP157: 3/29/2012 10:25:50 PM - Removed Support.com Toolbar.
RP158: 3/30/2012 3:00:19 AM - Software Distribution Service 3.0
RP159: 3/30/2012 5:18:54 PM - Removed HiJackThis
RP160: 3/30/2012 7:34:48 PM - TITANUIMRES5[0x01000100]
RP161: 3/30/2012 9:54:53 PM - Removed Java™ 6 Update 22
RP162: 3/30/2012 9:56:18 PM - Installed Java™ 6 Update 31
RP163: 3/31/2012 10:22:07 AM - Software Distribution Service 3.0
RP164: 3/31/2012 10:44:17 AM - Restore Operation
RP165: 3/31/2012 10:53:53 AM - Restore Operation
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
ATI Display Driver
CA Pest Patrol Realtime Protection
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
ImgBurn
Internet Explorer (Enable DEP)
Java Auto Updater
Java™ 6 Update 31
Lexmark 7300 Series
Malwarebytes Anti-Malware version 1.60.1.1000
Memeo Instant Backup
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
OpenOffice.org 3.3
Picasa 3
Picturetrail Photo Editor 2.1.0.0
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Print to Fax
Realtek High Definition Audio Driver
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
swMSM
Trend Micro Titanium
Trend Micro Titanium Maximum Security 2012
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.11
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows PowerShell™ 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/30/2012 9:15:42 AM, error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 5:55:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL tmactmon tmcomm tmevtmgr tmtdi
3/30/2012 12:53:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/30/2012 12:34:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/30/2012 12:32:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/30/2012 12:31:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip tmactmon tmcomm tmevtmgr tmtdi
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 12:31:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/30/2012 12:31:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 1:34:13 PM, error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 2 time(s).
3/30/2012 1:34:13 PM, error: Service Control Manager [7034] - The lxci_device service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Seagate Dashboard Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The MemeoBackgroundService service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:34:12 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/29/2012 6:53:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/29/2012 3:28:58 AM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
3/29/2012 3:28:58 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 31 March 2012 - 01:48 PM

Hello jstone77,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • We need to get a little more information before we begin.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 02:39 PM

Hi thanks for helping me here the log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 15:26:53
-----------------------------
15:26:53.859 OS Version: Windows 5.1.2600 Service Pack 3
15:26:53.859 Number of processors: 2 586 0x407
15:26:53.859 ComputerName: OWNER-93F92B369 UserName: Owner
15:26:56.015 Initialize success
15:35:01.468 AVAST engine defs: 12033101
15:37:27.328 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR 3.txt"

#5 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 02:41 PM

ListParts by Farbar Version: 12-03-2012 03
Ran by Owner (administrator) on 31-03-2012 at 15:40:01
Windows XP (X86)
Running From: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E572U3J6
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 81%
Total physical RAM: 894.48 MB
Available physical RAM: 167.29 MB
Total Pagefile: 2167.89 MB
Available Pagefile: 1027.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.05 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:232.88 GB) (Free:214.89 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:596.17 GB) (Free:529.18 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 596 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 233 GB Healthy System (partition with boot components)
======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FreeAgent G NTFS Partition 596 GB Healthy
======================================================================================================

****** End Of Log ******

#6 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 02:43 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-31 15:42:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2500JS-00NCB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxadqkod.sys


---- System - GMER 1.0.15 ----

SSDT 84913464 ZwCreateKey
SSDT 84AB0054 ZwCreateMutant
SSDT 84923AD4 ZwCreateProcess
SSDT 8491418C ZwCreateProcessEx
SSDT 8499D52C ZwCreateSymbolicLinkObject
SSDT 849265B4 ZwCreateThread
SSDT 8491200C ZwDeleteKey
SSDT 84912A0C ZwDeleteValueKey
SSDT 8499A864 ZwDuplicateObject
SSDT 8492A5D4 ZwLoadDriver
SSDT 84913DF4 ZwOpenProcess
SSDT 84912714 ZwOpenSection
SSDT 8491390C ZwOpenThread
SSDT 84912E74 ZwRenameKey
SSDT 84912C3C ZwRestoreKey
SSDT 84A8A03C ZwSetSystemInformation
SSDT 849132CC ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEA8F640]
SSDT 849135FC ZwTerminateThread
SSDT 849252D4 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\DRIVERS\tmcomm.sys Access is denied.
? C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys Access is denied.
? C:\WINDOWS\system32\DRIVERS\tmactmon.sys Access is denied.
? C:\WINDOWS\system32\DRIVERS\tmtdi.sys Access is denied.
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2712] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3044] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3188] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4156] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4700] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5684] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 31 March 2012 - 08:55 PM

Hello,

Please run the following.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:;
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 09:03 PM

22:01:04.0140 4608 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
22:01:04.0531 4608 ============================================================
22:01:04.0531 4608 Current date / time: 2012/03/31 22:01:04.0531
22:01:04.0531 4608 SystemInfo:
22:01:04.0531 4608
22:01:04.0531 4608 OS Version: 5.1.2600 ServicePack: 3.0
22:01:04.0531 4608 Product type: Workstation
22:01:04.0531 4608 ComputerName: OWNER-93F92B369
22:01:04.0531 4608 UserName: Owner
22:01:04.0531 4608 Windows directory: C:\WINDOWS
22:01:04.0531 4608 System windows directory: C:\WINDOWS
22:01:04.0531 4608 Processor architecture: Intel x86
22:01:04.0531 4608 Number of processors: 2
22:01:04.0531 4608 Page size: 0x1000
22:01:04.0531 4608 Boot type: Normal boot
22:01:04.0531 4608 ============================================================
22:01:06.0562 4608 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:01:06.0562 4608 Drive \Device\Harddisk1\DR2 - Size: 0x950B055E00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:01:06.0609 4608 \Device\Harddisk0\DR0:
22:01:06.0609 4608 MBR used
22:01:06.0609 4608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
22:01:06.0609 4608 \Device\Harddisk1\DR2:
22:01:06.0609 4608 MBR used
22:01:06.0609 4608 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856EC1
22:01:06.0718 4608 Initialize success
22:01:06.0718 4608 ============================================================
22:01:25.0125 4768 ============================================================
22:01:25.0125 4768 Scan started
22:01:25.0125 4768 Mode: Manual;
22:01:25.0125 4768 ============================================================
22:01:25.0812 4768 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:01:25.0828 4768 !SASCORE - ok
22:01:25.0921 4768 Abiosdsk - ok
22:01:25.0953 4768 abp480n5 - ok
22:01:26.0000 4768 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:26.0000 4768 ACPI - ok
22:01:26.0046 4768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:01:26.0046 4768 ACPIEC - ok
22:01:26.0062 4768 adpu160m - ok
22:01:26.0109 4768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:01:26.0109 4768 aec - ok
22:01:26.0156 4768 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:01:26.0156 4768 AFD - ok
22:01:26.0171 4768 Aha154x - ok
22:01:26.0187 4768 aic78u2 - ok
22:01:26.0203 4768 aic78xx - ok
22:01:26.0234 4768 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:01:26.0234 4768 Alerter - ok
22:01:26.0250 4768 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:01:26.0250 4768 ALG - ok
22:01:26.0265 4768 AliIde - ok
22:01:26.0375 4768 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:01:26.0421 4768 Ambfilt - ok
22:01:26.0437 4768 amsint - ok
22:01:26.0500 4768 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:01:26.0500 4768 Amsp - ok
22:01:26.0562 4768 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
22:01:26.0593 4768 AntiSpywareService - ok
22:01:26.0593 4768 AppMgmt - ok
22:01:26.0609 4768 asc - ok
22:01:26.0625 4768 asc3350p - ok
22:01:26.0640 4768 asc3550 - ok
22:01:26.0718 4768 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:01:26.0718 4768 aspnet_state - ok
22:01:26.0750 4768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:26.0750 4768 AsyncMac - ok
22:01:26.0750 4768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:26.0765 4768 atapi - ok
22:01:26.0765 4768 Atdisk - ok
22:01:26.0812 4768 Ati HotKey Poller (956dc0b34bc040e191d4016e6a9a7364) C:\WINDOWS\system32\Ati2evxx.exe
22:01:26.0843 4768 Ati HotKey Poller - ok
22:01:27.0000 4768 ati2mtag (400299684f30d5c29b79eaaf3b5ff6c6) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:01:27.0046 4768 ati2mtag - ok
22:01:27.0109 4768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:27.0109 4768 Atmarpc - ok
22:01:27.0140 4768 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:01:27.0140 4768 AudioSrv - ok
22:01:27.0171 4768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:27.0187 4768 audstub - ok
22:01:27.0187 4768 BCMH43XX - ok
22:01:27.0250 4768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:27.0250 4768 Beep - ok
22:01:27.0312 4768 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:01:27.0328 4768 BITS - ok
22:01:27.0343 4768 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:01:27.0343 4768 Browser - ok
22:01:27.0390 4768 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:01:27.0390 4768 BVRPMPR5 - ok
22:01:27.0421 4768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:27.0421 4768 cbidf2k - ok
22:01:27.0515 4768 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
22:01:27.0515 4768 CCALib8 - ok
22:01:27.0531 4768 cd20xrnt - ok
22:01:27.0546 4768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:27.0546 4768 Cdaudio - ok
22:01:27.0562 4768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:27.0578 4768 Cdfs - ok
22:01:27.0578 4768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:27.0593 4768 Cdrom - ok
22:01:27.0593 4768 Changer - ok
22:01:27.0609 4768 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:01:27.0609 4768 CiSvc - ok
22:01:27.0656 4768 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:01:27.0656 4768 ClipSrv - ok
22:01:27.0718 4768 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:01:27.0718 4768 clr_optimization_v2.0.50727_32 - ok
22:01:27.0734 4768 CmdIde - ok
22:01:27.0750 4768 COMSysApp - ok
22:01:27.0765 4768 Cpqarray - ok
22:01:27.0781 4768 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:01:27.0781 4768 CryptSvc - ok
22:01:27.0828 4768 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
22:01:27.0828 4768 ctsfm2k - ok
22:01:27.0906 4768 dac2w2k - ok
22:01:27.0921 4768 dac960nt - ok
22:01:27.0984 4768 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:01:28.0000 4768 DcomLaunch - ok
22:01:28.0046 4768 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:01:28.0062 4768 Dhcp - ok
22:01:28.0062 4768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:28.0062 4768 Disk - ok
22:01:28.0078 4768 dmadmin - ok
22:01:28.0156 4768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:28.0187 4768 dmboot - ok
22:01:28.0203 4768 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:01:28.0203 4768 dmio - ok
22:01:28.0234 4768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:28.0234 4768 dmload - ok
22:01:28.0250 4768 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:01:28.0250 4768 dmserver - ok
22:01:28.0296 4768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:28.0296 4768 DMusic - ok
22:01:28.0343 4768 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:01:28.0343 4768 Dnscache - ok
22:01:28.0375 4768 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:01:28.0375 4768 Dot3svc - ok
22:01:28.0390 4768 dpti2o - ok
22:01:28.0421 4768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:28.0421 4768 drmkaud - ok
22:01:28.0468 4768 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:01:28.0468 4768 EapHost - ok
22:01:28.0500 4768 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:01:28.0500 4768 ERSvc - ok
22:01:28.0546 4768 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:01:28.0546 4768 Eventlog - ok
22:01:28.0609 4768 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:01:28.0609 4768 EventSystem - ok
22:01:28.0671 4768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:28.0671 4768 Fastfat - ok
22:01:28.0781 4768 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:01:28.0796 4768 FastUserSwitchingCompatibility - ok
22:01:28.0812 4768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:01:28.0812 4768 Fdc - ok
22:01:28.0859 4768 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:01:28.0859 4768 Fips - ok
22:01:28.0890 4768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:01:28.0890 4768 Flpydisk - ok
22:01:28.0953 4768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:01:28.0953 4768 FltMgr - ok
22:01:29.0031 4768 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:01:29.0031 4768 FontCache3.0.0.0 - ok
22:01:29.0046 4768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:29.0046 4768 Fs_Rec - ok
22:01:29.0062 4768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:29.0062 4768 Ftdisk - ok
22:01:29.0109 4768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:29.0109 4768 Gpc - ok
22:01:29.0218 4768 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:01:29.0218 4768 gupdate - ok
22:01:29.0218 4768 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:01:29.0218 4768 gupdatem - ok
22:01:29.0265 4768 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:01:29.0265 4768 gusvc - ok
22:01:29.0296 4768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:29.0296 4768 HDAudBus - ok
22:01:29.0343 4768 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:01:29.0343 4768 helpsvc - ok
22:01:29.0375 4768 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:01:29.0375 4768 HidServ - ok
22:01:29.0421 4768 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:29.0421 4768 HidUsb - ok
22:01:29.0468 4768 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:01:29.0468 4768 hkmsvc - ok
22:01:29.0484 4768 hpn - ok
22:01:29.0531 4768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:29.0531 4768 HTTP - ok
22:01:29.0578 4768 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:01:29.0578 4768 HTTPFilter - ok
22:01:29.0593 4768 i2omgmt - ok
22:01:29.0609 4768 i2omp - ok
22:01:29.0625 4768 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:01:29.0625 4768 i8042prt - ok
22:01:29.0781 4768 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:01:29.0812 4768 idsvc - ok
22:01:29.0890 4768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:29.0890 4768 Imapi - ok
22:01:29.0937 4768 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:01:29.0937 4768 ImapiService - ok
22:01:29.0953 4768 ini910u - ok
22:01:30.0171 4768 IntcAzAudAddService (eeb7cc255dd3358215c706f6b8c6dd7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:01:30.0328 4768 IntcAzAudAddService - ok
22:01:30.0343 4768 IntelIde - ok
22:01:30.0375 4768 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:30.0375 4768 intelppm - ok
22:01:30.0406 4768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:01:30.0406 4768 Ip6Fw - ok
22:01:30.0421 4768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:30.0421 4768 IpFilterDriver - ok
22:01:30.0437 4768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:30.0484 4768 IpInIp - ok
22:01:30.0593 4768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:30.0609 4768 IpNat - ok
22:01:30.0765 4768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:30.0765 4768 IPSec - ok
22:01:30.0796 4768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:30.0796 4768 IRENUM - ok
22:01:30.0843 4768 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:30.0843 4768 isapnp - ok
22:01:31.0031 4768 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
22:01:31.0031 4768 ITMRTSVC - ok
22:01:31.0171 4768 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:01:31.0171 4768 JavaQuickStarterService - ok
22:01:31.0265 4768 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:31.0265 4768 Kbdclass - ok
22:01:31.0312 4768 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:31.0312 4768 kbdhid - ok
22:01:31.0359 4768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:31.0359 4768 kmixer - ok
22:01:31.0390 4768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:31.0390 4768 KSecDD - ok
22:01:31.0437 4768 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:01:31.0437 4768 LanmanServer - ok
22:01:31.0484 4768 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:01:31.0484 4768 lanmanworkstation - ok
22:01:31.0500 4768 lbrtfdc - ok
22:01:31.0546 4768 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:01:31.0546 4768 LmHosts - ok
22:01:31.0562 4768 lxci_device - ok
22:01:31.0593 4768 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:01:31.0609 4768 MBAMSwissArmy - ok
22:01:31.0640 4768 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:01:31.0656 4768 MDM - ok
22:01:31.0734 4768 MemeoBackgroundService (671a03ca9cd0259ccbb7b78a9ce234ec) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
22:01:31.0734 4768 MemeoBackgroundService - ok
22:01:31.0781 4768 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:01:31.0781 4768 Messenger - ok
22:01:31.0812 4768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:31.0812 4768 mnmdd - ok
22:01:31.0875 4768 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:01:31.0875 4768 mnmsrvc - ok
22:01:31.0921 4768 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:01:31.0921 4768 Modem - ok
22:01:32.0000 4768 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:01:32.0031 4768 Monfilt - ok
22:01:32.0062 4768 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:32.0062 4768 Mouclass - ok
22:01:32.0187 4768 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:32.0187 4768 mouhid - ok
22:01:32.0218 4768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:32.0218 4768 MountMgr - ok
22:01:32.0234 4768 mraid35x - ok
22:01:32.0265 4768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:32.0281 4768 MRxDAV - ok
22:01:32.0328 4768 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:32.0343 4768 MRxSmb - ok
22:01:32.0390 4768 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:01:32.0390 4768 MSDTC - ok
22:01:32.0437 4768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:32.0437 4768 Msfs - ok
22:01:32.0453 4768 MSIServer - ok
22:01:32.0500 4768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:32.0500 4768 MSKSSRV - ok
22:01:32.0531 4768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:32.0546 4768 MSPCLOCK - ok
22:01:32.0546 4768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:32.0546 4768 MSPQM - ok
22:01:32.0578 4768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:32.0578 4768 mssmbios - ok
22:01:32.0625 4768 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:01:32.0640 4768 Mup - ok
22:01:32.0671 4768 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:01:32.0687 4768 napagent - ok
22:01:32.0703 4768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:32.0703 4768 NDIS - ok
22:01:32.0734 4768 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:32.0734 4768 NdisTapi - ok
22:01:32.0765 4768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:32.0765 4768 Ndisuio - ok
22:01:32.0781 4768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:32.0781 4768 NdisWan - ok
22:01:32.0812 4768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:32.0812 4768 NDProxy - ok
22:01:32.0828 4768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:32.0828 4768 NetBIOS - ok
22:01:32.0859 4768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:32.0859 4768 NetBT - ok
22:01:32.0890 4768 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:01:32.0890 4768 NetDDE - ok
22:01:32.0906 4768 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:01:32.0906 4768 NetDDEdsdm - ok
22:01:32.0937 4768 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:32.0937 4768 Netlogon - ok
22:01:32.0953 4768 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:01:32.0968 4768 Netman - ok
22:01:33.0109 4768 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:01:33.0109 4768 NetTcpPortSharing - ok
22:01:33.0187 4768 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:01:33.0250 4768 Nla - ok
22:01:33.0375 4768 NPF - ok
22:01:33.0421 4768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:33.0421 4768 Npfs - ok
22:01:33.0578 4768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:33.0593 4768 Ntfs - ok
22:01:33.0609 4768 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:33.0609 4768 NtLmSsp - ok
22:01:33.0671 4768 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:01:33.0687 4768 NtmsSvc - ok
22:01:33.0734 4768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:33.0734 4768 Null - ok
22:01:33.0765 4768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:33.0765 4768 NwlnkFlt - ok
22:01:33.0781 4768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:33.0781 4768 NwlnkFwd - ok
22:01:33.0843 4768 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:01:33.0859 4768 ose - ok
22:01:33.0906 4768 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
22:01:33.0921 4768 ossrv - ok
22:01:34.0015 4768 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
22:01:34.0046 4768 P16X - ok
22:01:34.0062 4768 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:34.0062 4768 Parport - ok
22:01:34.0078 4768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:34.0078 4768 PartMgr - ok
22:01:34.0093 4768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:34.0093 4768 ParVdm - ok
22:01:34.0156 4768 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:34.0171 4768 PCI - ok
22:01:34.0171 4768 PCIDump - ok
22:01:34.0187 4768 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:34.0203 4768 PCIIde - ok
22:01:34.0218 4768 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:01:34.0218 4768 Pcmcia - ok
22:01:34.0265 4768 PDCOMP - ok
22:01:34.0281 4768 PDFRAME - ok
22:01:34.0296 4768 PDRELI - ok
22:01:34.0328 4768 PDRFRAME - ok
22:01:34.0343 4768 perc2 - ok
22:01:34.0359 4768 perc2hib - ok
22:01:34.0437 4768 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:01:34.0437 4768 PlugPlay - ok
22:01:34.0468 4768 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:34.0468 4768 PolicyAgent - ok
22:01:34.0500 4768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:34.0500 4768 PptpMiniport - ok
22:01:34.0515 4768 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:34.0515 4768 ProtectedStorage - ok
22:01:34.0531 4768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:34.0531 4768 PSched - ok
22:01:34.0562 4768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:34.0562 4768 Ptilink - ok
22:01:34.0578 4768 ql1080 - ok
22:01:34.0593 4768 Ql10wnt - ok
22:01:34.0609 4768 ql12160 - ok
22:01:34.0625 4768 ql1240 - ok
22:01:34.0656 4768 ql1280 - ok
22:01:34.0687 4768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:34.0687 4768 RasAcd - ok
22:01:34.0734 4768 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:01:34.0734 4768 RasAuto - ok
22:01:34.0750 4768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:34.0750 4768 Rasl2tp - ok
22:01:34.0781 4768 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:01:34.0781 4768 RasMan - ok
22:01:34.0828 4768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:34.0828 4768 RasPppoe - ok
22:01:34.0843 4768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:34.0843 4768 Raspti - ok
22:01:34.0859 4768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:34.0875 4768 Rdbss - ok
22:01:34.0875 4768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:34.0875 4768 RDPCDD - ok
22:01:34.0937 4768 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:34.0937 4768 RDPWD - ok
22:01:34.0984 4768 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:01:35.0000 4768 RDSessMgr - ok
22:01:35.0031 4768 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:35.0046 4768 redbook - ok
22:01:35.0062 4768 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:01:35.0062 4768 RemoteAccess - ok
22:01:35.0093 4768 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:01:35.0093 4768 RpcLocator - ok
22:01:35.0125 4768 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:01:35.0140 4768 RpcSs - ok
22:01:35.0156 4768 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:01:35.0171 4768 RSVP - ok
22:01:35.0171 4768 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:01:35.0171 4768 rtl8139 - ok
22:01:35.0187 4768 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:35.0187 4768 SamSs - ok
22:01:35.0281 4768 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:01:35.0296 4768 SASDIFSV - ok
22:01:35.0312 4768 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:01:35.0312 4768 SASKUTIL - ok
22:01:35.0312 4768 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:01:35.0328 4768 SCardSvr - ok
22:01:35.0375 4768 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:01:35.0375 4768 Schedule - ok
22:01:35.0437 4768 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
22:01:35.0437 4768 SeagateDashboardService - ok
22:01:35.0500 4768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:35.0500 4768 Secdrv - ok
22:01:35.0531 4768 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:01:35.0531 4768 seclogon - ok
22:01:35.0546 4768 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:01:35.0562 4768 SENS - ok
22:01:35.0609 4768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:01:35.0609 4768 serenum - ok
22:01:35.0625 4768 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:01:35.0625 4768 Serial - ok
22:01:35.0671 4768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:35.0671 4768 Sfloppy - ok
22:01:35.0703 4768 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:01:35.0781 4768 SharedAccess - ok
22:01:35.0875 4768 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:01:35.0890 4768 ShellHWDetection - ok
22:01:35.0953 4768 Simbad - ok
22:01:36.0078 4768 Sparrow - ok
22:01:36.0125 4768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:36.0125 4768 splitter - ok
22:01:36.0156 4768 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:01:36.0156 4768 Spooler - ok
22:01:36.0187 4768 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:36.0187 4768 sr - ok
22:01:36.0203 4768 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:01:36.0203 4768 srservice - ok
22:01:36.0250 4768 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:36.0265 4768 Srv - ok
22:01:36.0281 4768 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:01:36.0281 4768 SSDPSRV - ok
22:01:36.0312 4768 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:01:36.0328 4768 stisvc - ok
22:01:36.0343 4768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:36.0343 4768 swenum - ok
22:01:36.0390 4768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:36.0390 4768 swmidi - ok
22:01:36.0453 4768 SwPrv - ok
22:01:36.0468 4768 symc810 - ok
22:01:36.0484 4768 symc8xx - ok
22:01:36.0500 4768 sym_hi - ok
22:01:36.0515 4768 sym_u3 - ok
22:01:36.0546 4768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:36.0546 4768 sysaudio - ok
22:01:36.0562 4768 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:01:36.0578 4768 SysmonLog - ok
22:01:36.0625 4768 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:01:36.0640 4768 TapiSrv - ok
22:01:36.0750 4768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:36.0765 4768 Tcpip - ok
22:01:36.0828 4768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:36.0828 4768 TDPIPE - ok
22:01:36.0859 4768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:01:36.0859 4768 TDTCP - ok
22:01:36.0890 4768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:01:36.0890 4768 TermDD - ok
22:01:36.0921 4768 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:01:36.0937 4768 TermService - ok
22:01:37.0000 4768 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:01:37.0000 4768 Themes - ok
22:01:37.0046 4768 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
22:01:37.0046 4768 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\tmactmon.sys. md5: e8e528896ff2595cfada88749cd72ef8
22:01:37.0046 4768 tmactmon ( LockedFile.Multi.Generic ) - warning
22:01:37.0046 4768 tmactmon - detected LockedFile.Multi.Generic (1)
22:01:37.0093 4768 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
22:01:37.0093 4768 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\tmcomm.sys. md5: 1837512d4aab862bd297a2ef035fba14
22:01:37.0093 4768 tmcomm ( LockedFile.Multi.Generic ) - warning
22:01:37.0093 4768 tmcomm - detected LockedFile.Multi.Generic (1)
22:01:37.0109 4768 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
22:01:37.0125 4768 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys. md5: dbac510d1c7cc66b7a78eb2264f3072e
22:01:37.0125 4768 tmevtmgr ( LockedFile.Multi.Generic ) - warning
22:01:37.0125 4768 tmevtmgr - detected LockedFile.Multi.Generic (1)
22:01:37.0125 4768 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
22:01:37.0125 4768 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\tmtdi.sys. md5: a6e20b094a8d3e3f46d10bbe7e1ebb82
22:01:37.0125 4768 tmtdi ( LockedFile.Multi.Generic ) - warning
22:01:37.0125 4768 tmtdi - detected LockedFile.Multi.Generic (1)
22:01:37.0140 4768 TosIde - ok
22:01:37.0171 4768 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:01:37.0171 4768 TrkWks - ok
22:01:37.0203 4768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:01:37.0203 4768 Udfs - ok
22:01:37.0218 4768 ultra - ok
22:01:37.0281 4768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:01:37.0296 4768 Update - ok
22:01:37.0328 4768 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:01:37.0328 4768 upnphost - ok
22:01:37.0406 4768 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:01:37.0406 4768 UPS - ok
22:01:37.0437 4768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:01:37.0437 4768 usbccgp - ok
22:01:37.0468 4768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:37.0468 4768 usbehci - ok
22:01:37.0484 4768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:37.0484 4768 usbhub - ok
22:01:37.0500 4768 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:01:37.0500 4768 usbohci - ok
22:01:37.0546 4768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:01:37.0546 4768 usbprint - ok
22:01:37.0578 4768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:37.0578 4768 usbscan - ok
22:01:37.0609 4768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:37.0609 4768 USBSTOR - ok
22:01:37.0640 4768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:01:37.0640 4768 VgaSave - ok
22:01:37.0656 4768 ViaIde - ok
22:01:37.0687 4768 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:37.0687 4768 VolSnap - ok
22:01:37.0703 4768 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:01:37.0734 4768 VSS - ok
22:01:37.0750 4768 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:01:37.0765 4768 W32Time - ok
22:01:37.0781 4768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:37.0781 4768 Wanarp - ok
22:01:37.0796 4768 WDICA - ok
22:01:37.0843 4768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:37.0843 4768 wdmaud - ok
22:01:37.0875 4768 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:01:37.0875 4768 WebClient - ok
22:01:37.0953 4768 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:01:37.0968 4768 winmgmt - ok
22:01:38.0000 4768 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
22:01:38.0015 4768 WmdmPmSN - ok
22:01:38.0046 4768 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:01:38.0062 4768 WmiApSrv - ok
22:01:38.0109 4768 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:01:38.0109 4768 wscsvc - ok
22:01:38.0156 4768 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:01:38.0156 4768 wuauserv - ok
22:01:38.0187 4768 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:01:38.0203 4768 WZCSVC - ok
22:01:38.0281 4768 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:01:38.0281 4768 xmlprov - ok
22:01:38.0296 4768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:01:38.0437 4768 \Device\Harddisk0\DR0 - ok
22:01:38.0500 4768 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
22:01:38.0515 4768 \Device\Harddisk1\DR2 - ok
22:01:38.0515 4768 Boot (0x1200) (c0cb12d2d6417c5b36b5ab0273bea081) \Device\Harddisk0\DR0\Partition0
22:01:38.0515 4768 \Device\Harddisk0\DR0\Partition0 - ok
22:01:38.0531 4768 Boot (0x1200) (e18b3ece6f774e9246c202f49a08c921) \Device\Harddisk1\DR2\Partition0
22:01:38.0531 4768 \Device\Harddisk1\DR2\Partition0 - ok
22:01:38.0531 4768 ============================================================
22:01:38.0531 4768 Scan finished
22:01:38.0531 4768 ============================================================
22:01:38.0546 5456 Detected object count: 4
22:01:38.0546 5456 Actual detected object count: 4

#9 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 09:29 PM

Hi I did combo fix and it did its restart but there was no report I did a search on the computer to find one and nothing came up. The problem still persist with ie closing and sending error reports

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 31 March 2012 - 10:06 PM

Hello,

Please run Combofix again please and post the log if you can.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 10:57 PM

ok so i ran again the same thing is happening but at least i have alog it did say is infected but restored not sure why still not working.
ComboFix 12-03-31.03 - Owner 03/31/2012 23:28:03.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.296 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\PTfile1.dll
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{8A945854-2E31-4AB8-A158-6D1A1EA23C35}\RP165\A0033308.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-03-31 01:58 . 2012-03-31 14:52 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 01:57 . 2012-03-31 01:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-31 01:56 . 2012-03-31 14:52 -------- d-----w- c:\program files\Java
2012-03-30 23:31 . 2012-03-30 23:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 21:38 . 2012-03-30 21:38 190 ----a-w- C:\PPCleanDeleteAtReboot.bat
2012-03-29 22:36 . 2012-03-29 22:36 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-03-29 22:36 . 2012-03-29 22:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedMaxPc
2012-03-29 22:35 . 2012-03-29 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-03-29 12:29 . 2012-03-29 12:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Vuow
2012-03-29 12:29 . 2012-03-29 12:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Uvn
2012-03-29 07:06 . 2012-03-29 07:09 -------- dc-h--w- c:\windows\ie8
2012-03-27 17:56 . 2012-03-27 17:56 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-03-27 14:32 . 2012-03-27 14:32 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2012-03-27 03:15 . 2012-03-27 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-03-27 03:15 . 2012-03-27 12:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ID Vault
2012-03-27 03:14 . 2012-03-27 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\comcasttb
2012-03-27 03:13 . 2012-03-27 12:58 -------- d-----w- c:\documents and settings\Owner\Application Data\ID Vault
2012-03-27 03:12 . 2012-03-27 12:46 -------- d-----w- c:\documents and settings\Owner\Application Data\CallingID
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\program files\Common Files\scanner
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\program files\comcasttb
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\program files\CA
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\windows\Downloaded Installations
2012-03-27 03:10 . 2012-03-27 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-03-26 18:10 . 2012-03-26 18:10 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-03-26 18:09 . 2012-03-26 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 16:43 . 2012-03-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\B399
2012-03-26 16:42 . 2012-03-26 16:42 -------- d-----w- C:\My Downloads
2012-03-26 16:40 . 2012-03-26 16:44 -------- d-----w- c:\documents and settings\Administrator
2012-03-26 14:46 . 2012-03-26 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\29271
2012-03-26 14:41 . 2012-03-29 03:03 22032 ----a-w- c:\windows\DCEBoot.exe
2012-03-26 13:42 . 2012-03-26 16:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NPE
2012-03-26 13:42 . 2012-03-26 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-03-25 21:59 . 2012-03-25 21:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Heilo
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-19 03:39 . 2012-03-19 03:39 -------- d-----w- C:\Rbackup
2012-03-19 02:52 . 2012-03-19 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 02:52 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 01:45 . 2012-03-19 01:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-19 00:14 . 2012-03-19 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\35261
2012-03-19 00:11 . 2012-03-19 00:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ilivid Player
2012-03-18 23:57 . 2012-03-26 17:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
2012-03-18 23:56 . 2012-03-18 23:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 01:56 . 2011-12-19 22:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 13:22 . 2011-12-20 13:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 16:26 . 2008-04-14 05:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-03 09:22 . 2008-04-14 06:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 12:05 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-12-19 20:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-08 02:19 . 2012-01-08 02:19 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 200704]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 7300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCICATS]
2005-09-08 18:44 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\lxcitime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-07 21:27 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-12-20 13:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1804:UDP"= 1804:UDP:Windows Media Format SDK (wmplayer.exe)
"1805:UDP"= 1805:UDP:Windows Media Format SDK (wmplayer.exe)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [1/7/2012 10:23 PM 68368]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [1/7/2012 10:17 PM 200632]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 5:04 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2011 6:35 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/19/2011 5:31 PM 1691480]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys --> c:\windows\system32\DRIVERS\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2011 6:35 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/30/2012 7:31 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 22:35]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shop.com/
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-10214216.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-31 23:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\lxcicoms.exe
c:\windows\system32\wscntfy.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2012-03-31 23:44:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 03:44
.
Pre-Run: 230,552,576,000 bytes free
Post-Run: 230,662,983,680 bytes free
.
- - End Of File - - 028967516B059DC4D776F0F2A20C11D4

#12 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 31 March 2012 - 11:04 PM

i also think virus is blocking some connection to the interent from what i read online because my trend micro says outdated to connect to internet when im already on internet

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:01 AM

Posted 31 March 2012 - 11:23 PM

i also think virus is blocking some connection to the interent from what i read online because my trend micro says outdated to connect to internet when im already on internet

You should probablt uninstall Trend Micro then reinstall it. It may have become corrupted.


1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Files::
c:\documents and settings\All Users\Application Data\B399
c:\documents and settings\All Users\Application Data\29271
c:\documents and settings\All Users\Application Data\35261
c:\documents and settings\Owner\Application Data\Vuow
c:\documents and settings\Owner\Application Data\Uvn

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


3.
We need to check your hard disk for errors.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.


4.
You may have corrupt critical system files. Let's see if we can fix that.

1. Select Start
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt and choose Open

  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Windows Xp disc for this process to continue. This can be done with a borrowed Disc if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.


Things to include in your next reply::
Combofix.txt
Mbam log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 01 April 2012 - 09:31 AM

ComboFix 12-03-31.03 - Owner 04/01/2012 10:18:23.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.399 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 14:05 . 2011-08-02 20:58 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-04-01 14:05 . 2011-08-02 20:58 203792 ----a-w- c:\windows\TmNSCIns.dll
2012-03-31 01:58 . 2012-03-31 14:52 -------- d-----w- c:\program files\Common Files\Java
2012-03-31 01:57 . 2012-03-31 01:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-31 01:56 . 2012-03-31 14:52 -------- d-----w- c:\program files\Java
2012-03-30 23:31 . 2012-03-30 23:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-30 21:38 . 2012-03-30 21:38 190 ----a-w- C:\PPCleanDeleteAtReboot.bat
2012-03-29 22:36 . 2012-03-29 22:36 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-03-29 22:36 . 2012-03-29 22:36 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedMaxPc
2012-03-29 22:35 . 2012-03-29 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-03-29 12:29 . 2012-03-29 12:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Vuow
2012-03-29 12:29 . 2012-03-29 12:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Uvn
2012-03-29 07:06 . 2012-03-29 07:09 -------- dc-h--w- c:\windows\ie8
2012-03-27 17:56 . 2012-03-27 17:56 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-03-27 14:32 . 2012-03-27 14:32 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2012-03-27 03:15 . 2012-03-27 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-03-27 03:15 . 2012-03-27 12:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ID Vault
2012-03-27 03:14 . 2012-03-27 03:14 -------- d-----w- c:\documents and settings\Owner\Application Data\comcasttb
2012-03-27 03:13 . 2012-03-27 12:58 -------- d-----w- c:\documents and settings\Owner\Application Data\ID Vault
2012-03-27 03:12 . 2012-03-27 12:46 -------- d-----w- c:\documents and settings\Owner\Application Data\CallingID
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\program files\Common Files\scanner
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\program files\comcasttb
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\program files\CA
2012-03-27 03:12 . 2012-03-27 03:12 -------- d-----w- c:\windows\Downloaded Installations
2012-03-27 03:10 . 2012-03-27 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-03-26 18:10 . 2012-03-26 18:10 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-03-26 18:09 . 2012-03-26 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 16:43 . 2012-03-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\B399
2012-03-26 16:42 . 2012-03-26 16:42 -------- d-----w- C:\My Downloads
2012-03-26 16:40 . 2012-03-26 16:44 -------- d-----w- c:\documents and settings\Administrator
2012-03-26 14:46 . 2012-03-26 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\29271
2012-03-26 14:41 . 2012-03-29 03:03 22032 ----a-w- c:\windows\DCEBoot.exe
2012-03-26 13:42 . 2012-03-26 16:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\NPE
2012-03-26 13:42 . 2012-03-26 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-03-25 21:59 . 2012-03-25 21:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Heilo
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-19 03:39 . 2012-03-19 03:39 -------- d-----w- C:\Rbackup
2012-03-19 02:52 . 2012-03-19 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-19 02:52 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-19 01:45 . 2012-03-19 01:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-19 00:14 . 2012-03-19 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\35261
2012-03-19 00:11 . 2012-03-19 00:11 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ilivid Player
2012-03-18 23:57 . 2012-03-26 17:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
2012-03-18 23:56 . 2012-03-18 23:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 01:56 . 2011-12-19 22:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 13:22 . 2011-12-20 13:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 16:26 . 2008-04-14 05:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-02-03 09:22 . 2008-04-14 06:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 12:05 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-12-19 20:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-04-01_03.39.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-01 14:25 . 2012-04-01 14:25 16384 c:\windows\Temp\Perflib_Perfdata_258.dat
+ 2006-02-28 12:00 . 2012-04-01 14:05 68156 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-04-01 14:05 435260 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 200704]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComcastAntispyClient]
2009-08-19 17:25 1589208 ----a-w- c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-08-01 12:05 94208 ----a-w- c:\program files\Lexmark 7300 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCICATS]
2005-09-08 18:44 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\lxcitime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-07 21:27 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-12-20 13:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1804:UDP"= 1804:UDP:Windows Media Format SDK (wmplayer.exe)
"1805:UDP"= 1805:UDP:Windows Media Format SDK (wmplayer.exe)
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [5/4/2011 5:04 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 12:42 PM 14088]
R3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2011 6:35 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/19/2011 5:31 PM 1691480]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys --> c:\windows\system32\DRIVERS\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2011 6:35 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/30/2012 7:31 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 22:35]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-19 22:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shop.com/
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 10:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(496)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\lxcicoms.exe
c:\windows\system32\wscntfy.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
.
**************************************************************************
.
Completion time: 2012-04-01 10:28:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-01 14:28
ComboFix2.txt 2012-04-01 03:44
.
Pre-Run: 230,792,880,128 bytes free
Post-Run: 230,824,738,816 bytes free
.
- - End Of File - - 125090FAA20951FEAEEED685FDB9D2C6

#15 jstone77

jstone77
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:01 AM

Posted 01 April 2012 - 09:47 AM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-93F92B369 [administrator]

4/1/2012 10:37:02 AM
mbam-log-2012-04-01 (10-37-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190259
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users