Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection of Malware and Viruses


  • This topic is locked This topic is locked
20 replies to this topic

#1 edisblest

edisblest

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 07 April 2012 - 03:55 PM

Please help. Computer barely running due to possible malware and virus infection. Gmer log located below. DDS did not work.....log only printed symbols. Thank you:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-06 08:30:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75CAA0 rev.16.06V16
Running: gmer.exe; Driver: C:\DOCUME~1\EDGARR~1\LOCALS~1\Temp\fxtdypow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\USB_RNDIS \Device\{088D0A27-6B3B-4A10-AD09-A4BF92567958} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet 4500 G510n-z@ChangeID 10132328
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Officejet 4500 G510n-z (Copy 1)@ChangeID 10132406

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 07 April 2012 - 08:51 PM

Hello Again

I want you to use link 2 or 3 for DDS



I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 07 April 2012 - 09:48 PM

Gringo,
There were no problems with this DDS. Here are the logs:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by edgar richardson at 21:34:43 on 2012-04-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.33 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\system32\lxdkcoms.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 5300 Series\lxdkamon.exe
C:\Program Files\Lexmark 5300 Series\lxdkmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hp\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TuneSync] c:\program files\highwindsoftware\tunesync\TuneSync.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [lxdkamon] "c:\program files\lexmark 5300 series\lxdkamon.exe"
mRun: [Lexmark 5300 Series Fax Server] "c:\program files\lexmark 5300 series\fm3032.exe" /s
mRun: [lxdkmon.exe] "c:\program files\lexmark 5300 series\lxdkmon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: &MSN Search
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{088D0A27-6B3B-4A10-AD09-A4BF92567958} : DhcpNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
regfile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-04-06 03:52:18 -------- d-----w- c:\program files\Cobian Backup 8
.
==================== Find3M ====================
.
2012-02-27 16:27:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 21:37:55.65 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2007 4:38:29 PM
System Uptime: 4/7/2012 3:40:11 PM (6 hours ago)
.
Motherboard: Dell Computer Corporation | | OptiPlex GX150
Processor: Intel Celeron processor | Microprocessor | 1096/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 4.222 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\PRINTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP166: 10/27/2011 5:53:25 PM - System Checkpoint
RP167: 10/28/2011 9:08:49 PM - System Checkpoint
RP168: 10/30/2011 3:56:21 AM - System Checkpoint
RP169: 11/1/2011 6:17:55 PM - System Checkpoint
RP170: 11/4/2011 2:26:31 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP171: 11/4/2011 2:30:28 PM - Installed Windows XP KB942288-v3.
RP172: 11/4/2011 2:31:08 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP173: 11/4/2011 2:31:43 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP174: 11/4/2011 2:32:57 PM - Installed DirectX
RP175: 11/4/2011 2:33:30 PM - Installed DirectX
RP176: 11/4/2011 2:34:10 PM - Installed DirectX
RP177: 11/4/2011 2:34:29 PM - Installed DirectX
RP178: 11/4/2011 2:48:53 PM - Installed Nero Burning ROM 11.
RP179: 11/4/2011 4:34:09 PM - Installed Windows XP Home Edition
RP180: 11/4/2011 4:34:49 PM - Installed Windows XP Home Edition
RP181: 11/4/2011 5:00:31 PM - Installed Windows XP Home Edition
RP182: 11/7/2011 3:00:34 AM - Software Distribution Service 3.0
RP183: 11/10/2011 3:00:31 AM - Software Distribution Service 3.0
RP184: 11/11/2011 3:00:36 AM - Software Distribution Service 3.0
RP185: 11/30/2011 7:08:23 PM - Printer Driver HP Officejet 4500 G510n-z fax Installed
RP186: 12/21/2011 7:20:52 AM - Software Distribution Service 3.0
RP187: 12/21/2011 7:29:47 AM - Software Distribution Service 3.0
RP188: 12/21/2011 8:08:52 AM - Software Distribution Service 3.0
RP189: 1/11/2012 3:00:58 AM - Software Distribution Service 3.0
RP190: 2/23/2012 7:40:15 PM - Removed FixCleaner
RP191: 2/27/2012 10:33:00 AM - Software Distribution Service 3.0
RP192: 3/14/2012 3:01:10 AM - Software Distribution Service 3.0
RP193: 4/3/2012 3:01:12 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BE Limited III
Bonjour
BufferChm
Canon MP250 series MP Drivers
Cobian Backup 8
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceDiscovery
Digital Camera
DocMgr
DocProc
Fax
Form Fill (Windows Live Toolbar)
GPBaseService2
Haali Media Splitter
Highlight Viewer (Windows Live Toolbar)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
iolo technologies' System Mechanic
iTunes
Lexmark 5300 Series
Linksys Wireless-G USB Network Adapter
Malwarebytes Anti-Malware version 1.60.1.1000
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
MSN Money Toolbar Add-in
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
NETGEAR WG111v2 wireless USB 2.0 adapter
Network
OCR Software by I.R.I.S. 13.0
Office Animation Runtime
OneCare Advisor (Windows Live Toolbar)
Point
Popup Blocker (Windows Live Toolbar)
QFolder
QuickTime
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setup
Shop for HP Supplies
Smart Menus (Windows Live Toolbar)
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
TuneSync Server 2.0.15
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Weather Add-in for Windows Live Toolbar
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WMP Tag Plus 1.2
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/7/2012 3:42:00 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000C416D6517. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/7/2012 3:41:59 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
4/6/2012 5:43:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '187A02D.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
4/6/2012 5:41:15 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\ieframe.dll. Reference error message: The operation completed successfully. .
4/6/2012 5:10:55 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\newdev.dll. Reference error message: The operation completed successfully. .
4/6/2012 5:10:53 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .
4/6/2012 5:10:53 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\sti_ci.dll. Reference error message: The operation completed successfully. .
4/6/2012 3:18:07 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
4/6/2012 11:59:58 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
4/6/2012 10:21:01 PM, error: PSched [14103] - QoS [Adapter {088D0A27-6B3B-4A10-AD09-A4BF92567958}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
4/3/2012 3:52:06 AM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
4/3/2012 3:51:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdkCATSCustConnectService service to connect.
4/3/2012 3:51:33 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 3:51:33 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/3/2012 3:51:33 AM, error: Service Control Manager [7000] - The lxdkCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/3/2012 3:51:18 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================


Thank you!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 07 April 2012 - 09:52 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 09 April 2012 - 03:05 PM

Hello Gringo,
I have downloaded all 3 links for ComboFix. When I attempt to run the scan, program does not go past the initial blue screen that states the normal scan time is 10 minutes but could be longer for heavily infected computers. Each time I have waited several hours, but with no results. Please advise.
Thank you,
Ed

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 09 April 2012 - 06:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 10 April 2012 - 07:28 AM

Here are the reports:

21:58:56.0703 2452 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
21:58:57.0640 2452 ============================================================
21:58:57.0640 2452 Current date / time: 2012/04/09 21:58:57.0640
21:58:57.0640 2452 SystemInfo:
21:58:57.0640 2452
21:58:57.0640 2452 OS Version: 5.1.2600 ServicePack: 3.0
21:58:57.0640 2452 Product type: Workstation
21:58:57.0640 2452 ComputerName: JUDAH
21:58:57.0640 2452 UserName: edgar richardson
21:58:57.0640 2452 Windows directory: C:\WINDOWS
21:58:57.0640 2452 System windows directory: C:\WINDOWS
21:58:57.0640 2452 Processor architecture: Intel x86
21:58:57.0640 2452 Number of processors: 1
21:58:57.0640 2452 Page size: 0x1000
21:58:57.0640 2452 Boot type: Normal boot
21:58:57.0640 2452 ============================================================
21:59:02.0453 2452 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:59:02.0453 2452 \Device\Harddisk0\DR0:
21:59:02.0453 2452 MBR used
21:59:02.0453 2452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A81400
21:59:02.0500 2452 Initialize success
21:59:02.0500 2452 ============================================================
21:59:05.0031 2312 ============================================================
21:59:05.0031 2312 Scan started
21:59:05.0031 2312 Mode: Manual;
21:59:05.0031 2312 ============================================================
21:59:06.0062 2312 Abiosdsk - ok
21:59:06.0203 2312 abp480n5 - ok
21:59:06.0421 2312 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
21:59:06.0421 2312 ac97intc - ok
21:59:06.0593 2312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:59:06.0609 2312 ACPI - ok
21:59:06.0796 2312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:59:06.0796 2312 ACPIEC - ok
21:59:07.0078 2312 adpu160m - ok
21:59:07.0218 2312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:59:07.0234 2312 aec - ok
21:59:07.0500 2312 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:59:07.0515 2312 AegisP - ok
21:59:07.0718 2312 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:59:07.0734 2312 AFD - ok
21:59:07.0875 2312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:59:07.0921 2312 agp440 - ok
21:59:08.0125 2312 Aha154x - ok
21:59:08.0421 2312 aic78u2 - ok
21:59:08.0671 2312 aic78xx - ok
21:59:09.0015 2312 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:59:09.0046 2312 Alerter - ok
21:59:09.0359 2312 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:59:09.0375 2312 ALG - ok
21:59:09.0812 2312 AliIde - ok
21:59:10.0093 2312 amsint - ok
21:59:10.0437 2312 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:59:10.0468 2312 Apple Mobile Device - ok
21:59:10.0937 2312 AppMgmt - ok
21:59:11.0250 2312 asc - ok
21:59:11.0375 2312 asc3350p - ok
21:59:11.0593 2312 asc3550 - ok
21:59:11.0937 2312 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:59:12.0125 2312 aspnet_state - ok
21:59:12.0531 2312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:59:12.0578 2312 AsyncMac - ok
21:59:12.0812 2312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:59:12.0828 2312 atapi - ok
21:59:13.0093 2312 Atdisk - ok
21:59:13.0343 2312 ATI Remote Wonder II - ok
21:59:13.0687 2312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:59:13.0796 2312 Atmarpc - ok
21:59:14.0031 2312 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:59:14.0078 2312 AudioSrv - ok
21:59:14.0718 2312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:59:14.0765 2312 audstub - ok
21:59:15.0281 2312 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
21:59:15.0328 2312 BCM42RLY - ok
21:59:15.0781 2312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:59:15.0812 2312 Beep - ok
21:59:16.0171 2312 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:59:16.0984 2312 BITS - ok
21:59:17.0250 2312 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
21:59:17.0343 2312 Bonjour Service - ok
21:59:17.0718 2312 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:59:17.0734 2312 Browser - ok
21:59:18.0062 2312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:59:18.0062 2312 cbidf2k - ok
21:59:18.0234 2312 cd20xrnt - ok
21:59:18.0515 2312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:59:18.0515 2312 Cdaudio - ok
21:59:18.0812 2312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:59:18.0812 2312 Cdfs - ok
21:59:19.0015 2312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:59:19.0031 2312 Cdrom - ok
21:59:19.0234 2312 Changer - ok
21:59:19.0437 2312 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:59:19.0437 2312 cisvc - ok
21:59:19.0687 2312 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:59:19.0718 2312 ClipSrv - ok
21:59:19.0984 2312 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:20.0093 2312 clr_optimization_v2.0.50727_32 - ok
21:59:20.0281 2312 CmdIde - ok
21:59:20.0531 2312 COMSysApp - ok
21:59:20.0828 2312 Cpqarray - ok
21:59:21.0156 2312 cpuz134 - ok
21:59:21.0421 2312 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:59:21.0421 2312 CryptSvc - ok
21:59:21.0625 2312 dac2w2k - ok
21:59:21.0796 2312 dac960nt - ok
21:59:22.0171 2312 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:59:22.0234 2312 DcomLaunch - ok
21:59:22.0640 2312 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:59:22.0640 2312 Dhcp - ok
21:59:22.0953 2312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:59:22.0968 2312 Disk - ok
21:59:23.0062 2312 dmadmin - ok
21:59:23.0578 2312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:59:23.0875 2312 dmboot - ok
21:59:24.0281 2312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:59:24.0296 2312 dmio - ok
21:59:24.0625 2312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:59:24.0656 2312 dmload - ok
21:59:24.0890 2312 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:59:24.0921 2312 dmserver - ok
21:59:25.0203 2312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:59:25.0203 2312 DMusic - ok
21:59:25.0484 2312 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:59:25.0500 2312 Dnscache - ok
21:59:25.0859 2312 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:59:25.0859 2312 Dot3svc - ok
21:59:26.0281 2312 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:59:26.0328 2312 Dot4 - ok
21:59:26.0734 2312 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:59:26.0765 2312 Dot4Print - ok
21:59:27.0046 2312 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:59:27.0046 2312 dot4usb - ok
21:59:27.0234 2312 dpti2o - ok
21:59:27.0468 2312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:59:27.0500 2312 drmkaud - ok
21:59:27.0687 2312 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:59:27.0718 2312 EapHost - ok
21:59:28.0078 2312 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
21:59:28.0078 2312 EAPPkt - ok
21:59:28.0343 2312 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
21:59:28.0359 2312 EL90XBC - ok
21:59:28.0609 2312 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:59:28.0625 2312 ERSvc - ok
21:59:29.0031 2312 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:59:29.0046 2312 Eventlog - ok
21:59:29.0359 2312 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:59:29.0406 2312 EventSystem - ok
21:59:29.0656 2312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:59:29.0671 2312 Fastfat - ok
21:59:29.0890 2312 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:59:29.0906 2312 FastUserSwitchingCompatibility - ok
21:59:30.0234 2312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:59:30.0250 2312 Fdc - ok
21:59:30.0625 2312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:59:30.0656 2312 Fips - ok
21:59:30.0890 2312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:59:30.0921 2312 Flpydisk - ok
21:59:31.0125 2312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:59:31.0140 2312 FltMgr - ok
21:59:31.0406 2312 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:59:31.0437 2312 FontCache3.0.0.0 - ok
21:59:31.0546 2312 FreshIO - ok
21:59:32.0031 2312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:59:32.0046 2312 Fs_Rec - ok
21:59:32.0281 2312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:59:32.0312 2312 Ftdisk - ok
21:59:32.0640 2312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:59:32.0656 2312 GEARAspiWDM - ok
21:59:32.0953 2312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:59:32.0953 2312 Gpc - ok
21:59:33.0234 2312 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
21:59:33.0250 2312 GTNDIS5 - ok
21:59:33.0687 2312 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
21:59:33.0843 2312 HCF_MSFT - ok
21:59:34.0140 2312 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:59:34.0140 2312 helpsvc - ok
21:59:34.0265 2312 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:59:34.0281 2312 HidServ - ok
21:59:34.0468 2312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:59:34.0468 2312 HidUsb - ok
21:59:34.0671 2312 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:59:34.0703 2312 hkmsvc - ok
21:59:34.0890 2312 hpn - ok
21:59:35.0187 2312 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\hp\Digital Imaging\bin\hpqcxs08.dll
21:59:35.0250 2312 hpqcxs08 - ok
21:59:35.0671 2312 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\hp\Digital Imaging\bin\hpqddsvc.dll
21:59:35.0671 2312 hpqddsvc - ok
21:59:36.0078 2312 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\hp\Digital Imaging\bin\HPSLPSVC32.DLL
21:59:36.0328 2312 HPSLPSVC - ok
21:59:36.0531 2312 hpt3xx - ok
21:59:36.0781 2312 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:59:36.0781 2312 HPZid412 - ok
21:59:37.0046 2312 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:59:37.0046 2312 HPZipr12 - ok
21:59:37.0281 2312 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:59:37.0296 2312 HPZius12 - ok
21:59:37.0609 2312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:59:37.0671 2312 HTTP - ok
21:59:38.0109 2312 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:59:38.0156 2312 HTTPFilter - ok
21:59:38.0296 2312 i2omgmt - ok
21:59:38.0484 2312 i2omp - ok
21:59:38.0640 2312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:59:38.0656 2312 i8042prt - ok
21:59:38.0968 2312 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
21:59:39.0078 2312 i81x - ok
21:59:39.0421 2312 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
21:59:39.0437 2312 iAimFP0 - ok
21:59:39.0765 2312 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
21:59:39.0781 2312 iAimFP1 - ok
21:59:40.0140 2312 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
21:59:40.0156 2312 iAimFP2 - ok
21:59:40.0468 2312 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
21:59:40.0500 2312 iAimFP3 - ok
21:59:40.0812 2312 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
21:59:40.0828 2312 iAimFP4 - ok
21:59:41.0156 2312 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
21:59:41.0187 2312 iAimFP5 - ok
21:59:41.0500 2312 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
21:59:41.0500 2312 iAimFP6 - ok
21:59:41.0734 2312 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
21:59:41.0750 2312 iAimFP7 - ok
21:59:42.0031 2312 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
21:59:42.0031 2312 iAimTV0 - ok
21:59:42.0328 2312 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
21:59:42.0343 2312 iAimTV1 - ok
21:59:42.0531 2312 iAimTV2 - ok
21:59:42.0781 2312 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
21:59:42.0812 2312 iAimTV3 - ok
21:59:43.0000 2312 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
21:59:43.0015 2312 iAimTV4 - ok
21:59:43.0234 2312 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
21:59:43.0234 2312 iAimTV5 - ok
21:59:43.0468 2312 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
21:59:43.0468 2312 iAimTV6 - ok
21:59:43.0828 2312 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:59:43.0828 2312 IDriverT - ok
21:59:44.0328 2312 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:59:44.0765 2312 idsvc - ok
21:59:45.0062 2312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:59:45.0093 2312 Imapi - ok
21:59:45.0312 2312 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:59:45.0328 2312 ImapiService - ok
21:59:45.0609 2312 ini910u - ok
21:59:45.0984 2312 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:59:46.0015 2312 IntelIde - ok
21:59:46.0406 2312 ioloSystemService (8c2d445f874cb05773b813ed853607cf) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
21:59:46.0609 2312 ioloSystemService - ok
21:59:46.0953 2312 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:59:46.0968 2312 ip6fw - ok
21:59:47.0218 2312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:59:47.0234 2312 IpFilterDriver - ok
21:59:47.0609 2312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:59:47.0625 2312 IpInIp - ok
21:59:47.0953 2312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:59:47.0984 2312 IpNat - ok
21:59:48.0296 2312 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
21:59:48.0546 2312 iPod Service - ok
21:59:48.0828 2312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:59:48.0859 2312 IPSec - ok
21:59:49.0078 2312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:59:49.0109 2312 IRENUM - ok
21:59:49.0375 2312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:59:49.0406 2312 isapnp - ok
21:59:49.0656 2312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:59:49.0671 2312 Kbdclass - ok
21:59:50.0046 2312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:59:50.0062 2312 kbdhid - ok
21:59:50.0359 2312 kbeepm - ok
21:59:50.0875 2312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:59:50.0890 2312 kmixer - ok
21:59:51.0218 2312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:59:51.0265 2312 KSecDD - ok
21:59:51.0531 2312 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:59:51.0546 2312 lanmanserver - ok
21:59:51.0750 2312 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:59:51.0765 2312 lanmanworkstation - ok
21:59:51.0937 2312 lbrtfdc - ok
21:59:52.0187 2312 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:59:52.0187 2312 LmHosts - ok
21:59:52.0359 2312 lxdkCATSCustConnectService (ef2e002f69d36834c4bb8c7adc01b497) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
21:59:52.0421 2312 lxdkCATSCustConnectService - ok
21:59:52.0609 2312 lxdk_device - ok
21:59:53.0015 2312 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:59:53.0031 2312 MBAMSwissArmy - ok
21:59:53.0218 2312 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:59:53.0250 2312 Messenger - ok
21:59:53.0531 2312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:59:53.0562 2312 mnmdd - ok
21:59:53.0718 2312 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
21:59:53.0734 2312 mnmsrvc - ok
21:59:54.0015 2312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:59:54.0031 2312 Modem - ok
21:59:54.0343 2312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:59:54.0343 2312 Mouclass - ok
21:59:54.0671 2312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:59:54.0687 2312 mouhid - ok
21:59:54.0937 2312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:59:54.0937 2312 MountMgr - ok
21:59:55.0109 2312 mraid35x - ok
21:59:55.0296 2312 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
21:59:55.0421 2312 MREMPR5 - ok
21:59:55.0593 2312 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
21:59:55.0609 2312 MRENDIS5 - ok
21:59:55.0890 2312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:59:55.0890 2312 MRxDAV - ok
21:59:56.0187 2312 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:59:56.0234 2312 MRxSmb - ok
21:59:56.0437 2312 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
21:59:56.0453 2312 MSDTC - ok
21:59:56.0812 2312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:59:56.0843 2312 Msfs - ok
21:59:57.0015 2312 MSIServer - ok
21:59:57.0203 2312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:59:57.0234 2312 MSKSSRV - ok
21:59:57.0406 2312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:59:57.0406 2312 MSPCLOCK - ok
21:59:57.0625 2312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:59:57.0625 2312 MSPQM - ok
21:59:57.0843 2312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:59:57.0843 2312 mssmbios - ok
21:59:58.0062 2312 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:59:58.0078 2312 Mup - ok
21:59:58.0406 2312 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:59:58.0453 2312 napagent - ok
21:59:58.0843 2312 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe
21:59:58.0984 2312 NAUpdate - ok
21:59:59.0250 2312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:59:59.0250 2312 NDIS - ok
21:59:59.0453 2312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:59:59.0468 2312 NdisTapi - ok
21:59:59.0640 2312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:59:59.0671 2312 Ndisuio - ok
21:59:59.0875 2312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:59:59.0890 2312 NdisWan - ok
22:00:00.0125 2312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:00:00.0125 2312 NDProxy - ok
22:00:00.0312 2312 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32\HPZinw12.dll
22:00:00.0312 2312 Net Driver HPZ12 - ok
22:00:00.0609 2312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:00:00.0625 2312 NetBIOS - ok
22:00:01.0156 2312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:00:01.0171 2312 NetBT - ok
22:00:01.0546 2312 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:00:01.0562 2312 NetDDE - ok
22:00:01.0625 2312 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:00:01.0640 2312 NetDDEdsdm - ok
22:00:01.0843 2312 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:00:01.0875 2312 Netlogon - ok
22:00:02.0093 2312 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:00:02.0109 2312 Netman - ok
22:00:02.0390 2312 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:02.0421 2312 NetTcpPortSharing - ok
22:00:02.0609 2312 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:00:02.0656 2312 Nla - ok
22:00:02.0937 2312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:00:02.0937 2312 Npfs - ok
22:00:03.0234 2312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:00:03.0328 2312 Ntfs - ok
22:00:03.0562 2312 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:00:03.0562 2312 NtLmSsp - ok
22:00:03.0875 2312 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:00:03.0953 2312 NtmsSvc - ok
22:00:04.0218 2312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:00:04.0218 2312 Null - ok
22:00:04.0437 2312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:00:04.0468 2312 NwlnkFlt - ok
22:00:04.0906 2312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:00:04.0937 2312 NwlnkFwd - ok
22:00:05.0187 2312 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:00:05.0234 2312 odserv - ok
22:00:05.0500 2312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:05.0546 2312 ose - ok
22:00:05.0828 2312 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
22:00:05.0843 2312 P3 - ok
22:00:06.0046 2312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:00:06.0062 2312 Parport - ok
22:00:06.0203 2312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:00:06.0203 2312 PartMgr - ok
22:00:06.0437 2312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:00:06.0437 2312 ParVdm - ok
22:00:06.0640 2312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:00:06.0656 2312 PCI - ok
22:00:06.0859 2312 PCIDump - ok
22:00:06.0968 2312 PCIIde - ok
22:00:07.0171 2312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:00:07.0187 2312 Pcmcia - ok
22:00:07.0312 2312 PDCOMP - ok
22:00:07.0453 2312 PDFRAME - ok
22:00:07.0531 2312 PDRELI - ok
22:00:07.0671 2312 PDRFRAME - ok
22:00:07.0781 2312 perc2 - ok
22:00:07.0921 2312 perc2hib - ok
22:00:08.0218 2312 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:00:08.0218 2312 PlugPlay - ok
22:00:08.0359 2312 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32\HPZipm12.dll
22:00:08.0359 2312 Pml Driver HPZ12 - ok
22:00:08.0515 2312 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:00:08.0515 2312 PolicyAgent - ok
22:00:08.0687 2312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:00:08.0687 2312 PptpMiniport - ok
22:00:08.0890 2312 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:00:08.0890 2312 ProtectedStorage - ok
22:00:09.0015 2312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:00:09.0015 2312 PSched - ok
22:00:09.0203 2312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:00:09.0203 2312 Ptilink - ok
22:00:09.0421 2312 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
22:00:09.0421 2312 PxHelp20 - ok
22:00:09.0640 2312 ql1080 - ok
22:00:09.0812 2312 Ql10wnt - ok
22:00:09.0968 2312 ql12160 - ok
22:00:10.0078 2312 ql1240 - ok
22:00:10.0265 2312 ql1280 - ok
22:00:10.0484 2312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:00:10.0484 2312 RasAcd - ok
22:00:10.0687 2312 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:00:10.0734 2312 RasAuto - ok
22:00:10.0953 2312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:00:10.0953 2312 Rasl2tp - ok
22:00:11.0109 2312 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:00:11.0125 2312 RasMan - ok
22:00:11.0281 2312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:00:11.0281 2312 RasPppoe - ok
22:00:11.0468 2312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:00:11.0468 2312 Raspti - ok
22:00:11.0656 2312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:00:11.0671 2312 Rdbss - ok
22:00:11.0890 2312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:00:11.0890 2312 RDPCDD - ok
22:00:12.0125 2312 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:00:12.0156 2312 RDPWD - ok
22:00:12.0328 2312 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:00:12.0343 2312 RDSessMgr - ok
22:00:12.0531 2312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:00:12.0546 2312 redbook - ok
22:00:12.0812 2312 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:00:12.0828 2312 RemoteAccess - ok
22:00:13.0015 2312 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
22:00:13.0031 2312 RimUsb - ok
22:00:13.0218 2312 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:00:13.0218 2312 RimVSerPort - ok
22:00:13.0406 2312 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:00:13.0406 2312 ROOTMODEM - ok
22:00:13.0609 2312 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:00:13.0609 2312 RpcLocator - ok
22:00:13.0875 2312 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:00:13.0890 2312 RpcSs - ok
22:00:14.0171 2312 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:00:14.0187 2312 RSVP - ok
22:00:14.0375 2312 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
22:00:14.0406 2312 RTLWUSB - ok
22:00:14.0593 2312 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:00:14.0609 2312 SamSs - ok
22:00:14.0859 2312 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:00:14.0875 2312 SCardSvr - ok
22:00:15.0046 2312 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:00:15.0062 2312 Schedule - ok
22:00:15.0265 2312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:00:15.0281 2312 Secdrv - ok
22:00:15.0390 2312 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:00:15.0406 2312 seclogon - ok
22:00:15.0593 2312 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:00:15.0593 2312 SENS - ok
22:00:15.0781 2312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:00:15.0781 2312 serenum - ok
22:00:15.0921 2312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:00:15.0937 2312 Serial - ok
22:00:16.0234 2312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:00:16.0250 2312 Sfloppy - ok
22:00:16.0468 2312 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:00:16.0500 2312 SharedAccess - ok
22:00:16.0703 2312 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:00:16.0718 2312 ShellHWDetection - ok
22:00:16.0890 2312 Simbad - ok
22:00:17.0046 2312 Sparrow - ok
22:00:17.0203 2312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:00:17.0203 2312 splitter - ok
22:00:17.0343 2312 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:00:17.0359 2312 Spooler - ok
22:00:17.0515 2312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:00:17.0515 2312 sr - ok
22:00:17.0671 2312 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:00:17.0687 2312 srservice - ok
22:00:17.0953 2312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:00:17.0984 2312 Srv - ok
22:00:18.0187 2312 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:00:18.0218 2312 SSDPSRV - ok
22:00:18.0421 2312 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:00:18.0421 2312 StillCam - ok
22:00:18.0625 2312 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:00:18.0687 2312 stisvc - ok
22:00:18.0859 2312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:00:18.0875 2312 swenum - ok
22:00:19.0062 2312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:00:19.0078 2312 swmidi - ok
22:00:19.0156 2312 SwPrv - ok
22:00:19.0296 2312 symc810 - ok
22:00:19.0375 2312 symc8xx - ok
22:00:19.0484 2312 sym_hi - ok
22:00:19.0562 2312 sym_u3 - ok
22:00:19.0812 2312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:00:19.0812 2312 sysaudio - ok
22:00:20.0093 2312 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:00:20.0125 2312 SysmonLog - ok
22:00:20.0500 2312 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:00:20.0515 2312 TapiSrv - ok
22:00:20.0796 2312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:00:20.0859 2312 Tcpip - ok
22:00:21.0062 2312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:00:21.0078 2312 TDPIPE - ok
22:00:21.0265 2312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:00:21.0265 2312 TDTCP - ok
22:00:21.0484 2312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:00:21.0484 2312 TermDD - ok
22:00:21.0656 2312 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:00:21.0703 2312 TermService - ok
22:00:21.0937 2312 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:00:21.0937 2312 Themes - ok
22:00:22.0078 2312 TosIde - ok
22:00:22.0265 2312 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:00:22.0281 2312 TrkWks - ok
22:00:22.0500 2312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:00:22.0500 2312 Udfs - ok
22:00:22.0671 2312 ultra - ok
22:00:22.0906 2312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:00:22.0937 2312 Update - ok
22:00:23.0140 2312 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:00:23.0156 2312 upnphost - ok
22:00:23.0343 2312 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:00:23.0359 2312 UPS - ok
22:00:23.0531 2312 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:00:23.0531 2312 USBAAPL - ok
22:00:23.0703 2312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:00:23.0703 2312 usbccgp - ok
22:00:23.0937 2312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:00:23.0937 2312 usbhub - ok
22:00:24.0125 2312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:00:24.0125 2312 usbprint - ok
22:00:24.0312 2312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:00:24.0328 2312 usbscan - ok
22:00:24.0562 2312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:00:24.0562 2312 USBSTOR - ok
22:00:24.0812 2312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:00:24.0812 2312 usbuhci - ok
22:00:24.0984 2312 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
22:00:24.0984 2312 USB_RNDIS - ok
22:00:25.0203 2312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:00:25.0218 2312 VgaSave - ok
22:00:25.0421 2312 ViaIde - ok
22:00:25.0562 2312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:00:25.0562 2312 VolSnap - ok
22:00:25.0781 2312 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:00:25.0828 2312 VSS - ok
22:00:26.0109 2312 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:00:26.0140 2312 W32Time - ok
22:00:26.0296 2312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:00:26.0312 2312 Wanarp - ok
22:00:26.0484 2312 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:00:26.0531 2312 Wdf01000 - ok
22:00:26.0718 2312 WDICA - ok
22:00:26.0859 2312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:00:26.0875 2312 wdmaud - ok
22:00:27.0031 2312 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:00:27.0046 2312 WebClient - ok
22:00:27.0250 2312 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:00:27.0265 2312 winmgmt - ok
22:00:27.0515 2312 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
22:00:27.0531 2312 WmdmPmSN - ok
22:00:27.0781 2312 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:00:27.0796 2312 WmiApSrv - ok
22:00:28.0109 2312 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:00:28.0187 2312 WMPNetworkSvc - ok
22:00:28.0390 2312 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:00:28.0406 2312 WpdUsb - ok
22:00:28.0593 2312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:00:28.0593 2312 WS2IFSL - ok
22:00:28.0750 2312 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:00:28.0796 2312 wscsvc - ok
22:00:28.0984 2312 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:00:29.0015 2312 wuauserv - ok
22:00:29.0250 2312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:00:29.0265 2312 WudfPf - ok
22:00:29.0437 2312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:00:29.0437 2312 WudfRd - ok
22:00:29.0625 2312 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:00:29.0625 2312 WudfSvc - ok
22:00:29.0812 2312 WUSB54GSv2SVC (e8c30ef9bbc6ddb71f0f77fa3a96515f) C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
22:00:29.0828 2312 WUSB54GSv2SVC - ok
22:00:30.0062 2312 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:00:30.0218 2312 WZCSVC - ok
22:00:30.0453 2312 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:00:30.0500 2312 xmlprov - ok
22:00:30.0765 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:00:31.0156 2312 \Device\Harddisk0\DR0 - ok
22:00:31.0234 2312 Boot (0x1200) (daaf7210042e4976827f8bb9859d21c5) \Device\Harddisk0\DR0\Partition0
22:00:31.0234 2312 \Device\Harddisk0\DR0\Partition0 - ok
22:00:31.0250 2312 ============================================================
22:00:31.0250 2312 Scan finished
22:00:31.0265 2312 ============================================================
22:00:31.0406 2936 Detected object count: 0
22:00:31.0406 2936 Actual detected object count: 0
22:02:43.0171 1444 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 22:15:41
-----------------------------
22:15:41.921 OS Version: Windows 5.1.2600 Service Pack 3
22:15:41.921 Number of processors: 1 586 0x80A
22:15:41.953 ComputerName: JUDAH UserName:
22:15:47.656 Initialize success
22:16:42.203 AVAST engine defs: 12040901
22:16:51.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:16:51.031 Disk 0 Vendor: WDC_WD400BB-75CAA0 16.06V16 Size: 38146MB BusType: 3
22:16:51.140 Disk 0 MBR read successfully
22:16:51.156 Disk 0 MBR scan
22:16:53.828 Disk 0 Windows XP default MBR code
22:16:53.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
22:16:55.906 Disk 0 scanning sectors +78124095
22:16:56.484 Disk 0 scanning C:\WINDOWS\system32\drivers
22:17:46.984 Service scanning
22:18:35.062 Modules scanning
22:19:24.234 Disk 0 trace - called modules:
22:19:24.296 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:19:24.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81eea030]
22:19:24.421 3 CLASSPNP.SYS[f9307fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81ed2030]
22:19:27.593 AVAST engine scan C:\WINDOWS
22:19:40.046 File: C:\WINDOWS\mf5CF7.dll **INFECTED** Win32:Adware-gen [Adw]
22:19:49.484 AVAST engine scan C:\WINDOWS\system32
22:30:14.906 AVAST engine scan C:\WINDOWS\system32\drivers
22:31:07.843 AVAST engine scan C:\Documents and Settings\edgar richardson
22:41:24.156 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
22:47:10.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\edgar richardson\Desktop\MBR.dat"
22:47:10.156 The log file has been saved successfully to "C:\Documents and Settings\edgar richardson\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 22:47:37
-----------------------------
22:47:37.234 OS Version: Windows 5.1.2600 Service Pack 3
22:47:37.234 Number of processors: 1 586 0x80A
22:47:37.234 ComputerName: JUDAH UserName:
22:47:43.796 Initialize success
22:49:08.593 AVAST engine defs: 12040901
22:49:28.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:49:28.640 Disk 0 Vendor: WDC_WD400BB-75CAA0 16.06V16 Size: 38146MB BusType: 3
22:49:28.718 Disk 0 MBR read successfully
22:49:28.734 Disk 0 MBR scan
22:49:32.109 Disk 0 Windows XP default MBR code
22:49:32.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
22:49:35.046 Disk 0 scanning sectors +78124095
22:49:35.984 Disk 0 scanning C:\WINDOWS\system32\drivers
22:51:59.125 Service scanning
22:52:49.265 Modules scanning
22:53:37.078 Disk 0 trace - called modules:
22:53:37.187 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:53:37.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81eea030]
22:53:37.625 3 CLASSPNP.SYS[f9307fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81ed2030]
22:53:41.343 AVAST engine scan C:\WINDOWS
22:54:05.296 File: C:\WINDOWS\mf5CF7.dll **INFECTED** Win32:Adware-gen [Adw]
22:54:28.187 AVAST engine scan C:\WINDOWS\system32
23:11:12.906 AVAST engine scan C:\WINDOWS\system32\drivers
23:12:40.656 AVAST engine scan C:\Documents and Settings\edgar richardson
23:34:38.265 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
23:49:52.671 Scan finished successfully
07:22:47.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\edgar richardson\Desktop\MBR.dat"
07:22:47.765 The log file has been saved successfully to "C:\Documents and Settings\edgar richardson\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 10 April 2012 - 07:36 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 10 April 2012 - 01:42 PM

Tried Combofix twice in safe mode......still will not move past initial blue screen. Please advise.
Thank you,

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 10 April 2012 - 05:59 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 10 April 2012 - 08:28 PM

Here you go:

OTL logfile created on: 4/10/2012 8:09:14 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\edgar richardson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.51 Mb Total Physical Memory | 37.84 Mb Available Physical Memory | 14.93% Memory free
1008.51 Mb Paging File | 593.11 Mb Available in Paging File | 58.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 4.02 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
Drive E: | 1.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JUDAH | User Name: edgar richardson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\edgar richardson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe (iolo technologies, LLC)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe (Highwind Software)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
PRC - C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdkcoms.exe ( )
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe (Linksys)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe (GEMTEKS)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\HighwindSoftware\TuneSync\Thrift.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
MOD - C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
MOD - C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
MOD - C:\Program Files\Lexmark 5300 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 5300 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files\Lexmark 5300 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\WINDOWS\system32\SCMLib.dll ()
MOD - C:\WINDOWS\system32\LXDKPMON.DLL ()
MOD - C:\Program Files\Lexmark 5300 Series\ipcmt.dll ()
MOD - C:\Program Files\Lexmark 5300 Series\lxdkscw.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdkdatr.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdkdrpp.dll ()
MOD - C:\WINDOWS\system32\lxdkoem.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdkcats.dll ()
MOD - C:\WINDOWS\system32\acAuth.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ses_cl.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\ez54g.dll ()
MOD - C:\WINDOWS\system32\LXBRPMON.DLL ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GSv2SVC) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GSv2.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (lxdk_device) -- C:\WINDOWS\system32\lxdkcoms.exe ( )
SRV - (lxdkCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (kbeepm) -- C:\DOCUME~1\EDGARR~1\LOCALS~1\Temp\kbeepm.sys File not found
DRV - (iAimTV2) -- System32\DRIVERS\wATV03nt.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (FreshIO) -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\EDGARR~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (ATI Remote Wonder II) -- system32\drivers\ATIRWVD.SYS File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\watv10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\watv06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wadv09nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wadv08nt.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wadv07nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\SearchScopes,DefaultScope = {3F795A7B-1F1E-47E4-B0DD-E640BDB0521A}
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\SearchScopes\{02A11718-6FCB-489F-B94D-4F796110A6EA}: "URL" = http://www.goodsearch.com/Search.aspx?Keywords={searchTerms}
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\SearchScopes\{3F795A7B-1F1E-47E4-B0DD-E640BDB0521A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_en
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\SearchScopes\{7B598335-9199-4BCE-AB12-6F4FA28C4C07}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"


FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\hp\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/30 19:40:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\hp\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/30 19:40:47 | 000,000,000 | ---D | M]

[2008/07/08 11:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\edgar richardson\Application Data\Mozilla\Firefox\Profiles\h8dsju7s.default\extensions
[2008/07/08 11:23:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\edgar richardson\Application Data\Mozilla\Firefox\Profiles\h8dsju7s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/07/08 11:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/30 21:19:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\TALKBACK@MOZILLA.ORG

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Lexmark 5300 Series Fax Server] C:\Program Files\Lexmark 5300 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdkamon] C:\Program Files\Lexmark 5300 Series\lxdkamon.exe ()
O4 - HKLM..\Run: [lxdkmon.exe] C:\Program Files\Lexmark 5300 Series\lxdkmon.exe ()
O4 - HKU\S-1-5-21-1454471165-484061587-725345543-1004..\Run: [TuneSync] C:\Program Files\HighwindSoftware\TuneSync\TuneSync.exe (Highwind Software)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &MSN Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1454471165-484061587-725345543-1004\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (MSN Games Matchmaking)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe (Reg Error: Value error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{088D0A27-6B3B-4A10-AD09-A4BF92567958}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - http://www.google.com/url?sa=T\x26source\x3dweb
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\edgar richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\edgar richardson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/02/07 19:25:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 20:07:59 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\edgar richardson\Desktop\OTL.exe
[2012/04/10 12:53:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/09 21:58:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\edgar richardson\Desktop\aswMBR.exe
[2012/04/09 21:57:49 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\edgar richardson\Desktop\tdsskiller.exe
[2012/04/09 11:42:29 | 004,453,897 | R--- | C] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\ComboFixed.exe
[2012/04/08 19:25:02 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/08 19:22:55 | 004,452,952 | R--- | C] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\Combo.exe
[2012/04/08 00:50:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/08 00:43:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/08 00:43:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/08 00:43:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/08 00:43:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/08 00:43:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/08 00:42:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/08 00:40:45 | 004,452,637 | R--- | C] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\ComboFix.exe
[2012/04/07 21:34:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\dds.com
[2012/04/05 23:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\edgar richardson\Desktop\gmer
[2012/04/05 22:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Cobian Backup 8
[2012/04/05 22:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2012/04/03 03:13:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 20:07:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\edgar richardson\Desktop\OTL.exe
[2012/04/10 13:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/10 13:31:10 | 265,895,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/10 07:22:47 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\edgar richardson\Desktop\MBR.dat
[2012/04/09 21:58:41 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\edgar richardson\Desktop\aswMBR.exe
[2012/04/09 21:57:55 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\edgar richardson\Desktop\tdsskiller.exe
[2012/04/09 13:58:23 | 000,020,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 11:42:37 | 004,453,897 | R--- | M] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\ComboFixed.exe
[2012/04/08 19:28:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/04/08 19:22:52 | 004,452,952 | R--- | M] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\Combo.exe
[2012/04/08 00:51:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/08 00:40:53 | 004,452,637 | R--- | M] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\ComboFix.exe
[2012/04/07 21:34:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\edgar richardson\Desktop\dds.com
[2012/04/07 21:32:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\edgar richardson\Desktop\Defogger.exe
[2012/04/05 23:25:36 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\edgar richardson\Desktop\gmer.zip
[2012/04/05 23:16:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\edgar richardson\defogger_reenable
[2012/03/14 03:46:13 | 000,462,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/14 03:46:13 | 000,079,778 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/14 03:40:18 | 000,390,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:09:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[19 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 13:31:09 | 265,895,936 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 22:47:10 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\edgar richardson\Desktop\MBR.dat
[2012/04/08 00:51:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/08 00:51:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/08 00:43:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/08 00:43:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/08 00:43:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/08 00:43:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/08 00:43:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/05 23:25:35 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\edgar richardson\Desktop\gmer.zip
[2012/04/05 23:16:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\edgar richardson\defogger_reenable
[2012/04/05 23:16:15 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\edgar richardson\Desktop\Defogger.exe
[2012/02/23 16:54:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/30 19:19:27 | 000,207,523 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2011/11/30 19:19:26 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2011/11/12 17:57:11 | 000,390,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/04 17:05:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2011/10/10 16:20:40 | 000,966,765 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2011/10/10 16:20:40 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\SCMLib.dll
[2011/03/30 19:52:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/03/30 19:52:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/03/25 10:52:06 | 000,021,280 | ---- | C] () -- C:\WINDOWS\System32\RW_FileType.dat
[2011/03/25 10:52:06 | 000,006,738 | ---- | C] () -- C:\WINDOWS\System32\RW_AppData.dat
[2011/03/25 10:52:06 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\RW_FileFlag.dat
[2011/03/25 10:52:06 | 000,000,112 | ---- | C] () -- C:\WINDOWS\System32\RW_{CA28E8EF-487E-11D8-842D-806D6172696F}.dat
[2011/02/22 15:49:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/12/28 00:39:38 | 000,083,196 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/09 13:16:04 | 000,000,256 | ---- | C] () -- C:\WINDOWS\pool.bin

========== Files - Unicode (All) ==========
[2007/03/16 08:50:31 | 000,000,000 | ---D | M](C:\Documents and Settin?) -- C:\Documents and Settinٔ
[2007/03/16 08:50:30 | 000,000,000 | ---D | C](C:\Documents and Settin?) -- C:\Documents and Settinٔ
[2007/02/02 14:32:11 | 000,000,000 | ---D | M](C:\Documents and Settin?) -- C:\Documents and Settinْ
[2007/02/02 14:32:11 | 000,000,000 | ---D | C](C:\Documents and Settin?) -- C:\Documents and Settinْ

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 10 April 2012 - 08:38 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
    O4 - HKLM..\Run: [] File not found
    O8 - Extra context menu item: &MSN Search - Reg Error: Value error. File not found
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
    O18 - Protocol\Filter\text/html - No CLSID value found
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1  
    :Files
    C:\WINDOWS\mf5CF7.dll
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Edited by gringo_pr, 10 April 2012 - 08:39 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 11 April 2012 - 12:04 AM

Here ya go:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&MSN Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\WINDOWS\mf5CF7.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\edgar richardson\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\edgar richardson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: AARON THOMPSON

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: ED RICHARDSON

User: edgar richardson
->Java cache emptied: 30302646 bytes

User: Guest

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000

User: Mariah

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

Total Java Files Cleaned = 29.00 mb


[EMPTYFLASH]

User: AARON THOMPSON
->Flash cache emptied: 34211 bytes

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS
->Flash cache emptied: 56466 bytes

User: ED RICHARDSON

User: edgar richardson
->Flash cache emptied: 842 bytes

User: Guest
->Flash cache emptied: 57985 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: LocalService.NT AUTHORITY.000
->Flash cache emptied: 343 bytes

User: Mariah
->Flash cache emptied: 595 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY

User: NetworkService.NT AUTHORITY.000

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04102012_235251

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 PM

Posted 11 April 2012 - 07:54 AM

Greetings edisblest

How are things running at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 11 April 2012 - 02:09 PM

Hello Gringo,
There seems to be a slight improvement in the speed. Not tremendous, but slight.
Please advise.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users