Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start up problem after malware infestation


  • Please log in to reply
34 replies to this topic

#1 MWBeno

MWBeno

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 26 April 2012 - 08:51 AM

Hello cryptodan,
Still having start up problem in Normal mode but things seem to be changing. The following is a scan report from MalwareBytes run last night.

Following the Malware log will be two log files from Superant Quick scans.
Between the two Quick scans I attempted to do a Complete scan but the system stopped and re-booted itself.

Now there are times when the Normal start up sequence seems to get further along in the process. The computer still boots OK in Safe Mode.

HERE IS THE MALWARE LOG: :

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2012 at 07:19 AM

Application Version : 5.0.1146

Core Rules Database Version : 8514
Trace Rules Database Version: 6326

Scan type : Quick Scan
Total Scan Time : 00:05:09

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 286
Memory threats detected : 0
Registry items scanned : 30191
Registry threats detected : 0
File items scanned : 8062
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\03RJDZRB.txt [ /atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\B3M7FUFV.txt [ /ad.wsod.com ]
C:\Documents and Settings\Administrator\Cookies\ZYGU65Y0.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Administrator\Cookies\D17YCEO4.txt [ /adxpose.com ]
C:\Documents and Settings\Administrator\Cookies\ROHBAS6K.txt [ /invitemedia.com ]
C:\Documents and Settings\Administrator\Cookies\EUD5Y53N.txt [ /doubleclick.net ]
C:\Documents and Settings\Administrator\Cookies\G8V7KXAX.txt [ /questionmarket.com ]
C:\Documents and Settings\Administrator\Cookies\T8GJZ03E.txt [ /serving-sys.com ]
C:\Documents and Settings\Administrator\Cookies\N8BSEK4A.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Administrator\Cookies\SVXIQ6D4.txt [ /collective-media.net ]
C:\Documents and Settings\Administrator\Cookies\GRIB829I.txt [ /ad.yieldmanager.com ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\U62R6WMT.txt [ Cookie:test@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\SVFBBN62.txt [ Cookie:test@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\6VGHSTFA.txt [ Cookie:test@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\IMZT48Z9.txt [ Cookie:test@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\P6LSER5W.txt [ Cookie:test@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\EOMDLLOK.txt [ Cookie:test@ad.yieldmanager.com/ ]



THESE ARE THE SUPERANT LOG FILES:

First Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2012 at 07:19 AM

Application Version : 5.0.1146

Core Rules Database Version : 8514
Trace Rules Database Version: 6326

Scan type : Quick Scan
Total Scan Time : 00:05:09

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 286
Memory threats detected : 0
Registry items scanned : 30191
Registry threats detected : 0
File items scanned : 8062
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\03RJDZRB.txt [ /atdmt.com ]
C:\Documents and Settings\Administrator\Cookies\B3M7FUFV.txt [ /ad.wsod.com ]
C:\Documents and Settings\Administrator\Cookies\ZYGU65Y0.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\Administrator\Cookies\D17YCEO4.txt [ /adxpose.com ]
C:\Documents and Settings\Administrator\Cookies\ROHBAS6K.txt [ /invitemedia.com ]
C:\Documents and Settings\Administrator\Cookies\EUD5Y53N.txt [ /doubleclick.net ]
C:\Documents and Settings\Administrator\Cookies\G8V7KXAX.txt [ /questionmarket.com ]
C:\Documents and Settings\Administrator\Cookies\T8GJZ03E.txt [ /serving-sys.com ]
C:\Documents and Settings\Administrator\Cookies\N8BSEK4A.txt [ /www.googleadservices.com ]
C:\Documents and Settings\Administrator\Cookies\SVXIQ6D4.txt [ /collective-media.net ]
C:\Documents and Settings\Administrator\Cookies\GRIB829I.txt [ /ad.yieldmanager.com ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\U62R6WMT.txt [ Cookie:test@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\SVFBBN62.txt [ Cookie:test@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\6VGHSTFA.txt [ Cookie:test@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\IMZT48Z9.txt [ Cookie:test@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\P6LSER5W.txt [ Cookie:test@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\TEST\Cookies\EOMDLLOK.txt [ Cookie:test@ad.yieldmanager.com/ ]


SECOND SCAN:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2012 at 08:44 AM

Application Version : 5.0.1146

Core Rules Database Version : 8514
Trace Rules Database Version: 6326

Scan type : Quick Scan
Total Scan Time : 00:05:11

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 282
Memory threats detected : 0
Registry items scanned : 30192
Registry threats detected : 0
File items scanned : 8070
File threats detected : 0

BC AdBot (Login to Remove)

 


#2 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 27 April 2012 - 07:58 AM

Good morning cryptodan if you are out there today.

Just a followup to my last post with the malware scan logs.

The computer is now starting normally! There seemed to be an increasing progression of how far it would during bootup. Then one time yesterday it booted up in Normal mode and announced that Windows had recovered from potentially serious problems and would I like to send a/the report(s) to Microsoft. Yes, I said! - The computer has been starting normally since. Could it be that Windows fixed itself??

Thanks for your help. For now things look OK.

Are there any history/log files that we can look at to get a handle on what happened?

Mike

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:31 AM

Posted 30 April 2012 - 08:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I have contacted cryptodan on this and he ask that I give your logs a second look.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#4 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 30 April 2012 - 03:28 PM

Hello nasdaq,

The computer has been consistantly starting in Normal mode. However, after a while the box for checking to have Windows Configure the Wireless Network Settings gets unchecked. This happens contiunally every 10 to 30 minutes after I check the box again and re-connect to the wireless. I am using ATT for internet service. Could there be something in the ATT setup causing this box to become unchecked? Startup time is in the order of ten minutes. Way too long . . .

How did the latest log files look?

Thanks,

Mike

#5 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 30 April 2012 - 06:49 PM

Hello nasdaq,

Any luck looking at the log files yet?

Just an update on the computer. Now the thing will not let me open any programs, I can't even turn it off after it's been on a while, no Task Manager either. Nada, zilch, nothing responds. It makes the bong sound Windows gives you when you have made a wrong choice. The only way to re-start is to do a forced power down reset!! After a restart everything seems to work OK for a while.

I'm close to doing a clean wipe format of the HD or maybe buy a Mac!

Any help is needed.

Thanks,
Mike

#6 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 30 April 2012 - 08:26 PM

Hi nasdaq,
Just a couple more inputs for your consideration. The last time I tried to shut the computer down normally it just hung at the message that Windows was shutting down. I did the power down restart. The start up seemed normal as well as some internet browsing. Then I got several messages from Norton Utilities that there were changes made to the registry. There was nothing apparent going on with the computer at the time.

Any ideas? How is analysis of the last log files going? Is it time for a re-format of the HD?

While writing this something turned off my wireless adapter. This computer is possessed!

Mike

Edited by MWBeno, 30 April 2012 - 08:27 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:31 AM

Posted 01 May 2012 - 08:11 AM

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.
This file will help identify some of the fault with this computer.

#8 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 01 May 2012 - 08:57 AM

As requested the DDS.txt file follows:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 9:53:46 on 2012-05-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2502 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTomXXL542\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATT-SST\McciTrayApp.exe
G:\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\TomTomXXL542\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
{01c9c96c-8065-4539-b493-d1fd50a3a2f3}
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.7.0.9\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\reimagecompanion\updatebhoWin32.dll
BHO: ReImage Browser Helper: {a0e8bc7d-6959-40b6-8e05-204d9768ad6e} - c:\program files\reimagecompanion\jsloader.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.7.0.9\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRun: [TomTomHOME.exe] "c:\program files\tomtomxxl542\tomtom home 2\TomTomHOMERunner.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [TkBellExe] "g:\realplayer\update\realsched.exe" -osboot
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector10\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector10" updatewithcreateonce "software\cyberlink\powerdirector\10.0"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
Trusted Zone: $talisma_url$
Trusted Zone: roxio.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184791831203
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5771A324-6756-47D2-9950-FBA77F0D50DB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8B656295-DC43-4289-BA14-53F317723249} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AC0B01A0-7D2D-4C84-9CC1-6C483A328DEC} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\reimagecompanion\tdataprotocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1307000.009\symds.sys [2012-4-26 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1307000.009\symefa.sys [2012-4-26 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\bashdefs\20120413.001\BHDrvx86.sys [2012-4-13 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1307000.009\ccsetx86.sys [2012-4-26 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-7 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-7 212568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1307000.009\ironx86.sys [2012-4-26 149624]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-5-31 941784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-9 654408]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.7.0.9\ccsvchst.exe [2012-4-26 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-9-20 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-9-20 126392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtomxxl542\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-26 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\ipsdefs\20120428.001\IDSXpx86.sys [2012-4-27 356792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-9 22344]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\virusdefs\20120430.033\NAVENG.SYS [2012-5-1 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\virusdefs\20120430.033\NAVEX15.SYS [2012-5-1 1576312]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-10-1 594048]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [2012-4-7 69208]
S0 pxrj;pxrj;c:\windows\system32\drivers\qjfoq.sys --> c:\windows\system32\drivers\qjfoq.sys [?]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\smr250.sys --> c:\windows\system32\drivers\SMR250.SYS [?]
S0 ytcybmk;ytcybmk;c:\windows\system32\drivers\ylkjc.sys --> c:\windows\system32\drivers\ylkjc.sys [?]
S1 MpKsl384d00bf;MpKsl384d00bf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa0ee3f-75a0-488a-ae5d-f4b82a66818f}\mpksl384d00bf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ffa0ee3f-75a0-488a-ae5d-f4b82a66818f}\MpKsl384d00bf.sys [?]
S1 MpKsl4a26f48d;MpKsl4a26f48d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{444a4bb2-a5c5-44c6-8a63-37190b3eef44}\mpksl4a26f48d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{444a4bb2-a5c5-44c6-8a63-37190b3eef44}\MpKsl4a26f48d.sys [?]
S1 MpKsl4bd83d87;MpKsl4bd83d87;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c30cd273-bcc8-4688-9f72-f38f7ca3cd8c}\mpksl4bd83d87.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c30cd273-bcc8-4688-9f72-f38f7ca3cd8c}\MpKsl4bd83d87.sys [?]
S1 MpKsl6998e3ea;MpKsl6998e3ea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{444a4bb2-a5c5-44c6-8a63-37190b3eef44}\mpksl6998e3ea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{444a4bb2-a5c5-44c6-8a63-37190b3eef44}\MpKsl6998e3ea.sys [?]
S1 MpKsl8533f495;MpKsl8533f495;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65c65212-3545-4657-9d4c-b7470b3e83ba}\mpksl8533f495.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65c65212-3545-4657-9d4c-b7470b3e83ba}\MpKsl8533f495.sys [?]
S1 MpKsldc5cb7c8;MpKsldc5cb7c8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6502e040-9284-45e0-acd5-e5868924e757}\mpksldc5cb7c8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6502e040-9284-45e0-acd5-e5868924e757}\MpKsldc5cb7c8.sys [?]
S1 MpKsle5959dac;MpKsle5959dac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6502e040-9284-45e0-acd5-e5868924e757}\mpksle5959dac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6502e040-9284-45e0-acd5-e5868924e757}\MpKsle5959dac.sys [?]
S1 MpKslf7f8287f;MpKslf7f8287f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{444a4bb2-a5c5-44c6-8a63-37190b3eef44}\mpkslf7f8287f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{444a4bb2-a5c5-44c6-8a63-37190b3eef44}\MpKslf7f8287f.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9af3d500cde3a;Google Update Service (gupdate1c9af3d500cde3a);c:\program files\google\update\GoogleUpdate.exe [2009-3-27 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 EraserUtilDrv11122;EraserUtilDrv11122;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv11122.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv11122.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-27 133104]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SBFWIM.sys [2012-4-7 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-7 94040]
.
=============== Created Last 30 ================
.
2012-05-01 01:52:21 -------- d-----w- c:\documents and settings\hp_administrator\application data\Malwarebytes
2012-04-30 18:18:53 98816 ----a-w- c:\windows\sed.exe
2012-04-30 18:18:53 518144 ----a-w- c:\windows\SWREG.exe
2012-04-30 18:18:53 256000 ----a-w- c:\windows\PEV.exe
2012-04-30 18:18:53 208896 ----a-w- c:\windows\MBR.exe
2012-04-30 18:18:43 -------- d-----w- C:\ComboFix
2012-04-30 18:07:49 -------- d-----w- c:\program files\BleepingComputer
2012-04-26 21:43:37 905336 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symefa.sys
2012-04-26 21:43:37 388216 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symtdi.sys
2012-04-26 21:43:37 345208 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symtdiv.sys
2012-04-26 21:43:37 318584 ----a-w- c:\windows\system32\drivers\nis\1307000.009\symnets.sys
2012-04-26 21:43:36 574072 ----a-w- c:\windows\system32\drivers\nis\1307000.009\srtsp.sys
2012-04-26 21:43:36 340088 ----a-r- c:\windows\system32\drivers\nis\1307000.009\symds.sys
2012-04-26 21:43:36 32888 ----a-w- c:\windows\system32\drivers\nis\1307000.009\srtspx.sys
2012-04-26 21:43:36 149624 ----a-w- c:\windows\system32\drivers\nis\1307000.009\ironx86.sys
2012-04-26 21:43:36 132744 ----a-w- c:\windows\system32\drivers\nis\1307000.009\ccsetx86.sys
2012-04-26 21:43:25 -------- d-----w- c:\windows\system32\drivers\nis\1307000.009
2012-04-26 03:00:38 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{8ca58810-8a71-463a-b35d-c84c2c05e9fb}\mpengine.dll
2012-04-26 02:36:44 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com
2012-04-26 02:31:48 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2012-04-26 02:13:05 -------- d-----w- C:\rei
2012-04-26 02:12:56 -------- d-----w- c:\program files\Reimage
2012-04-26 02:12:50 -------- d-----w- c:\program files\ReImageCompanion
2012-04-25 14:29:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 21:50:52 -------- d-----w- c:\program files\Speccy
2012-04-24 01:41:08 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\NPE
2012-04-24 01:38:15 106928 ------w- c:\windows\system32\GEARAspi.dll
2012-04-24 01:37:55 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0405000.022
2012-04-24 01:37:55 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-04-24 01:37:54 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-04-24 00:40:24 -------- d-----w- c:\program files\Norton Bootable Recovery Tool
2012-04-21 23:22:31 -------- d-----w- C:\found.003
2012-04-21 00:58:57 -------- d-----w- c:\documents and settings\hp_administrator\application data\MSNInstaller
2012-04-12 12:17:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-11 19:47:33 -------- d-----w- c:\program files\HitmanPro
2012-04-10 23:12:57 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-04-10 20:21:30 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-09 16:19:34 54016 ------w- c:\windows\system32\drivers\unmnmxx.sys
2012-04-09 15:16:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-04-09 15:16:24 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-04-09 15:16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-08 23:42:57 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\adawarebp
2012-04-08 22:52:55 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\adaware
2012-04-08 01:03:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-08 01:03:56 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-08 00:56:34 94040 ------w- c:\windows\system32\drivers\sbhips.sys
2012-04-08 00:56:34 212568 ------w- c:\windows\system32\drivers\sbtis.sys
2012-04-08 00:55:43 69208 ------w- c:\windows\system32\drivers\SBFWIM.sys
2012-04-08 00:55:42 332248 ------w- c:\windows\system32\drivers\SbFw.sys
2012-04-08 00:27:48 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-07 20:28:44 -------- d-----w- c:\program files\Norton Rescue Tool
2012-04-07 14:22:46 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Symantec
2012-04-07 14:10:11 -------- d-----w- C:\found.002
2012-04-07 12:40:39 -------- d-----w- C:\found.001
2012-04-04 12:26:49 418464 ------w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-26 20:31:45 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 20:31:45 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 13:37:28 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ------w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ------w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:54:46.15 ===============

#9 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 01 May 2012 - 09:00 AM

Here is the Attach.txt file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2006 8:09:33 PM
System Uptime: 5/1/2012 8:07:46 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Basswood
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 170.477 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.312 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 253.388 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2053: 1/29/2012 7:00:15 PM - Software Distribution Service 3.0
RP2054: 1/29/2012 9:35:39 PM - Made by Norton Utilities O
RP2055: 1/29/2012 9:35:45 PM - Made by Norton Utilities O
RP2056: 1/30/2012 1:50:48 PM - Software Distribution Service 3.0
RP2057: 1/30/2012 7:00:15 PM - Software Distribution Service 3.0
RP2058: 1/31/2012 11:25:43 AM - Software Distribution Service 3.0
RP2059: 1/31/2012 7:00:16 PM - Software Distribution Service 3.0
RP2060: 1/31/2012 10:12:25 PM - Software Distribution Service 3.0
RP2061: 2/1/2012 7:00:16 PM - Software Distribution Service 3.0
RP2062: 2/1/2012 9:52:14 PM - Software Distribution Service 3.0
RP2063: 2/2/2012 7:00:16 PM - Software Distribution Service 3.0
RP2064: 2/3/2012 8:10:38 AM - Software Distribution Service 3.0
RP2065: 2/3/2012 7:00:14 PM - Software Distribution Service 3.0
RP2066: 2/4/2012 7:00:14 PM - Software Distribution Service 3.0
RP2067: 2/5/2012 7:00:15 PM - Software Distribution Service 3.0
RP2068: 2/6/2012 7:00:15 PM - Software Distribution Service 3.0
RP2069: 2/7/2012 8:22:14 AM - Software Distribution Service 3.0
RP2070: 2/7/2012 7:00:25 PM - Software Distribution Service 3.0
RP2071: 2/8/2012 6:49:17 AM - Software Distribution Service 3.0
RP2072: 2/9/2012 7:17:08 AM - Software Distribution Service 3.0
RP2073: 2/9/2012 7:00:17 PM - Software Distribution Service 3.0
RP2074: 2/10/2012 8:43:07 AM - Software Distribution Service 3.0
RP2075: 2/10/2012 7:00:16 PM - Software Distribution Service 3.0
RP2076: 2/11/2012 1:09:28 PM - Configured SmartSound Quicktracks Plugin
RP2077: 2/11/2012 1:10:53 PM - Installed SmartSound "New Standard 22k Library"
RP2078: 2/11/2012 1:33:14 PM - Made by Norton Utilities O
RP2079: 2/11/2012 1:48:01 PM - Configured SmartSound Quicktracks Plugin
RP2080: 2/11/2012 1:49:02 PM - Installed SmartSound "New Standard 22k Library"
RP2081: 2/11/2012 3:07:21 PM - Configured SmartSound Quicktracks Plugin
RP2082: 2/11/2012 3:08:24 PM - Installed SmartSound "New Standard 22k Library"
RP2083: 2/11/2012 7:00:14 PM - Software Distribution Service 3.0
RP2084: 2/11/2012 9:28:50 PM - Software Distribution Service 3.0
RP2085: 2/12/2012 7:00:14 PM - Software Distribution Service 3.0
RP2086: 2/12/2012 9:27:50 PM - Software Distribution Service 3.0
RP2087: 2/13/2012 7:00:16 PM - Software Distribution Service 3.0
RP2088: 2/13/2012 8:48:55 PM - Made by Norton Utilities O
RP2089: 2/13/2012 8:48:59 PM - Made by Norton Utilities O
RP2090: 2/13/2012 9:04:29 PM - Software Distribution Service 3.0
RP2091: 2/14/2012 8:40:00 AM - Software Distribution Service 3.0
RP2092: 2/14/2012 7:00:14 PM - Software Distribution Service 3.0
RP2093: 2/14/2012 9:05:51 PM - Made by Norton Utilities O
RP2094: 2/15/2012 9:30:23 AM - Made by Norton Utilities O
RP2095: 2/15/2012 7:00:25 PM - Software Distribution Service 3.0
RP2096: 2/16/2012 7:00:16 PM - Software Distribution Service 3.0
RP2097: 2/16/2012 10:15:46 PM - Made by Norton Utilities O
RP2098: 2/17/2012 7:21:15 AM - Software Distribution Service 3.0
RP2099: 2/18/2012 10:49:28 AM - Software Distribution Service 3.0
RP2100: 2/18/2012 6:37:51 PM - Software Distribution Service 3.0
RP2101: 2/19/2012 6:56:54 PM - System Checkpoint
RP2102: 2/19/2012 7:00:14 PM - Software Distribution Service 3.0
RP2103: 2/19/2012 10:04:43 PM - Software Distribution Service 3.0
RP2104: 2/20/2012 7:00:14 PM - Software Distribution Service 3.0
RP2105: 2/20/2012 10:08:10 PM - Software Distribution Service 3.0
RP2106: 2/21/2012 7:20:34 AM - Software Distribution Service 3.0
RP2107: 2/21/2012 7:00:17 PM - Software Distribution Service 3.0
RP2108: 2/21/2012 10:01:11 PM - Software Distribution Service 3.0
RP2109: 2/22/2012 11:46:57 AM - Made by Norton Utilities O
RP2110: 2/22/2012 7:00:14 PM - Software Distribution Service 3.0
RP2111: 2/22/2012 9:21:55 PM - Made by Norton Utilities O
RP2112: 2/22/2012 9:22:55 PM - Software Distribution Service 3.0
RP2113: 2/23/2012 7:00:16 PM - Software Distribution Service 3.0
RP2114: 2/23/2012 8:08:27 PM - Made by Norton Utilities O
RP2115: 2/23/2012 9:31:53 PM - Software Distribution Service 3.0
RP2116: 2/24/2012 8:17:08 AM - Software Distribution Service 3.0
RP2117: 2/25/2012 8:10:03 AM - Software Distribution Service 3.0
RP2118: 2/25/2012 7:00:16 PM - Software Distribution Service 3.0
RP2119: 2/25/2012 9:52:30 PM - Software Distribution Service 3.0
RP2120: 2/26/2012 12:22:09 PM - Installed PowerDirector
RP2121: 2/26/2012 12:48:03 PM - Installed PowerDirector 10 Content Pack I
RP2122: 2/26/2012 7:00:14 PM - Software Distribution Service 3.0
RP2123: 2/26/2012 10:08:27 PM - Made by Norton Utilities O
RP2124: 2/26/2012 10:08:37 PM - Made by Norton Utilities O
RP2125: 2/26/2012 10:12:53 PM - Software Distribution Service 3.0
RP2126: 2/27/2012 7:00:15 PM - Software Distribution Service 3.0
RP2127: 2/27/2012 9:58:16 PM - Made by Norton Utilities O
RP2128: 2/27/2012 9:58:21 PM - Made by Norton Utilities O
RP2129: 2/27/2012 9:58:53 PM - Software Distribution Service 3.0
RP2130: 2/28/2012 7:14:07 AM - Software Distribution Service 3.0
RP2131: 2/28/2012 9:01:21 AM - Installed Windows XP KB915800-v4.
RP2132: 2/28/2012 9:01:38 AM - Installed Windows XP Windows Search 4.0.
RP2133: 2/28/2012 12:48:57 PM - Installed LabelPrint
RP2134: 2/28/2012 7:00:17 PM - Software Distribution Service 3.0
RP2135: 2/28/2012 9:34:11 PM - Made by Norton Utilities O
RP2136: 2/28/2012 9:36:58 PM - Made by Norton Utilities O
RP2137: 2/28/2012 9:37:05 PM - Made by Norton Utilities O
RP2138: 2/28/2012 9:37:38 PM - Software Distribution Service 3.0
RP2139: 2/29/2012 7:00:17 PM - Software Distribution Service 3.0
RP2140: 3/1/2012 7:00:17 PM - Software Distribution Service 3.0
RP2141: 3/2/2012 7:18:10 AM - Software Distribution Service 3.0
RP2142: 3/2/2012 7:00:16 PM - Software Distribution Service 3.0
RP2143: 3/2/2012 7:59:43 PM - Made by Norton Utilities O
RP2144: 3/2/2012 9:07:54 PM - Software Distribution Service 3.0
RP2145: 3/3/2012 10:30:18 AM - Made by Norton Utilities O
RP2146: 3/3/2012 10:30:27 AM - Made by Norton Utilities O
RP2147: 3/3/2012 10:44:40 AM - Software Distribution Service 3.0
RP2148: 3/3/2012 7:00:14 PM - Software Distribution Service 3.0
RP2149: 3/3/2012 7:11:25 PM - Software Distribution Service 3.0
RP2150: 3/4/2012 7:00:16 PM - Software Distribution Service 3.0
RP2151: 3/5/2012 11:20:58 AM - Made by Norton Utilities O
RP2152: 3/5/2012 11:21:05 AM - Made by Norton Utilities O
RP2153: 3/5/2012 7:00:15 PM - Software Distribution Service 3.0
RP2154: 3/6/2012 7:11:40 AM - Software Distribution Service 3.0
RP2155: 3/6/2012 7:01:24 PM - Software Distribution Service 3.0
RP2156: 3/6/2012 8:44:43 PM - Made by Norton Utilities O
RP2157: 3/6/2012 8:45:55 PM - Software Distribution Service 3.0
RP2158: 3/7/2012 7:00:18 PM - Software Distribution Service 3.0
RP2159: 3/7/2012 9:53:35 PM - Made by Norton Utilities O
RP2160: 3/7/2012 9:53:39 PM - Made by Norton Utilities O
RP2161: 3/8/2012 12:02:43 PM - Made by Norton Utilities O
RP2162: 3/8/2012 12:02:53 PM - Made by Norton Utilities O
RP2163: 3/8/2012 7:00:16 PM - Software Distribution Service 3.0
RP2164: 3/8/2012 10:03:50 PM - Made by Norton Utilities O
RP2165: 3/9/2012 8:27:46 AM - Software Distribution Service 3.0
RP2166: 3/9/2012 7:00:16 PM - Software Distribution Service 3.0
RP2167: 3/9/2012 9:40:49 PM - Made by Norton Utilities O
RP2168: 3/9/2012 9:41:12 PM - Software Distribution Service 3.0
RP2169: 3/10/2012 7:00:15 PM - Software Distribution Service 3.0
RP2170: 3/10/2012 11:46:29 PM - Software Distribution Service 3.0
RP2171: 3/11/2012 7:00:17 PM - Software Distribution Service 3.0
RP2172: 3/12/2012 6:24:35 PM - Made by Norton Utilities O
RP2173: 3/12/2012 7:00:14 PM - Software Distribution Service 3.0
RP2174: 3/13/2012 7:39:36 AM - Software Distribution Service 3.0
RP2175: 3/13/2012 7:00:19 PM - Software Distribution Service 3.0
RP2176: 3/14/2012 7:00:24 PM - Software Distribution Service 3.0
RP2177: 3/15/2012 4:59:08 PM - Made by Norton Utilities O
RP2178: 3/15/2012 4:59:16 PM - Made by Norton Utilities O
RP2179: 3/15/2012 7:00:15 PM - Software Distribution Service 3.0
RP2180: 3/15/2012 9:15:17 PM - Made by Norton Utilities O
RP2181: 3/15/2012 9:15:21 PM - Made by Norton Utilities O
RP2182: 3/15/2012 9:15:56 PM - Software Distribution Service 3.0
RP2183: 3/16/2012 6:57:35 AM - Software Distribution Service 3.0
RP2184: 3/16/2012 7:00:15 PM - Software Distribution Service 3.0
RP2185: 3/16/2012 8:58:04 PM - Software Distribution Service 3.0
RP2186: 3/17/2012 10:47:13 PM - Software Distribution Service 3.0
RP2187: 3/19/2012 7:16:32 AM - System Checkpoint
RP2188: 3/19/2012 7:00:15 PM - Software Distribution Service 3.0
RP2189: 3/20/2012 8:23:25 AM - Software Distribution Service 3.0
RP2190: 3/20/2012 7:00:18 PM - Software Distribution Service 3.0
RP2191: 3/22/2012 8:43:29 AM - Software Distribution Service 3.0
RP2192: 3/22/2012 7:00:15 PM - Software Distribution Service 3.0
RP2193: 3/24/2012 10:21:45 AM - Software Distribution Service 3.0
RP2194: 3/24/2012 10:26:14 AM - Software Distribution Service 3.0
RP2195: 3/25/2012 9:16:50 PM - Software Distribution Service 3.0
RP2196: 3/25/2012 10:04:06 PM - Made by Norton Utilities O
RP2197: 3/26/2012 7:00:15 PM - Software Distribution Service 3.0
RP2198: 3/26/2012 9:05:23 PM - Made by Norton Utilities O
RP2199: 3/26/2012 9:05:29 PM - Made by Norton Utilities O
RP2200: 3/27/2012 8:13:20 AM - Software Distribution Service 3.0
RP2201: 3/27/2012 3:06:43 PM - Made by Norton Utilities O
RP2202: 3/27/2012 7:00:16 PM - Software Distribution Service 3.0
RP2203: 3/28/2012 8:54:19 AM - Made by Norton Utilities O
RP2204: 3/29/2012 8:08:48 AM - Software Distribution Service 3.0
RP2205: 3/29/2012 7:00:16 PM - Software Distribution Service 3.0
RP2206: 3/30/2012 8:14:25 AM - Software Distribution Service 3.0
RP2207: 4/1/2012 2:12:40 PM - Software Distribution Service 3.0
RP2208: 4/1/2012 7:00:15 PM - Software Distribution Service 3.0
RP2209: 4/2/2012 10:19:39 AM - Made by Norton Utilities O
RP2210: 4/2/2012 10:19:53 AM - Made by Norton Utilities O
RP2211: 4/2/2012 7:00:16 PM - Software Distribution Service 3.0
RP2212: 4/3/2012 7:07:34 AM - Software Distribution Service 3.0
RP2213: 4/3/2012 7:00:16 PM - Software Distribution Service 3.0
RP2214: 4/4/2012 7:00:18 PM - Software Distribution Service 3.0
RP2215: 4/5/2012 7:00:16 PM - Software Distribution Service 3.0
RP2216: 4/5/2012 9:43:52 PM - Made by Norton Utilities O
RP2217: 4/5/2012 9:43:58 PM - Made by Norton Utilities O
RP2218: 4/6/2012 8:22:04 AM - Software Distribution Service 3.0
RP2219: 4/6/2012 7:00:14 PM - Software Distribution Service 3.0
RP2220: 4/7/2012 11:31:12 AM - Made by Norton Utilities O
RP2221: 4/7/2012 11:31:15 AM - Made by Norton Utilities O
RP2222: 4/7/2012 7:00:17 PM - Software Distribution Service 3.0
RP2223: 4/8/2012 3:33:07 PM - Removed Microsoft Office Outlook 2007
RP2224: 4/8/2012 4:46:09 PM - Made by Norton Utilities O
RP2225: 4/8/2012 4:48:31 PM - Made by Norton Utilities O
RP2226: 4/8/2012 5:52:27 PM - Software Distribution Service 3.0
RP2227: 4/9/2012 9:37:12 AM - Software Distribution Service 3.0
RP2228: 4/9/2012 7:00:21 PM - Software Distribution Service 3.0
RP2229: 4/9/2012 9:43:14 PM - Removed Ad-Aware Antivirus.
RP2230: 4/10/2012 9:09:03 AM - Made by Norton Utilities O
RP2231: 4/10/2012 9:10:00 AM - Made by Norton Utilities O
RP2232: 4/10/2012 9:10:05 AM - Made by Norton Utilities O
RP2233: 4/10/2012 9:11:56 AM - Made by Norton Utilities O
RP2234: 4/10/2012 7:18:38 PM - Software Distribution Service 3.0
RP2235: 4/11/2012 9:11:07 AM - Restore Operation
RP2236: 4/11/2012 12:07:14 PM - Made by Norton Utilities O
RP2237: 4/11/2012 12:07:29 PM - Made by Norton Utilities O
RP2238: 4/11/2012 8:34:09 PM - Software Distribution Service 3.0
RP2239: 4/12/2012 2:39:04 PM - Software Distribution Service 3.0
RP2240: 4/12/2012 7:01:21 PM - Software Distribution Service 3.0
RP2241: 4/16/2012 7:04:24 AM - Software Distribution Service 3.0
RP2242: 4/16/2012 8:45:36 AM - Software Distribution Service 3.0
RP2243: 4/16/2012 1:07:27 PM - Software Distribution Service 3.0
RP2244: 4/16/2012 7:00:17 PM - Software Distribution Service 3.0
RP2245: 4/16/2012 7:16:19 PM - Removed Logitech Desktop Messenger
RP2246: 4/16/2012 9:33:21 PM - Software Distribution Service 3.0
RP2247: 4/17/2012 6:55:47 AM - Software Distribution Service 3.0
RP2248: 4/17/2012 7:00:18 PM - Software Distribution Service 3.0
RP2249: 4/17/2012 9:27:36 PM - Removed DesignPro 5.0 Media Edition
RP2250: 4/18/2012 7:00:16 PM - Software Distribution Service 3.0
RP2251: 4/18/2012 7:26:31 PM - Removed Bing Bar
RP2252: 4/18/2012 7:35:43 PM - Removed PL-2303 USB-to-Serial
RP2253: 4/18/2012 8:21:34 PM - Software Distribution Service 3.0
RP2254: 4/18/2012 10:05:29 PM - Software Distribution Service 3.0
RP2255: 4/19/2012 1:59:24 PM - Software Distribution Service 3.0
RP2256: 4/20/2012 7:16:26 AM - Software Distribution Service 3.0
RP2257: 4/21/2012 7:32:02 AM - Made by Norton Utilities O
RP2258: 4/21/2012 7:32:18 AM - Made by Norton Utilities O
RP2259: 4/21/2012 7:34:55 AM - Made by Norton Utilities O
RP2260: 4/21/2012 7:35:01 AM - Made by Norton Utilities O
RP2261: 4/21/2012 7:44:55 AM - Restore Operation
RP2262: 4/22/2012 9:52:52 PM - Restore Operation
RP2263: 4/23/2012 8:34:27 PM - Restore Operation
RP2264: 4/25/2012 10:56:17 PM - System Checkpoint
RP2265: 4/25/2012 11:00:35 PM - Software Distribution Service 3.0
RP2266: 4/27/2012 7:02:59 AM - System Checkpoint
RP2267: 4/27/2012 8:41:03 AM - Software Distribution Service 3.0
RP2268: 4/27/2012 12:42:12 PM - Logitech Legacy USB Camera
RP2269: 4/27/2012 1:19:09 PM - Removed Logitech QuickCam
RP2270: 4/27/2012 1:20:00 PM - Logitech QuickCam v11.80.1048
RP2271: 4/28/2012 4:06:09 PM - System Checkpoint
RP2272: 4/30/2012 2:19:09 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware Browsing Protection
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer
Apple Application Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
att.net Internet Mail
AX88772A & AX88772 Windows XP Drivers
CleanUp!
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
CyberLink LabelPrint
CyberLink PhotoNow
CyberLink PowerDirector 10
CyberLink PowerDirector 10 Content Pack I
CyberLink PowerDirector 10 Content Pack II
CyberLink WaveEditor
DirectX 9 Runtime
EMC 11 Content
Enhanced Multimedia Keyboard Solution
EPSON Print CD
EPSON Printer Software
EPSON Scan
EPSON Stylus Photo RX580 Scanner Driver Update
EPSON Stylus Photo RX580 User's Guide
Eudora OSE (1.0)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
honestech VHS to DVD 5.0 Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DVD Play 2.1
HP Print Diagnostic Utility
HP Product Detection
HP Support Overview
HP Update
HP Web Helper
HpSdpAppCoreApp
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 23
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
LightScribe Applications
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Publisher 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Word 97
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Bootable Recovery Tool Wizard
Norton Internet Security
Norton PC Checkup
Norton Utilities
NVIDIA Drivers
OGA Notifier 2.0.0048.0
ooVoo
OpenOffice.org Installer 1.0
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
RealUpgrade 1.1
Reimage Repair
ReImageCompanion
Roxio Activation Module
Roxio BackOnTrack
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009
Roxio File Backup
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SmartSound Quicktracks 5
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Speccy
Symantec Technical Support Web Controls
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP (remove only)
USB2.0 VIDBOX NW03
WebcamMax
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wireless USB Card
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/30/2012 8:52:54 PM, error: PSched [14103] - QoS [Adapter {5F5D5E3F-1041-49C4-B1A5-13E6B79C2228}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
4/25/2012 10:40:21 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/24/2012 8:16:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/24/2012 7:36:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/24/2012 3:39:53 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80637f4d, parameter3 ba30799c, parameter4 00000000.
4/24/2012 3:37:57 PM, error: Service Control Manager [7000] - The MRESP50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
4/24/2012 3:35:54 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80637f4d, parameter3 b3e3e99c, parameter4 00000000.
4/24/2012 3:26:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE SMR250
4/24/2012 3:23:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/24/2012 3:11:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm SASDIFSV SASKUTIL SBRE SMR250 SRTSP SRTSPX SymIRON SYMTDI
4/24/2012 3:08:18 PM, error: Service Control Manager [7000] - The SafeNet Monitor Service service failed to start due to the following error: The system cannot find the path specified.
4/24/2012 3:08:18 PM, error: Service Control Manager [7000] - The SafeNet IKE Service service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:31 AM

Posted 01 May 2012 - 09:26 AM

I found a Trojan on your DDS log.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs and let me know if the problem persists.

#11 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 01 May 2012 - 10:53 AM

nasdaq,

Attached are the files from ComboFix and the security scan.

While you are reviewing the files I will reboot the system and get back to you as to it's operational status.

The file for ComboFix is first :

ComboFix 12-05-01.02 - HP_Administrator 05/01/2012 11:12:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2928 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\EventSystem.log
.
---- Previous Run -------
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{9AA216FE-501D-4169-A239-709F67B5B060}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{9AA216FE-501D-4169-A239-709F67B5B060}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{AABB78C0-A435-486A-84E3-17E6684828C2}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{AABB78C0-A435-486A-84E3-17E6684828C2}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\w12exd8a.default\extensions\{d5b6380b-7eac-4231-bbba-974c27c7d8e0}
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\w12exd8a.default\extensions\{d5b6380b-7eac-4231-bbba-974c27c7d8e0}\chrome.manifest
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\w12exd8a.default\extensions\{d5b6380b-7eac-4231-bbba-974c27c7d8e0}\chrome\xulcache.jar
c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\w12exd8a.default\extensions\{d5b6380b-7eac-4231-bbba-974c27c7d8e0}\install.rdf
c:\documents and settings\HP_Administrator\Application Data\PriceGong
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\HP_Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\HP_Administrator\ResourceReader.dll
c:\documents and settings\HP_Administrator\ufcanmzgbl.tmp
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\Roxio\WINDOWS
c:\documents and settings\Test\WINDOWS
c:\program files\Shared
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
D:\Autorun.inf
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 15:25 . 2012-05-01 15:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-05-01 01:52 . 2012-05-01 01:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2012-04-30 18:07 . 2012-04-30 18:08 -------- d-----w- c:\program files\BleepingComputer
2012-04-26 21:43 . 2012-04-27 10:37 -------- d-----w- c:\windows\system32\drivers\NIS\1307000.009
2012-04-26 11:12 . 2012-04-26 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-04-26 03:00 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8CA58810-8A71-463A-B35D-C84C2C05E9FB}\mpengine.dll
2012-04-26 02:36 . 2012-04-26 02:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2012-04-26 02:31 . 2012-04-26 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-04-26 02:13 . 2012-04-26 02:14 -------- d-----w- C:\rei
2012-04-26 02:12 . 2012-04-26 02:12 -------- d-----w- c:\program files\Reimage
2012-04-26 02:12 . 2012-04-26 02:12 -------- d-----w- c:\program files\ReImageCompanion
2012-04-26 02:12 . 2012-04-26 02:12 -------- d-----w- c:\documents and settings\Administrator\AppData
2012-04-26 01:09 . 2012-04-30 18:29 -------- d-----w- c:\documents and settings\Test
2012-04-25 14:29 . 2012-04-25 14:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 21:50 . 2012-04-24 21:50 -------- d-----w- c:\program files\Speccy
2012-04-24 01:41 . 2012-04-24 01:51 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE
2012-04-24 01:38 . 2010-08-27 07:38 106928 ------w- c:\windows\system32\GEARAspi.dll
2012-04-24 01:37 . 2012-04-24 01:37 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-04-24 01:37 . 2012-04-24 01:37 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-04-24 00:40 . 2012-04-24 00:41 -------- d-----w- c:\program files\Norton Bootable Recovery Tool
2012-04-21 23:22 . 2012-04-21 23:22 -------- d-----w- C:\found.003
2012-04-21 00:58 . 2012-04-21 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MSNInstaller
2012-04-12 12:17 . 2012-04-29 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-11 21:32 . 2012-04-11 21:32 -------- d-----w- c:\documents and settings\Roxio\Local Settings\Application Data\Thunderbird
2012-04-11 21:32 . 2012-04-11 21:32 -------- d-----w- c:\documents and settings\Roxio\Application Data\Thunderbird
2012-04-11 19:47 . 2012-04-11 19:47 -------- d-----w- c:\program files\HitmanPro
2012-04-10 23:12 . 2012-04-10 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-10 23:12 . 2012-04-10 23:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-04-10 20:21 . 2012-04-10 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-10 00:55 . 2012-04-10 00:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird
2012-04-10 00:55 . 2012-04-10 00:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2012-04-09 20:30 . 2012-04-09 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-04-09 20:30 . 2012-04-09 20:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-04-09 19:55 . 2012-04-09 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2012-04-09 19:44 . 2012-04-09 19:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VHS to DVD
2012-04-09 19:34 . 2012-04-09 19:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-04-09 18:33 . 2012-04-09 18:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-04-09 16:19 . 2012-04-09 16:19 54016 ------w- c:\windows\system32\drivers\unmnmxx.sys
2012-04-09 15:16 . 2012-04-09 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-04-09 15:16 . 2012-04-09 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-09 15:16 . 2012-04-26 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-09 15:16 . 2012-04-04 19:56 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-04-09 13:44 . 2012-04-09 13:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-04-09 13:13 . 2012-04-09 13:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-04-08 22:52 . 2012-04-08 22:52 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\adaware
2012-04-08 22:43 . 2012-04-08 22:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-04-08 11:08 . 2012-04-08 11:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-04-08 01:03 . 2012-04-09 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-08 01:03 . 2012-04-09 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-08 00:56 . 2011-04-05 21:35 94040 ------w- c:\windows\system32\drivers\sbhips.sys
2012-04-08 00:56 . 2011-04-05 21:35 212568 ------w- c:\windows\system32\drivers\sbtis.sys
2012-04-08 00:55 . 2011-02-08 13:14 69208 ------w- c:\windows\system32\drivers\SBFWIM.sys
2012-04-08 00:55 . 2011-04-05 21:35 332248 ------w- c:\windows\system32\drivers\SbFw.sys
2012-04-08 00:55 . 2012-04-08 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-04-08 00:27 . 2012-04-08 00:27 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-07 20:28 . 2012-04-24 01:40 -------- d-----w- c:\program files\Norton Rescue Tool
2012-04-07 14:22 . 2012-04-07 14:22 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Symantec
2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- C:\found.002
2012-04-07 13:31 . 2012-04-07 13:31 -------- d-----w- c:\documents and settings\Roxio\Application Data\HPQ
2012-04-07 13:16 . 2012-04-07 13:16 -------- d-----w- c:\documents and settings\Roxio\Local Settings\Application Data\Identities
2012-04-07 13:16 . 2012-04-07 13:16 -------- d-----w- c:\documents and settings\Roxio\Application Data\Windows Desktop Search
2012-04-07 13:15 . 2012-04-07 13:15 -------- d-----w- c:\documents and settings\Roxio\Application Data\Apple Computer
2012-04-07 12:40 . 2012-04-07 12:40 -------- d-----w- C:\found.001
2012-04-04 12:26 . 2012-04-16 13:37 418464 ------w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 20:31 . 2011-05-06 00:46 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 20:31 . 2011-05-06 00:46 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 13:37 . 2011-06-17 00:08 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2010-12-01 20:24 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-01 11:01 . 2004-08-04 04:00 916992 ------w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 04:00 177664 ------w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 04:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2010-02-26 02:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22 . 2004-08-04 04:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2011-05-07 4093288]
"TomTomHOME.exe"="c:\program files\TomTomXXL542\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"PCDrProfiler"="" [BU]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"TkBellExe"="g:\realplayer\update\realsched.exe" [2011-12-06 296056]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
"dplaysvr"="c:\documents and settings\HP_Administrator\Application Data\dplaysvr.exe" [BU]
.
c:\documents and settings\Test\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-12-8 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2011-10-1 966656]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-12-8 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SGTBox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-31 18:35 1622016 ------w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
g:\video files\Cyber Link Power Director V8\PowerDirector\MUITransfer\MUIStartMenu.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\symds.sys [4/26/2012 5:43 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\symefa.sys [4/26/2012 5:43 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [4/13/2012 1:34 AM 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccsetx86.sys [4/26/2012 5:43 PM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/7/2012 8:55 PM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/7/2012 8:56 PM 212568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\ironx86.sys [4/26/2012 5:43 PM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [5/31/2009 7:43 PM 941784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/9/2012 11:16 AM 654408]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [4/26/2012 5:43 PM 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [9/20/2011 8:20 PM 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [9/20/2011 8:20 PM 126392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTomXXL542\TomTom HOME 2\TomTomHOMEService.exe [1/23/2012 12:43 AM 92592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/26/2012 2:11 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120428.001\IDSXpx86.sys [4/27/2012 8:18 PM 356792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/9/2012 11:16 AM 22344]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [10/1/2011 8:30 PM 594048]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [4/7/2012 8:55 PM 69208]
S0 pxrj;pxrj;c:\windows\system32\drivers\qjfoq.sys --> c:\windows\system32\drivers\qjfoq.sys [?]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS --> c:\windows\system32\drivers\SMR250.SYS [?]
S0 ytcybmk;ytcybmk;c:\windows\system32\drivers\ylkjc.sys --> c:\windows\system32\drivers\ylkjc.sys [?]
S1 MpKsl384d00bf;MpKsl384d00bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA0EE3F-75A0-488A-AE5D-F4B82A66818F}\MpKsl384d00bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FFA0EE3F-75A0-488A-AE5D-F4B82A66818F}\MpKsl384d00bf.sys [?]
S1 MpKsl4a26f48d;MpKsl4a26f48d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{444A4BB2-A5C5-44C6-8A63-37190B3EEF44}\MpKsl4a26f48d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{444A4BB2-A5C5-44C6-8A63-37190B3EEF44}\MpKsl4a26f48d.sys [?]
S1 MpKsl4bd83d87;MpKsl4bd83d87;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C30CD273-BCC8-4688-9F72-F38F7CA3CD8C}\MpKsl4bd83d87.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C30CD273-BCC8-4688-9F72-F38F7CA3CD8C}\MpKsl4bd83d87.sys [?]
S1 MpKsl6998e3ea;MpKsl6998e3ea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{444A4BB2-A5C5-44C6-8A63-37190B3EEF44}\MpKsl6998e3ea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{444A4BB2-A5C5-44C6-8A63-37190B3EEF44}\MpKsl6998e3ea.sys [?]
S1 MpKsl8533f495;MpKsl8533f495;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65C65212-3545-4657-9D4C-B7470B3E83BA}\MpKsl8533f495.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65C65212-3545-4657-9D4C-B7470B3E83BA}\MpKsl8533f495.sys [?]
S1 MpKsldc5cb7c8;MpKsldc5cb7c8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6502E040-9284-45E0-ACD5-E5868924E757}\MpKsldc5cb7c8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6502E040-9284-45E0-ACD5-E5868924E757}\MpKsldc5cb7c8.sys [?]
S1 MpKsle5959dac;MpKsle5959dac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6502E040-9284-45E0-ACD5-E5868924E757}\MpKsle5959dac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6502E040-9284-45E0-ACD5-E5868924E757}\MpKsle5959dac.sys [?]
S1 MpKslf7f8287f;MpKslf7f8287f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{444A4BB2-A5C5-44C6-8A63-37190B3EEF44}\MpKslf7f8287f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{444A4BB2-A5C5-44C6-8A63-37190B3EEF44}\MpKslf7f8287f.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9af3d500cde3a;Google Update Service (gupdate1c9af3d500cde3a);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2009 8:36 PM 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 1:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 1:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 1:24 AM 170480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 8:26 AM 253088]
S3 EraserUtilDrv11122;EraserUtilDrv11122;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2009 8:36 PM 133104]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 1:25 AM 313840]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SBFWIM.sys [4/7/2012 8:55 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/7/2012 8:56 PM 94040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 18:43 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:37]
.
2012-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 00:36]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 00:36]
.
2012-04-16 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 20:22]
.
2012-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2012-05-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417885480-4175638656-1205127507-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-05-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417885480-4175638656-1205127507-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: $talisma_url$
Trusted Zone: roxio.com\www
TCP: DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01C9C96C-8065-4539-B493-D1FD50A3A2F3} - (no file)
Toolbar-SITEguard - (no file)
Toolbar-Locked - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 11:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417885480-4175638656-1205127507-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %5*$%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1417885480-4175638656-1205127507-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,52,c2,e0,0e,5d,8b,4c,99,5e,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,52,c2,e0,0e,5d,8b,4c,99,5e,95,\
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1420)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(216)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2012-05-01 11:38:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 15:38
.
Pre-Run: 183,226,068,992 bytes free
Post-Run: 183,225,614,336 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 755DB93094BB349C1E7661C84CC277AD


HERE is the file for checkup.txt :


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Windows Defender
Java™ 6 Update 23
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 7
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MsMpEng.exe
``````````End of Log````````````

#12 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 01 May 2012 - 11:09 AM

nasdaq,

The Firewall has been re-actiated and for now the computer seems to be running OK. Fingers crossed.

How do the logs look to you? What's next?

Mike

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,539 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:31 AM

Posted 01 May 2012 - 01:06 PM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
pxrj
ytcybmk
MpKsl384d00bf
MpKsl4a26f48d
MpKsl4bd83d87
MpKsl6998e3ea
MpKsl8533f495
MpKsldc5cb7c8
MpKsle5959dac
MpKslf7f8287f


Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-

ClearJavaCache::



Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 7


===

Edited by nasdaq, 01 May 2012 - 01:06 PM.


#14 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 01 May 2012 - 02:09 PM

nasdaq:
The following log.txt file is from the latest run of Combofix that includes the above patch.

Thanks,
Mike


ComboFix log :

ComboFix 12-05-01.02 - HP_Administrator 05/01/2012 14:25:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2550 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL384D00BF
-------\Legacy_MPKSL4A26F48D
-------\Legacy_MPKSL6998E3EA
-------\Legacy_MPKSL8533F495
-------\Legacy_MPKSLDC5CB7C8
-------\Legacy_MPKSLE5959DAC
-------\Legacy_MPKSLF7F8287F
-------\Service_MpKsl384d00bf
-------\Service_MpKsl4a26f48d
-------\Service_MpKsl4bd83d87
-------\Service_MpKsl6998e3ea
-------\Service_MpKsl8533f495
-------\Service_MpKsldc5cb7c8
-------\Service_MpKsle5959dac
-------\Service_MpKslf7f8287f
-------\Service_pxrj
-------\Service_ytcybmk
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 18:37 . 2012-05-01 18:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2012-05-01 01:52 . 2012-05-01 01:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2012-04-30 18:07 . 2012-04-30 18:08 -------- d-----w- c:\program files\BleepingComputer
2012-04-26 21:43 . 2012-04-27 10:37 -------- d-----w- c:\windows\system32\drivers\NIS\1307000.009
2012-04-26 11:12 . 2012-04-26 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-04-26 03:00 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8CA58810-8A71-463A-B35D-C84C2C05E9FB}\mpengine.dll
2012-04-26 02:36 . 2012-04-26 02:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2012-04-26 02:31 . 2012-04-26 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-04-26 02:13 . 2012-04-26 02:14 -------- d-----w- C:\rei
2012-04-26 02:12 . 2012-04-26 02:12 -------- d-----w- c:\program files\Reimage
2012-04-26 02:12 . 2012-04-26 02:12 -------- d-----w- c:\program files\ReImageCompanion
2012-04-26 02:12 . 2012-04-26 02:12 -------- d-----w- c:\documents and settings\Administrator\AppData
2012-04-26 01:09 . 2012-04-30 18:29 -------- d-----w- c:\documents and settings\Test
2012-04-25 14:29 . 2012-04-25 14:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 21:50 . 2012-04-24 21:50 -------- d-----w- c:\program files\Speccy
2012-04-24 01:41 . 2012-04-24 01:51 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\NPE
2012-04-24 01:38 . 2010-08-27 07:38 106928 ------w- c:\windows\system32\GEARAspi.dll
2012-04-24 01:37 . 2012-04-24 01:37 -------- d-----w- c:\windows\system32\drivers\NBRTWizard
2012-04-24 01:37 . 2012-04-24 01:37 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2012-04-24 00:40 . 2012-04-24 00:41 -------- d-----w- c:\program files\Norton Bootable Recovery Tool
2012-04-21 23:22 . 2012-04-21 23:22 -------- d-----w- C:\found.003
2012-04-21 00:58 . 2012-04-21 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MSNInstaller
2012-04-12 12:17 . 2012-04-29 20:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-11 21:32 . 2012-04-11 21:32 -------- d-----w- c:\documents and settings\Roxio\Local Settings\Application Data\Thunderbird
2012-04-11 21:32 . 2012-04-11 21:32 -------- d-----w- c:\documents and settings\Roxio\Application Data\Thunderbird
2012-04-11 19:47 . 2012-04-11 19:47 -------- d-----w- c:\program files\HitmanPro
2012-04-10 23:12 . 2012-04-10 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-10 23:12 . 2012-04-10 23:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\TestApp
2012-04-10 20:21 . 2012-04-10 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-10 00:55 . 2012-04-10 00:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird
2012-04-10 00:55 . 2012-04-10 00:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
2012-04-09 20:30 . 2012-04-09 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-04-09 20:30 . 2012-04-09 20:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-04-09 19:55 . 2012-04-09 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2012-04-09 19:44 . 2012-04-09 19:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VHS to DVD
2012-04-09 19:34 . 2012-04-09 19:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2012-04-09 18:33 . 2012-04-09 18:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2012-04-09 16:19 . 2012-04-09 16:19 54016 ------w- c:\windows\system32\drivers\unmnmxx.sys
2012-04-09 15:16 . 2012-04-09 15:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-04-09 15:16 . 2012-04-09 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-09 15:16 . 2012-04-26 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-09 15:16 . 2012-04-04 19:56 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-04-09 13:44 . 2012-04-09 13:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-04-09 13:13 . 2012-04-09 13:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-04-08 22:52 . 2012-04-08 22:52 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\adaware
2012-04-08 22:43 . 2012-04-08 22:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-04-08 11:08 . 2012-04-08 11:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-04-08 01:03 . 2012-04-09 21:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-08 01:03 . 2012-04-09 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-08 00:56 . 2011-04-05 21:35 94040 ------w- c:\windows\system32\drivers\sbhips.sys
2012-04-08 00:56 . 2011-04-05 21:35 212568 ------w- c:\windows\system32\drivers\sbtis.sys
2012-04-08 00:55 . 2011-02-08 13:14 69208 ------w- c:\windows\system32\drivers\SBFWIM.sys
2012-04-08 00:55 . 2011-04-05 21:35 332248 ------w- c:\windows\system32\drivers\SbFw.sys
2012-04-08 00:55 . 2012-04-08 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-04-08 00:27 . 2012-04-08 00:27 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-07 20:28 . 2012-04-24 01:40 -------- d-----w- c:\program files\Norton Rescue Tool
2012-04-07 14:22 . 2012-04-07 14:22 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Symantec
2012-04-07 14:10 . 2012-04-07 14:10 -------- d-----w- C:\found.002
2012-04-07 13:31 . 2012-04-07 13:31 -------- d-----w- c:\documents and settings\Roxio\Application Data\HPQ
2012-04-07 13:16 . 2012-04-07 13:16 -------- d-----w- c:\documents and settings\Roxio\Local Settings\Application Data\Identities
2012-04-07 13:16 . 2012-04-07 13:16 -------- d-----w- c:\documents and settings\Roxio\Application Data\Windows Desktop Search
2012-04-07 13:15 . 2012-04-07 13:15 -------- d-----w- c:\documents and settings\Roxio\Application Data\Apple Computer
2012-04-07 12:40 . 2012-04-07 12:40 -------- d-----w- C:\found.001
2012-04-04 12:26 . 2012-04-16 13:37 418464 ------w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 20:31 . 2011-05-06 00:46 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-26 20:31 . 2011-05-06 00:46 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 13:37 . 2011-06-17 00:08 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 07:36 . 2010-12-01 20:24 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-01 11:01 . 2004-08-04 04:00 916992 ------w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 04:00 177664 ------w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 04:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 04:00 385024 ------w- c:\windows\system32\html.iec
2012-02-23 14:18 . 2010-02-26 02:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22 . 2004-08-04 04:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2011-05-07 4093288]
"TomTomHOME.exe"="c:\program files\TomTomXXL542\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"PCDrProfiler"="" [BU]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 1573888]
"TkBellExe"="g:\realplayer\update\realsched.exe" [2011-12-06 296056]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" [2010-09-17 222504]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Test\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-12-8 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2011-10-1 966656]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-12-8 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-31 18:35 1622016 ------w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
g:\video files\Cyber Link Power Director V8\PowerDirector\MUITransfer\MUIStartMenu.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1307000.009\symds.sys [4/26/2012 5:43 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1307000.009\symefa.sys [4/26/2012 5:43 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [4/13/2012 1:34 AM 821880]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1307000.009\ccsetx86.sys [4/26/2012 5:43 PM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/7/2012 8:55 PM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/7/2012 8:56 PM 212568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1307000.009\ironx86.sys [4/26/2012 5:43 PM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [5/31/2009 7:43 PM 941784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/9/2012 11:16 AM 654408]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [4/26/2012 5:43 PM 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [9/20/2011 8:20 PM 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [9/20/2011 8:20 PM 126392]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTomXXL542\TomTom HOME 2\TomTomHOMEService.exe [1/23/2012 12:43 AM 92592]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/26/2012 2:11 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20120428.001\IDSXpx86.sys [4/27/2012 8:18 PM 356792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/9/2012 11:16 AM 22344]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [10/1/2011 8:30 PM 594048]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SBFWIM.sys [4/7/2012 8:55 PM 69208]
S0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS --> c:\windows\system32\drivers\SMR250.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9af3d500cde3a;Google Update Service (gupdate1c9af3d500cde3a);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2009 8:36 PM 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 1:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 1:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 1:24 AM 170480]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 8:26 AM 253088]
S3 EraserUtilDrv11122;EraserUtilDrv11122;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2009 8:36 PM 133104]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 1:25 AM 313840]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SBFWIM.sys [4/7/2012 8:55 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/7/2012 8:56 PM 94040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 18:43 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:37]
.
2012-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 00:36]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 00:36]
.
2012-04-16 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 20:22]
.
2012-05-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2012-05-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1417885480-4175638656-1205127507-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2012-05-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1417885480-4175638656-1205127507-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: $talisma_url$
Trusted Zone: roxio.com\www
TCP: DhcpNameServer = 192.168.1.254
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\ReImageCompanion\tdataprotocol.dll
DPF: {4ECE056F-E50F-4F9D-B069-EB342D21F26A} - hxxp://www2.snapfish.com/SnapfishActivia3.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417885480-4175638656-1205127507-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %5*$%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1417885480-4175638656-1205127507-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,52,c2,e0,0e,5d,8b,4c,99,5e,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,16,52,c2,e0,0e,5d,8b,4c,99,5e,95,\
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1432)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(400)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2012-05-01 14:46:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 18:46
ComboFix2.txt 2012-05-01 15:38
.
Pre-Run: 183,222,673,408 bytes free
Post-Run: 183,093,673,984 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0F49ED8FBECBA91B85A7DC8386B30D60

#15 MWBeno

MWBeno
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Monroe,CT. USA
  • Local time:09:31 AM

Posted 01 May 2012 - 07:29 PM

Hi nasdaq,

Just an update on computer performance. For the past couple of hours things seem to be behaving normally. Way to go and many, many thanks!!

However, there are a couple of issues which may not be related to what you found.

1). Every time a program is closed, IE for example, the hour glass is displayed for about 5 seconds right next to the cursor. After the hour glass times out I can activate another program normally. I don't remember this happening with such regularity.

2). Occasionally the wireless, USB network adapter gets taken off line. If I go into Network Connections and check (again) Use Windows to configure wireless nework settings the internet connection is restored.

Any more ideas? You're on a roll now.

Thanks again,
Mike

Edited by MWBeno, 01 May 2012 - 07:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users