adavis5

Members
  • Content Count

    13
  • Joined

  • Last visited

Community Reputation

0 Neutral

About adavis5

  • Rank
    Member
  1. Blade--thanks very much for the help! The system is running very smoothly now. I updated everything you reocmmended. One question: I have a system tray icon and a message that appear to be from my McAfee antivirus software, saying that no firewall is turned on, and that McAfee VirusScan Enterprise is turned off. I'm attaching a screen shot so you can see what I mean. Is this for real? Or is this some continued trojan infection? Many thanks again.
  2. Thanks. I ran combofix with the script you provided, then updated Java, then ran ESET, then ran DDS. Combofix log is here: ComboFix 11-01-06.03 - andrew davis 01/06/2011 14:34:20.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2917 [GMT -6:00] Running from: c:\documents and settings\andrew davis\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\andrew davis\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 ))))))))))))))))))))))))))))))) . 2011-01-05 06:46 . 2011-01-05 06:46 388096 ----a-r- c:\documents and settings\andrew davis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-05 06:46 . 2011-01-05 06:46 -------- d-----w- c:\program files\Trend Micro 2011-01-02 00:55 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 00:55 . 2011-01-02 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-02 00:55 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-30 05:36 . 2010-12-30 05:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2010-12-30 05:36 . 2010-12-30 05:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2010-12-30 03:24 . 2010-12-30 03:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-12-30 02:54 . 2010-12-30 02:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-30 02:49 . 2010-12-30 02:49 -------- d-----w- c:\documents and settings\andrew davis\Local Settings\Application Data\Sunbelt Software 2010-12-30 02:48 . 2011-01-05 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-30 02:48 . 2011-01-05 16:43 -------- d-----w- c:\program files\Lavasoft 2010-12-30 02:12 . 2010-12-30 02:12 -------- d-----w- C:\_OTM 2010-12-27 05:02 . 2010-12-27 05:02 -------- d-----w- c:\program files\Free HD Converter 2010-12-27 05:02 . 2010-12-27 05:02 -------- d-----w- c:\documents and settings\andrew davis\Application Data\FreeHDConverter 2010-12-27 04:53 . 2010-12-27 04:53 -------- d-----w- c:\program files\Emicsoft Studio 2010-12-27 04:47 . 2010-12-27 04:53 -------- d-----w- c:\documents and settings\andrew davis\Application Data\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-06 17:24 . 2008-06-10 12:26 0 ----a-w- c:\documents and settings\andrew davis\Local Settings\Application Data\WavXMapDrive.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-29 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568] "nwiz"="nwiz.exe" [2007-05-31 1626112] "NVHotkey"="nvHotkey.dll" [2007-05-31 67584] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-21 149280] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Acrobat Assistant 8.0"="c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 198160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-6 50688] VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-1-27 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Common Files\\Adobe\\Installers\\f4ca0de7e69bc77df34b5de71c8a078\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1756221810-1411433888-3965214134-1005Core.job - c:\documents and settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 22:00] 2011-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1756221810-1411433888-3965214134-1005UA.job - c:\documents and settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 22:00] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: ImTranslator - c:\progra~1\SMARTL~1\IMTRAN~1\startup.html DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab FF - ProfilePath - c:\documents and settings\andrew davis\Application Data\Mozilla\Firefox\Profiles\1tjkecab.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-01-06 14:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5870MZK2\size=300x250;noperf=1;alias=93206396;noaddonpl=y;kvcity=houston;kvst=tx;kvdma=houston;kvco=usa;kvzip=77002;kvmn=93206396;target=_blank;aduho=300;grp=456739671;misc=45673[1] 344 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5870MZK2\left_link[1].gif 61 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\size=160x600;noperf=1;alias=93246064;noaddonpl=y;kvcity=houston;kvst=tx;kvdma=houston;kvco=usa;kvzip=77071;kvmn=93246064;target=_blank;aduho=300;grp=456746156;misc=45674[1] 344 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\size=160x600;noperf=1;alias=93246064;noaddonpl=y;kvcity=houston;kvst=tx;kvdma=houston;kvco=usa;kvzip=77071;kvmn=93246064;target=_blank;aduho=300;grp=456756484;misc=45675[1] 344 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\v=5%3Bm=2%3Bl=969%3Bc=7659%3Bb=34534%3Bp=ui%3DC0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__%3Btr%3DCnE9oDMGMF-%3Btm%3D0-0%3Bts=20090329144731%3Bdct=;ord=20090329144731[1].htm 3361 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\v=5;m=2;l=969;cxt=;kw=;ts=535125;smuid=C0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__;p=ui%3DC0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__%3Btr%3DCnE9oDMGMF-%3Btm%3D0-0[1] 325 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\footer[1].gif 63 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\v=5;m=2;l=970;cxt=;kw=;ts=411682;smuid=C0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__;p=ui%3DC0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__%3Btr%3DEBh08BDD1k4%3Btm%3D0-0[1] 1682 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VZ5NN9OC\us_photo_gifts.-Par-36039-Image1Ref.MC4w.[1].png 32825 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VZ5NN9OC\editComments[1].js scan completed successfully hidden files: 10 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1756221810-1411433888-3965214134-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4336) c:\windows\system32\nview.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-01-06 14:43:54 ComboFix-quarantined-files.txt 2011-01-06 20:43 ComboFix2.txt 2011-01-05 19:45 Pre-Run: 11,255,795,712 bytes free Post-Run: 11,380,908,032 bytes free - - End Of File - - 0E82A2C32E39FC2ADAB4EE47B516CA1A ESET log is here: [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=66ba2ce9d75e0841b780f1f998d1d672 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-01-06 10:22:37 # local_time=2011-01-06 04:22:37 (-0600, Central Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=196276 # found=0 # cleaned=0 # scan_time=4176 DDS.txt is here: DDS (Ver_10-12-12.02) - NTFSx86 Run by andrew davis at 17:51:15.90 on Thu 01/06/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2749 [GMT -6:00] AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\andrew davis\Desktop\downloads\DDS jan 2011\dds.com ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [Google Update] "c:\documents and settings\andrew davis\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico IE: Append to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: ImTranslator - c:\progra~1\smartl~1\imtran~1\startup.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.lib.uh.edu/lib/uhmain/support/plugins/ebraryRdr.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\1tjkecab.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-10 104000] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-6-10 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-6-10 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-6-10 168776] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] =============== Created Last 30 ================ 2011-01-06 21:02:37 -------- d-----w- c:\program files\ESET 2011-01-06 20:56:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-01-06 20:56:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-06 20:56:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-01-05 19:07:03 -------- d-sha-r- C:\cmdcons 2011-01-05 19:02:41 98816 ----a-w- c:\windows\sed.exe 2011-01-05 19:02:41 89088 ----a-w- c:\windows\MBR.exe 2011-01-05 19:02:41 256512 ----a-w- c:\windows\PEV.exe 2011-01-05 19:02:41 161792 ----a-w- c:\windows\SWREG.exe 2011-01-05 06:46:06 388096 ----a-r- c:\docume~1\andrew~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-05 06:46:05 -------- d-----w- c:\program files\Trend Micro 2011-01-02 00:55:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 00:55:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-02 00:55:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-30 02:54:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-30 02:49:49 -------- d-----w- c:\docume~1\andrew~1\locals~1\applic~1\Sunbelt Software 2010-12-30 02:48:31 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-30 02:48:11 -------- d-----w- c:\program files\Lavasoft 2010-12-30 02:12:23 -------- d-----w- C:\_OTM 2010-12-27 05:02:14 -------- d-----w- c:\program files\Free HD Converter 2010-12-27 05:02:14 -------- d-----w- c:\docume~1\andrew~1\applic~1\FreeHDConverter 2010-12-27 04:53:18 -------- d-----w- c:\program files\Emicsoft Studio 2010-12-27 04:47:44 -------- d-----w- c:\docume~1\andrew~1\applic~1\GetRightToGo ==================== Find3M ==================== ============= FINISH: 17:51:42.26 =============== attach.txt is here: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/10/2008 7:25:56 AM System Uptime: 1/6/2011 2:53:27 PM (3 hours ago) Motherboard: Dell Inc. | | Processor: Intel Pentium III Xeon processor | Microprocessor | 2593/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 10.5 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET000 Service: CVirtA ==== System Restore Points =================== RP438: 10/8/2010 6:53:40 PM - System Checkpoint RP439: 10/11/2010 11:05:54 AM - System Checkpoint RP440: 10/12/2010 12:46:47 PM - System Checkpoint RP441: 10/13/2010 4:29:12 PM - System Checkpoint RP442: 10/17/2010 6:40:08 PM - System Checkpoint RP443: 10/20/2010 11:07:29 AM - System Checkpoint RP444: 10/23/2010 8:29:18 PM - System Checkpoint RP445: 10/25/2010 6:40:57 PM - System Checkpoint RP446: 10/27/2010 8:41:20 AM - System Checkpoint RP447: 10/28/2010 9:12:36 AM - System Checkpoint RP448: 11/1/2010 2:15:58 PM - System Checkpoint RP449: 11/4/2010 9:15:19 AM - System Checkpoint RP450: 11/8/2010 10:19:32 AM - System Checkpoint RP451: 11/9/2010 12:53:07 PM - System Checkpoint RP452: 11/11/2010 11:32:48 AM - System Checkpoint RP453: 11/12/2010 1:35:40 PM - System Checkpoint RP454: 11/15/2010 9:13:17 AM - System Checkpoint RP455: 11/16/2010 9:15:43 AM - System Checkpoint RP456: 11/17/2010 11:18:28 AM - System Checkpoint RP457: 11/18/2010 1:13:21 PM - System Checkpoint RP458: 11/18/2010 9:43:01 PM - Installed Epson Print CD RP459: 11/18/2010 9:44:58 PM - Removed Epson Print CD RP460: 11/18/2010 9:54:03 PM - Installed Epson Print CD RP461: 11/19/2010 12:10:48 AM - Removed Epson Print CD RP462: 11/19/2010 12:24:06 AM - Unsigned driver install RP463: 11/21/2010 2:47:15 PM - System Checkpoint RP464: 11/24/2010 1:12:21 AM - System Checkpoint RP465: 11/25/2010 2:18:58 PM - System Checkpoint RP466: 11/27/2010 9:12:20 PM - System Checkpoint RP467: 11/29/2010 10:16:38 AM - System Checkpoint RP468: 11/30/2010 11:35:38 AM - System Checkpoint RP469: 12/2/2010 10:50:49 AM - System Checkpoint RP470: 12/3/2010 12:38:23 PM - System Checkpoint RP471: 12/6/2010 4:03:13 PM - System Checkpoint RP472: 12/8/2010 8:46:32 AM - System Checkpoint RP473: 12/12/2010 7:16:21 PM - System Checkpoint RP474: 12/14/2010 8:18:26 AM - System Checkpoint RP475: 12/19/2010 1:19:16 AM - System Checkpoint RP476: 12/29/2010 8:22:00 PM - OTM Restore Point RP477: 12/31/2010 9:50:33 PM - System Checkpoint RP478: 1/2/2011 9:41:44 PM - System Checkpoint RP479: 1/5/2011 12:25:05 AM - System Checkpoint RP480: 1/5/2011 12:46:02 AM - Installed HiJackThis RP481: 1/6/2011 10:35:10 AM - Software Distribution Service 3.0 RP482: 1/6/2011 2:50:27 PM - Removed J2SE Runtime Environment 5.0 Update 6 RP483: 1/6/2011 2:51:06 PM - Removed Java(tm) 6 Update 15 RP484: 1/6/2011 2:56:19 PM - Installed Java(tm) 6 Update 23 ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Ad-Aware Add or Remove Adobe Creative Suite 3 Web Premium Additional Bluetooth Drivers Adobe Acrobat 8 Professional Adobe Acrobat 8.1.4 Professional Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Sensor Minimum Install biolsp patch Bluetooth Stack for Windows by Toshiba Bonjour Broadcom ASF Management Applications Broadcom Management Programs Browser Address Error Redirector Cisco Systems VPN Client 5.0.06.0110 Conexant HDA D330 MDC V.92 Modem Dell Drivers MSI Dell Embassy Trust Suite by Wave Systems Dell Laser Printer 1110 Software Uninstall Dell Touchpad Digital Line Detect Document Manager Lite DVTSng for WindowsXP Ver.0.0.0 Rev.2 (BETA) EMBASSY Security Center EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems EPSON Scan ESC Home Page Plugin ESET Online Scanner v3 Express Burn Express Rip Finale 2008 Finale Reader 2010 Free HD Converter V 1.7 Gemalto GemSafe Standard Edition 5.1 Google Chrome GPL Ghostscript 8.62 GPL Ghostscript Fonts GSview 4.9 High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) ImTranslator for IE Intel® PROSet/Wireless Software IntelliSonic Speech Enhancement Ipswitch WS_FTP LE IrfanView (remove only) iTunes Java Auto Updater Java(tm) 6 Update 23 KODAK EASYSHARE Gallery Upload ActiveX Control Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware McAfee VirusScan Enterprise mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows XP Video Decoder Checkup Utility mIWA mLogView mMHouse Mobipocket Reader 6.2 Motorola Driver Installation 3.1.0 Motorola Software Update Mozilla Firefox (3.0.13) mPfMgr mPfWiz mProSafe mSCfg mSSO MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig NetWaiting NTRU TCG Software Stack NVIDIA Drivers PDF Settings PowerDVD Preboot Manager Private Information Manager QuickSet QuickTime RealPlayer Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio Update Manager Secure Update Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) Security Wizards Segoe UI Skype™ 4.0 Sonic Activation Module Switch Trusted Drive Manager tsp patch Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb958619) Update for Windows XP (KB951978) Update for Windows XP (KB955839) upekmsi Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.8a Wave Infrastructure Installer Wave Support Software WavePad Sound Editor WebFldrs XP Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Installer Wrapper Wizard 0.2.0 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 1/6/2011 1:31:10 AM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 129.7.154.16. The machine with the IP address 129.7.1.200 did not allow the name to be claimed by this machine. 1/5/2011 3:22:14 PM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 172.25.252.40. The machine with the IP address 129.7.1.200 did not allow the name to be claimed by this machine. 1/5/2011 3:22:10 PM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 001F3B6CC68D has been denied by the DHCP server 172.21.12.17 (The DHCP Server sent a DHCPNACK message). 1/5/2011 2:52:34 PM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 169.254.2.173. The machine with the IP address 169.254.2.173 did not allow the name to be claimed by this machine. 1/5/2011 2:44:39 PM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 129.7.125.217. The machine with the IP address 129.7.1.200 did not allow the name to be claimed by this machine. 1/5/2011 12:49:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 1/5/2011 12:47:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402 1/5/2011 10:43:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 1/5/2011 10:38:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 1/5/2011 10:37:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/5/2011 10:36:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Tosrfcom 1/5/2011 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402 1/5/2011 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402 1/5/2011 1:10:29 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:10:29 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:00:08 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 1/4/2011 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 1/4/2011 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402 1/3/2011 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402 1/3/2011 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402 1/3/2011 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 1/3/2011 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 1/2/2011 11:28:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 1/2/2011 11:28:22 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 1/2/2011 11:14:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402 ==== End Of File ===========================
  3. Thanks. Fresh DDS.txt log is here: DDS (Ver_10-12-12.02) - NTFSx86 Run by andrew davis at 10:36:33.46 on Thu 01/06/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2903 [GMT -6:00] AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\andrew davis\Desktop\downloads\DDS jan 2011\dds.com ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [Google Update] "c:\documents and settings\andrew davis\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico IE: Append to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: ImTranslator - c:\progra~1\smartl~1\imtran~1\startup.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.lib.uh.edu/lib/uhmain/support/plugins/ebraryRdr.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\1tjkecab.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-10 104000] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-6-10 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-6-10 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-6-10 168776] =============== Created Last 30 ================ 2011-01-05 19:07:03 -------- d-sha-r- C:\cmdcons 2011-01-05 19:02:41 98816 ----a-w- c:\windows\sed.exe 2011-01-05 19:02:41 89088 ----a-w- c:\windows\MBR.exe 2011-01-05 19:02:41 256512 ----a-w- c:\windows\PEV.exe 2011-01-05 19:02:41 161792 ----a-w- c:\windows\SWREG.exe 2011-01-05 06:46:06 388096 ----a-r- c:\docume~1\andrew~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-05 06:46:05 -------- d-----w- c:\program files\Trend Micro 2011-01-02 00:55:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 00:55:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-02 00:55:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-30 02:54:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-30 02:49:49 -------- d-----w- c:\docume~1\andrew~1\locals~1\applic~1\Sunbelt Software 2010-12-30 02:48:31 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-30 02:48:11 -------- d-----w- c:\program files\Lavasoft 2010-12-30 02:12:23 -------- d-----w- C:\_OTM 2010-12-27 05:02:14 -------- d-----w- c:\program files\Free HD Converter 2010-12-27 05:02:14 -------- d-----w- c:\docume~1\andrew~1\applic~1\FreeHDConverter 2010-12-27 04:53:18 -------- d-----w- c:\program files\Emicsoft Studio 2010-12-27 04:47:44 -------- d-----w- c:\docume~1\andrew~1\applic~1\GetRightToGo ==================== Find3M ==================== ============= FINISH: 10:37:19.98 =============== Fresh attach.txt log is here: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/10/2008 7:25:56 AM System Uptime: 1/5/2011 11:42:29 PM (11 hours ago) Motherboard: Dell Inc. | | Processor: Intel Pentium III Xeon processor | Microprocessor | 2593/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 11.364 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET000 Service: CVirtA ==== System Restore Points =================== RP437: 10/6/2010 9:19:52 AM - System Checkpoint RP438: 10/8/2010 6:53:40 PM - System Checkpoint RP439: 10/11/2010 11:05:54 AM - System Checkpoint RP440: 10/12/2010 12:46:47 PM - System Checkpoint RP441: 10/13/2010 4:29:12 PM - System Checkpoint RP442: 10/17/2010 6:40:08 PM - System Checkpoint RP443: 10/20/2010 11:07:29 AM - System Checkpoint RP444: 10/23/2010 8:29:18 PM - System Checkpoint RP445: 10/25/2010 6:40:57 PM - System Checkpoint RP446: 10/27/2010 8:41:20 AM - System Checkpoint RP447: 10/28/2010 9:12:36 AM - System Checkpoint RP448: 11/1/2010 2:15:58 PM - System Checkpoint RP449: 11/4/2010 9:15:19 AM - System Checkpoint RP450: 11/8/2010 10:19:32 AM - System Checkpoint RP451: 11/9/2010 12:53:07 PM - System Checkpoint RP452: 11/11/2010 11:32:48 AM - System Checkpoint RP453: 11/12/2010 1:35:40 PM - System Checkpoint RP454: 11/15/2010 9:13:17 AM - System Checkpoint RP455: 11/16/2010 9:15:43 AM - System Checkpoint RP456: 11/17/2010 11:18:28 AM - System Checkpoint RP457: 11/18/2010 1:13:21 PM - System Checkpoint RP458: 11/18/2010 9:43:01 PM - Installed Epson Print CD RP459: 11/18/2010 9:44:58 PM - Removed Epson Print CD RP460: 11/18/2010 9:54:03 PM - Installed Epson Print CD RP461: 11/19/2010 12:10:48 AM - Removed Epson Print CD RP462: 11/19/2010 12:24:06 AM - Unsigned driver install RP463: 11/21/2010 2:47:15 PM - System Checkpoint RP464: 11/24/2010 1:12:21 AM - System Checkpoint RP465: 11/25/2010 2:18:58 PM - System Checkpoint RP466: 11/27/2010 9:12:20 PM - System Checkpoint RP467: 11/29/2010 10:16:38 AM - System Checkpoint RP468: 11/30/2010 11:35:38 AM - System Checkpoint RP469: 12/2/2010 10:50:49 AM - System Checkpoint RP470: 12/3/2010 12:38:23 PM - System Checkpoint RP471: 12/6/2010 4:03:13 PM - System Checkpoint RP472: 12/8/2010 8:46:32 AM - System Checkpoint RP473: 12/12/2010 7:16:21 PM - System Checkpoint RP474: 12/14/2010 8:18:26 AM - System Checkpoint RP475: 12/19/2010 1:19:16 AM - System Checkpoint RP476: 12/29/2010 8:22:00 PM - OTM Restore Point RP477: 12/31/2010 9:50:33 PM - System Checkpoint RP478: 1/2/2011 9:41:44 PM - System Checkpoint RP479: 1/5/2011 12:25:05 AM - System Checkpoint RP480: 1/5/2011 12:46:02 AM - Installed HiJackThis RP481: 1/6/2011 10:35:10 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Ad-Aware Add or Remove Adobe Creative Suite 3 Web Premium Additional Bluetooth Drivers Adobe Acrobat 8 Professional Adobe Acrobat 8.1.4 Professional Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Sensor Minimum Install biolsp patch Bluetooth Stack for Windows by Toshiba Bonjour Broadcom ASF Management Applications Broadcom Management Programs Browser Address Error Redirector Cisco Systems VPN Client 5.0.06.0110 Conexant HDA D330 MDC V.92 Modem Dell Drivers MSI Dell Embassy Trust Suite by Wave Systems Dell Laser Printer 1110 Software Uninstall Dell Touchpad Digital Line Detect Document Manager Lite DVTSng for WindowsXP Ver.0.0.0 Rev.2 (BETA) EMBASSY Security Center EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems EPSON Scan ESC Home Page Plugin Express Burn Express Rip Finale 2008 Finale Reader 2010 Free HD Converter V 1.7 Gemalto GemSafe Standard Edition 5.1 Google Chrome GPL Ghostscript 8.62 GPL Ghostscript Fonts GSview 4.9 High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) ImTranslator for IE Intel® PROSet/Wireless Software IntelliSonic Speech Enhancement Ipswitch WS_FTP LE IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 6 Java(tm) 6 Update 15 KODAK EASYSHARE Gallery Upload ActiveX Control Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware McAfee VirusScan Enterprise mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows XP Video Decoder Checkup Utility mIWA mLogView mMHouse Mobipocket Reader 6.2 Motorola Driver Installation 3.1.0 Motorola Software Update Mozilla Firefox (3.0.13) mPfMgr mPfWiz mProSafe mSCfg mSSO MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig NetWaiting NTRU TCG Software Stack NVIDIA Drivers PDF Settings PowerDVD Preboot Manager Private Information Manager QuickSet QuickTime RealPlayer Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio Update Manager Secure Update Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) Security Wizards Segoe UI Skype™ 4.0 Sonic Activation Module Switch Trusted Drive Manager tsp patch Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb958619) Update for Windows XP (KB951978) Update for Windows XP (KB955839) upekmsi Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.8a Wave Infrastructure Installer Wave Support Software WavePad Sound Editor WebFldrs XP Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Installer Wrapper Wizard 0.2.0 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 1/6/2011 1:31:10 AM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 129.7.154.16. The machine with the IP address 129.7.1.200 did not allow the name to be claimed by this machine. 1/5/2011 3:22:14 PM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 172.25.252.40. The machine with the IP address 129.7.1.200 did not allow the name to be claimed by this machine. 1/5/2011 3:22:10 PM, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 001F3B6CC68D has been denied by the DHCP server 172.21.12.17 (The DHCP Server sent a DHCPNACK message). 1/5/2011 2:52:34 PM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 169.254.2.173. The machine with the IP address 169.254.2.173 did not allow the name to be claimed by this machine. 1/5/2011 2:44:39 PM, error: NetBT [4321] - The name "DAVIS :0" could not be registered on the Interface with IP address 129.7.125.217. The machine with the IP address 129.7.1.200 did not allow the name to be claimed by this machine. 1/5/2011 12:49:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 1/5/2011 12:47:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402 1/5/2011 10:43:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 1/5/2011 10:38:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 1/5/2011 10:37:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/5/2011 10:36:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Tosrfcom 1/5/2011 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402 1/5/2011 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402 1/5/2011 1:10:29 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:10:29 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:00:08 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 1/4/2011 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 1/4/2011 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402 1/3/2011 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402 1/3/2011 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402 1/3/2011 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 1/3/2011 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 1/2/2011 11:28:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 1/2/2011 11:28:22 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 1/2/2011 11:14:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402 ==== End Of File ===========================
  4. Thanks very much. I ran tdskiller. The log is here: 2011/01/05 23:40:17.0671 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2011/01/05 23:40:17.0671 ================================================================================ 2011/01/05 23:40:17.0671 SystemInfo: 2011/01/05 23:40:17.0671 2011/01/05 23:40:17.0671 OS Version: 5.1.2600 ServicePack: 3.0 2011/01/05 23:40:17.0671 Product type: Workstation 2011/01/05 23:40:17.0671 ComputerName: DAVIS 2011/01/05 23:40:17.0671 UserName: andrew davis 2011/01/05 23:40:17.0671 Windows directory: C:\WINDOWS 2011/01/05 23:40:17.0671 System windows directory: C:\WINDOWS 2011/01/05 23:40:17.0671 Processor architecture: Intel x86 2011/01/05 23:40:17.0671 Number of processors: 2 2011/01/05 23:40:17.0671 Page size: 0x1000 2011/01/05 23:40:17.0671 Boot type: Normal boot 2011/01/05 23:40:17.0671 ================================================================================ 2011/01/05 23:40:17.0890 Initialize success 2011/01/05 23:40:31.0906 ================================================================================ 2011/01/05 23:40:31.0906 Scan started 2011/01/05 23:40:31.0906 Mode: Manual; 2011/01/05 23:40:31.0906 ================================================================================ 2011/01/05 23:40:32.0671 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/01/05 23:40:32.0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/01/05 23:40:32.0906 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/05 23:40:32.0953 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/05 23:40:33.0000 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/01/05 23:40:33.0062 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/01/05 23:40:33.0109 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/01/05 23:40:33.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/01/05 23:40:33.0281 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/01/05 23:40:33.0312 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/01/05 23:40:33.0375 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/01/05 23:40:33.0453 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/01/05 23:40:33.0484 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/01/05 23:40:33.0562 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/01/05 23:40:33.0609 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/01/05 23:40:33.0656 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/01/05 23:40:33.0703 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/01/05 23:40:33.0734 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/01/05 23:40:33.0812 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/01/05 23:40:33.0875 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/05 23:40:33.0921 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/01/05 23:40:33.0984 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/01/05 23:40:34.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/01/05 23:40:34.0078 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys 2011/01/05 23:40:34.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/05 23:40:34.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/05 23:40:34.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/05 23:40:34.0250 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/05 23:40:34.0296 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/01/05 23:40:34.0328 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/01/05 23:40:34.0390 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 2011/01/05 23:40:34.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/05 23:40:34.0484 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys 2011/01/05 23:40:34.0515 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys 2011/01/05 23:40:34.0546 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys 2011/01/05 23:40:34.0609 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys 2011/01/05 23:40:34.0656 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys 2011/01/05 23:40:34.0718 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2011/01/05 23:40:34.0796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/01/05 23:40:34.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/05 23:40:34.0890 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/01/05 23:40:34.0968 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/01/05 23:40:35.0031 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/05 23:40:35.0093 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/05 23:40:35.0156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/05 23:40:35.0281 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/01/05 23:40:35.0359 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/01/05 23:40:35.0421 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/01/05 23:40:35.0484 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/01/05 23:40:35.0531 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys 2011/01/05 23:40:35.0609 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys 2011/01/05 23:40:35.0718 CVPNDRVA (34c345aaf390c12ae6e51b75198e8564) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 2011/01/05 23:40:35.0796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/01/05 23:40:35.0859 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/01/05 23:40:35.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/05 23:40:36.0031 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/01/05 23:40:36.0046 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/01/05 23:40:36.0109 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/01/05 23:40:36.0140 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/01/05 23:40:36.0156 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/01/05 23:40:36.0187 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/01/05 23:40:36.0203 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/01/05 23:40:36.0265 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/01/05 23:40:36.0281 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/01/05 23:40:36.0296 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/01/05 23:40:36.0359 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/05 23:40:36.0453 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/05 23:40:36.0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/05 23:40:36.0531 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/05 23:40:36.0609 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys 2011/01/05 23:40:36.0640 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/01/05 23:40:36.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/05 23:40:36.0718 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/01/05 23:40:36.0781 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/01/05 23:40:36.0859 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 2011/01/05 23:40:36.0906 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/01/05 23:40:37.0031 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/05 23:40:37.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/05 23:40:37.0187 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/05 23:40:37.0250 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/05 23:40:37.0343 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/01/05 23:40:37.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/05 23:40:37.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/05 23:40:37.0562 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/01/05 23:40:37.0609 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/05 23:40:37.0640 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 2011/01/05 23:40:37.0687 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/05 23:40:37.0750 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/01/05 23:40:37.0796 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/01/05 23:40:37.0828 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/01/05 23:40:37.0843 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/01/05 23:40:37.0890 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/01/05 23:40:37.0921 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/01/05 23:40:38.0062 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/05 23:40:38.0109 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/01/05 23:40:38.0171 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/01/05 23:40:38.0218 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/05 23:40:38.0234 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/05 23:40:38.0265 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/01/05 23:40:38.0312 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/01/05 23:40:38.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/01/05 23:40:38.0437 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/01/05 23:40:38.0468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/05 23:40:38.0531 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/05 23:40:38.0578 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/05 23:40:38.0640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/05 23:40:38.0687 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/05 23:40:38.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/05 23:40:38.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/05 23:40:38.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/05 23:40:38.0859 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/05 23:40:39.0109 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 2011/01/05 23:40:39.0312 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 2011/01/05 23:40:39.0421 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 2011/01/05 23:40:39.0468 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys 2011/01/05 23:40:39.0515 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/01/05 23:40:39.0578 mfeapfk (1f334eb2a13816df45671ebb98896da7) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/01/05 23:40:39.0640 mfeavfk (8a1dedbbdad33587f6fad780ce4b34b5) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/01/05 23:40:39.0750 mfebopk (d800e31a019a6979698eef0507baa746) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/01/05 23:40:39.0843 mfehidk (0ae14fab8e25c258c6ebf3827c649273) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/01/05 23:40:39.0937 mferkdk (e72afc5056f6804c616e7dc32a38945f) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 2011/01/05 23:40:40.0062 mfetdik (a47f0f63e92730de15d41624ab998c5c) C:\WINDOWS\system32\drivers\mfetdik.sys 2011/01/05 23:40:40.0109 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/05 23:40:40.0156 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/05 23:40:40.0218 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/05 23:40:40.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/05 23:40:40.0328 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/01/05 23:40:40.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/05 23:40:40.0484 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/05 23:40:40.0593 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/01/05 23:40:40.0640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/05 23:40:40.0703 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/05 23:40:40.0734 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/05 23:40:40.0765 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/05 23:40:40.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/05 23:40:40.0906 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/01/05 23:40:41.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/05 23:40:41.0109 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/01/05 23:40:41.0218 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/05 23:40:41.0265 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/01/05 23:40:41.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/05 23:40:41.0359 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/05 23:40:41.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/05 23:40:41.0500 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/05 23:40:41.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/05 23:40:41.0640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/05 23:40:42.0156 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/01/05 23:40:42.0796 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/05 23:40:42.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/05 23:40:42.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/05 23:40:42.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/05 23:40:43.0156 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/01/05 23:40:43.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/05 23:40:43.0343 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/05 23:40:43.0390 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/05 23:40:43.0437 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/01/05 23:40:43.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/05 23:40:43.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/05 23:40:43.0562 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 2011/01/05 23:40:43.0625 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/05 23:40:43.0671 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/05 23:40:43.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/01/05 23:40:43.0859 pepifilter (0896002d1efcd08859a41c9db34ad84c) C:\WINDOWS\system32\DRIVERS\lv302af.sys 2011/01/05 23:40:43.0890 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/01/05 23:40:43.0937 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/01/05 23:40:44.0000 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2011/01/05 23:40:44.0156 PID_PEPI (a7598e897da639e255ad4188fa398478) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS 2011/01/05 23:40:44.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/05 23:40:44.0359 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/05 23:40:44.0421 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/05 23:40:44.0500 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/05 23:40:44.0546 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/01/05 23:40:44.0578 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/01/05 23:40:44.0609 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/01/05 23:40:44.0687 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/01/05 23:40:44.0734 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/01/05 23:40:44.0812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/05 23:40:44.0906 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/05 23:40:44.0937 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/05 23:40:44.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/05 23:40:45.0062 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/05 23:40:45.0109 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/05 23:40:45.0203 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/05 23:40:45.0281 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/05 23:40:45.0359 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/05 23:40:45.0515 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys 2011/01/05 23:40:45.0578 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/01/05 23:40:45.0703 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/01/05 23:40:45.0796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/05 23:40:45.0859 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/05 23:40:45.0984 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/05 23:40:46.0046 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/05 23:40:46.0171 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/01/05 23:40:46.0250 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/01/05 23:40:46.0296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/01/05 23:40:46.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/05 23:40:46.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/05 23:40:46.0515 Srv (4f8a43adef66f135564085a9dca96a26) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/05 23:40:46.0656 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 2011/01/05 23:40:46.0796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/01/05 23:40:46.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/05 23:40:46.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/05 23:40:46.0953 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/01/05 23:40:46.0984 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/01/05 23:40:47.0015 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/01/05 23:40:47.0031 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/01/05 23:40:47.0078 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/05 23:40:47.0203 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/05 23:40:47.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/05 23:40:47.0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/05 23:40:47.0390 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/05 23:40:47.0484 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/01/05 23:40:47.0531 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys 2011/01/05 23:40:47.0593 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 2011/01/05 23:40:47.0625 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 2011/01/05 23:40:47.0718 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys 2011/01/05 23:40:47.0765 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 2011/01/05 23:40:47.0796 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 2011/01/05 23:40:47.0843 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 2011/01/05 23:40:47.0890 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/05 23:40:47.0921 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/01/05 23:40:47.0984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/05 23:40:48.0093 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/01/05 23:40:48.0140 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/01/05 23:40:48.0218 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/05 23:40:48.0250 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/05 23:40:48.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/05 23:40:48.0343 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/01/05 23:40:48.0390 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/05 23:40:48.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/05 23:40:48.0437 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/01/05 23:40:48.0484 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/01/05 23:40:48.0531 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/01/05 23:40:48.0578 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/01/05 23:40:48.0656 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/01/05 23:40:48.0703 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/05 23:40:48.0781 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys 2011/01/05 23:40:48.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/05 23:40:49.0015 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 2011/01/05 23:40:49.0093 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 2011/01/05 23:40:49.0171 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/01/05 23:40:49.0265 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/05 23:40:49.0359 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/01/05 23:40:49.0515 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/01/05 23:40:49.0640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/01/05 23:40:49.0718 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/01/05 23:40:49.0765 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/01/05 23:40:49.0937 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/01/05 23:40:49.0937 ================================================================================ 2011/01/05 23:40:49.0937 Scan finished 2011/01/05 23:40:49.0937 ================================================================================ 2011/01/05 23:40:49.0953 Detected object count: 1 2011/01/05 23:41:25.0953 \HardDisk0 - will be cured after reboot 2011/01/05 23:41:25.0953 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/01/05 23:41:31.0859 Deinitialize success
  5. Thanks. I ran combofix, then ran DDS again. The combofix log is here: ComboFix 11-01-05.01 - andrew davis 01/05/2011 13:15:58.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3140 [GMT -6:00] Running from: c:\documents and settings\andrew davis\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\andrew davis\Application Data\PriceGong c:\documents and settings\andrew davis\Application Data\PriceGong\Data\1.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\a.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\b.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\c.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\d.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\e.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\f.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\g.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\h.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\i.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\J.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\k.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\l.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\m.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\mru.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\n.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\o.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\p.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\q.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\r.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\s.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\t.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\u.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\v.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\w.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\x.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\y.xml c:\documents and settings\andrew davis\Application Data\PriceGong\Data\z.xml c:\documents and settings\andrew davis\My Documents\DPE.DUS c:\documents and settings\andrew davis\President's Address memo .pdf . ((((((((((((((((((((((((( Files Created from 2010-12-05 to 2011-01-05 ))))))))))))))))))))))))))))))) . 2011-01-05 19:01 . 2011-01-05 19:02 -------- d-----w- C:\32788R22FWJFW 2011-01-05 06:46 . 2011-01-05 06:46 388096 ----a-r- c:\documents and settings\andrew davis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-01-05 06:46 . 2011-01-05 06:46 -------- d-----w- c:\program files\Trend Micro 2011-01-02 00:55 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 00:55 . 2011-01-02 00:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-01-02 00:55 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-30 05:36 . 2010-12-30 05:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2010-12-30 05:36 . 2010-12-30 05:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2010-12-30 03:24 . 2010-12-30 03:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-12-30 02:54 . 2010-12-30 02:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-30 02:49 . 2010-12-30 02:49 -------- d-----w- c:\documents and settings\andrew davis\Local Settings\Application Data\Sunbelt Software 2010-12-30 02:48 . 2011-01-05 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-30 02:48 . 2011-01-05 16:43 -------- d-----w- c:\program files\Lavasoft 2010-12-30 02:12 . 2010-12-30 02:12 -------- d-----w- C:\_OTM 2010-12-27 05:02 . 2010-12-27 05:02 -------- d-----w- c:\program files\Free HD Converter 2010-12-27 05:02 . 2010-12-27 05:02 -------- d-----w- c:\documents and settings\andrew davis\Application Data\FreeHDConverter 2010-12-27 04:53 . 2010-12-27 04:53 -------- d-----w- c:\program files\Emicsoft Studio 2010-12-27 04:47 . 2010-12-27 04:53 -------- d-----w- c:\documents and settings\andrew davis\Application Data\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-05 19:35 . 2008-06-10 12:26 0 ----a-w- c:\documents and settings\andrew davis\Local Settings\Application Data\WavXMapDrive.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-29 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568] "nwiz"="nwiz.exe" [2007-05-31 1626112] "NVHotkey"="nvHotkey.dll" [2007-05-31 67584] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-21 149280] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-26 17920] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Acrobat Assistant 8.0"="c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-05 198160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-6 50688] VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-1-27 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Common Files\\Adobe\\Installers\\f4ca0de7e69bc77df34b5de71c8a078\\Adobe Dreamweaver CS3\\Dreamweaver.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"= "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 4:00 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] . Contents of the 'Scheduled Tasks' folder 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1756221810-1411433888-3965214134-1005Core.job - c:\documents and settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 22:00] 2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1756221810-1411433888-3965214134-1005UA.job - c:\documents and settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-29 22:00] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: ImTranslator - c:\progra~1\SMARTL~1\IMTRAN~1\startup.html DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab FF - ProfilePath - c:\documents and settings\andrew davis\Application Data\Mozilla\Firefox\Profiles\1tjkecab.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - ORPHANS REMOVED - - - - HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe AddRemove-AFPL Ghostscript 8.14 - c:\gs\uninstgs.exe AddRemove-AFPL Ghostscript Fonts - c:\gs\uninstgs.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-01-05 13:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5870MZK2\size=300x250;noperf=1;alias=93206396;noaddonpl=y;kvcity=houston;kvst=tx;kvdma=houston;kvco=usa;kvzip=77002;kvmn=93206396;target=_blank;aduho=300;grp=456739671;misc=45673[1] 344 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\5870MZK2\left_link[1].gif 61 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\size=160x600;noperf=1;alias=93246064;noaddonpl=y;kvcity=houston;kvst=tx;kvdma=houston;kvco=usa;kvzip=77071;kvmn=93246064;target=_blank;aduho=300;grp=456746156;misc=45674[1] 344 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\size=160x600;noperf=1;alias=93246064;noaddonpl=y;kvcity=houston;kvst=tx;kvdma=houston;kvco=usa;kvzip=77071;kvmn=93246064;target=_blank;aduho=300;grp=456756484;misc=45675[1] 344 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\v=5%3Bm=2%3Bl=969%3Bc=7659%3Bb=34534%3Bp=ui%3DC0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__%3Btr%3DCnE9oDMGMF-%3Btm%3D0-0%3Bts=20090329144731%3Bdct=;ord=20090329144731[1].htm 3361 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\v=5;m=2;l=969;cxt=;kw=;ts=535125;smuid=C0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__;p=ui%3DC0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__%3Btr%3DCnE9oDMGMF-%3Btm%3D0-0[1] 325 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\footer[1].gif 63 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VUUB8THW\v=5;m=2;l=970;cxt=;kw=;ts=411682;smuid=C0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__;p=ui%3DC0TLpwzINAROCY65zhLEKI2phWKyEeMrsmTO5n__%3Btr%3DEBh08BDD1k4%3Btm%3D0-0[1] 1682 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VZ5NN9OC\us_photo_gifts.-Par-36039-Image1Ref.MC4w.[1].png 32825 bytes c:\docume~1\ANDREW~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\VZ5NN9OC\editComments[1].js scan completed successfully hidden files: 10 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B311555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b3177b0]; MOV EAX, [0x8b31782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B269AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B2C56D0] \Driver\atapi[0x8B3570D0] -> IRP_MJ_CREATE -> 0x8B311555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&16482f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8B31139B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1756221810-1411433888-3965214134-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(9284) c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll c:\windows\system32\nview.dll c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll c:\windows\system32\nvwddi.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Roxio\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\windows\system32\CDRTC.DLL c:\program files\Roxio\Drag-to-Disc\ShellRes.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\StacSV.exe c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\msdtc.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Microsoft ActiveSync\Wcescomm.exe c:\program files\Apoint\HidFind.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Apoint\Apntex.exe c:\progra~1\MICROS~2\rapimgr.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2011-01-05 13:45:30 - machine was rebooted ComboFix-quarantined-files.txt 2011-01-05 19:45 Pre-Run: 21,244,186,624 bytes free Post-Run: 23,267,479,552 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 7A85920C936B3161EC7BD5B3EC131806 The DDS.txt log is here: DDS (Ver_10-12-12.02) - NTFSx86 Run by andrew davis at 13:49:46.34 on Wed 01/05/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2755 [GMT -6:00] AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\andrew davis\Desktop\downloads\DDS jan 2011\dds.com ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [Google Update] "c:\documents and settings\andrew davis\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico IE: Append to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: ImTranslator - c:\progra~1\smartl~1\imtran~1\startup.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.lib.uh.edu/lib/uhmain/support/plugins/ebraryRdr.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\1tjkecab.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-10 104000] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-6-10 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-6-10 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-6-10 168776] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] =============== Created Last 30 ================ 2011-01-05 19:07:03 -------- d-sha-r- C:\cmdcons 2011-01-05 19:02:41 98816 ----a-w- c:\windows\sed.exe 2011-01-05 19:02:41 89088 ----a-w- c:\windows\MBR.exe 2011-01-05 19:02:41 256512 ----a-w- c:\windows\PEV.exe 2011-01-05 19:02:41 161792 ----a-w- c:\windows\SWREG.exe 2011-01-05 06:46:06 388096 ----a-r- c:\docume~1\andrew~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-05 06:46:05 -------- d-----w- c:\program files\Trend Micro 2011-01-02 00:55:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 00:55:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-02 00:55:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-30 02:54:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-30 02:49:49 -------- d-----w- c:\docume~1\andrew~1\locals~1\applic~1\Sunbelt Software 2010-12-30 02:48:31 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-30 02:48:11 -------- d-----w- c:\program files\Lavasoft 2010-12-30 02:12:23 -------- d-----w- C:\_OTM 2010-12-27 05:02:14 -------- d-----w- c:\program files\Free HD Converter 2010-12-27 05:02:14 -------- d-----w- c:\docume~1\andrew~1\applic~1\FreeHDConverter 2010-12-27 04:53:18 -------- d-----w- c:\program files\Emicsoft Studio 2010-12-27 04:47:44 -------- d-----w- c:\docume~1\andrew~1\applic~1\GetRightToGo ==================== Find3M ==================== =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B311555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b3177b0]; MOV EAX, [0x8b31782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B269AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B2C56D0] \Driver\atapi[0x8B3570D0] -> IRP_MJ_CREATE -> 0x8B311555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&16482f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8B31139B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 13:50:59.95 =============== The attach.txt log is here: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/10/2008 7:25:56 AM System Uptime: 1/5/2011 1:34:44 PM (0 hours ago) Motherboard: Dell Inc. | | Processor: Intel Pentium III Xeon processor | Microprocessor | 2593/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 21.675 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom NetXtreme 57xx Gigabit Controller Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01FE1028&REV_02\4&1E93A591&0&00E5 Manufacturer: Broadcom Name: Broadcom NetXtreme 57xx Gigabit Controller PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01FE1028&REV_02\4&1E93A591&0&00E5 Service: b57w2k Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET000 Service: CVirtA ==== System Restore Points =================== RP437: 10/6/2010 9:19:52 AM - System Checkpoint RP438: 10/8/2010 6:53:40 PM - System Checkpoint RP439: 10/11/2010 11:05:54 AM - System Checkpoint RP440: 10/12/2010 12:46:47 PM - System Checkpoint RP441: 10/13/2010 4:29:12 PM - System Checkpoint RP442: 10/17/2010 6:40:08 PM - System Checkpoint RP443: 10/20/2010 11:07:29 AM - System Checkpoint RP444: 10/23/2010 8:29:18 PM - System Checkpoint RP445: 10/25/2010 6:40:57 PM - System Checkpoint RP446: 10/27/2010 8:41:20 AM - System Checkpoint RP447: 10/28/2010 9:12:36 AM - System Checkpoint RP448: 11/1/2010 2:15:58 PM - System Checkpoint RP449: 11/4/2010 9:15:19 AM - System Checkpoint RP450: 11/8/2010 10:19:32 AM - System Checkpoint RP451: 11/9/2010 12:53:07 PM - System Checkpoint RP452: 11/11/2010 11:32:48 AM - System Checkpoint RP453: 11/12/2010 1:35:40 PM - System Checkpoint RP454: 11/15/2010 9:13:17 AM - System Checkpoint RP455: 11/16/2010 9:15:43 AM - System Checkpoint RP456: 11/17/2010 11:18:28 AM - System Checkpoint RP457: 11/18/2010 1:13:21 PM - System Checkpoint RP458: 11/18/2010 9:43:01 PM - Installed Epson Print CD RP459: 11/18/2010 9:44:58 PM - Removed Epson Print CD RP460: 11/18/2010 9:54:03 PM - Installed Epson Print CD RP461: 11/19/2010 12:10:48 AM - Removed Epson Print CD RP462: 11/19/2010 12:24:06 AM - Unsigned driver install RP463: 11/21/2010 2:47:15 PM - System Checkpoint RP464: 11/24/2010 1:12:21 AM - System Checkpoint RP465: 11/25/2010 2:18:58 PM - System Checkpoint RP466: 11/27/2010 9:12:20 PM - System Checkpoint RP467: 11/29/2010 10:16:38 AM - System Checkpoint RP468: 11/30/2010 11:35:38 AM - System Checkpoint RP469: 12/2/2010 10:50:49 AM - System Checkpoint RP470: 12/3/2010 12:38:23 PM - System Checkpoint RP471: 12/6/2010 4:03:13 PM - System Checkpoint RP472: 12/8/2010 8:46:32 AM - System Checkpoint RP473: 12/12/2010 7:16:21 PM - System Checkpoint RP474: 12/14/2010 8:18:26 AM - System Checkpoint RP475: 12/19/2010 1:19:16 AM - System Checkpoint RP476: 12/29/2010 8:22:00 PM - OTM Restore Point RP477: 12/31/2010 9:50:33 PM - System Checkpoint RP478: 1/2/2011 9:41:44 PM - System Checkpoint RP479: 1/5/2011 12:25:05 AM - System Checkpoint RP480: 1/5/2011 12:46:02 AM - Installed HiJackThis ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Ad-Aware Add or Remove Adobe Creative Suite 3 Web Premium Additional Bluetooth Drivers Adobe Acrobat 8 Professional Adobe Acrobat 8.1.4 Professional Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Sensor Minimum Install biolsp patch Bluetooth Stack for Windows by Toshiba Bonjour Broadcom ASF Management Applications Broadcom Management Programs Browser Address Error Redirector Cisco Systems VPN Client 5.0.06.0110 Conexant HDA D330 MDC V.92 Modem Dell Drivers MSI Dell Embassy Trust Suite by Wave Systems Dell Laser Printer 1110 Software Uninstall Dell Touchpad Digital Line Detect Document Manager Lite DVTSng for WindowsXP Ver.0.0.0 Rev.2 (BETA) EMBASSY Security Center EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems EPSON Scan ESC Home Page Plugin Express Burn Express Rip Finale 2008 Finale Reader 2010 Free HD Converter V 1.7 Gemalto GemSafe Standard Edition 5.1 Google Chrome GPL Ghostscript 8.62 GPL Ghostscript Fonts GSview 4.9 High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) ImTranslator for IE Intel® PROSet/Wireless Software IntelliSonic Speech Enhancement Ipswitch WS_FTP LE IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 6 Java(tm) 6 Update 15 KODAK EASYSHARE Gallery Upload ActiveX Control Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware McAfee VirusScan Enterprise mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows XP Video Decoder Checkup Utility mIWA mLogView mMHouse Mobipocket Reader 6.2 Motorola Driver Installation 3.1.0 Motorola Software Update Mozilla Firefox (3.0.13) mPfMgr mPfWiz mProSafe mSCfg mSSO MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig NetWaiting NTRU TCG Software Stack NVIDIA Drivers PDF Settings PowerDVD Preboot Manager Private Information Manager QuickSet QuickTime RealPlayer Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio Update Manager Secure Update Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) Security Wizards Segoe UI Skype™ 4.0 Sonic Activation Module Switch Trusted Drive Manager tsp patch Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb958619) Update for Windows XP (KB951978) Update for Windows XP (KB955839) upekmsi Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.8a Wave Infrastructure Installer Wave Support Software WavePad Sound Editor WebFldrs XP Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Installer Wrapper Wizard 0.2.0 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 1/5/2011 12:49:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 1/5/2011 12:47:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402 1/5/2011 10:43:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 1/5/2011 10:38:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 1/5/2011 10:37:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/5/2011 10:36:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm Tosrfcom 1/5/2011 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402 1/5/2011 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402 1/5/2011 1:10:29 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:10:29 PM, error: Service Control Manager [7034] - The NTRU TSS v1.2.1.25 TCS service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:00:08 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s). 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 1/4/2011 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 1/4/2011 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402 1/3/2011 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402 1/3/2011 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402 1/3/2011 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 1/3/2011 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 1/2/2011 11:28:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 1/2/2011 11:28:22 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 1/2/2011 11:14:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402 ==== End Of File ===========================
  6. Thanks. I downloaded and ran DDS. DDS.txt log is here: DDS (Ver_10-12-12.02) - NTFSx86 Run by andrew davis at 9:19:00.39 on Wed 01/05/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2683 [GMT -6:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\StacSV.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Documents and Settings\andrew davis\Desktop\downloads\DDS jan 2011\dds.com ============== Pseudo HJT Report =============== uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080506 uSearch Bar = uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [Google Update] "c:\documents and settings\andrew davis\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [KADxMain] c:\windows\system32\KADxMain.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\Acrotray.exe" mRun: [<NO NAME>] mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico IE: Append to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: ImTranslator - c:\progra~1\smartl~1\imtran~1\startup.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.lib.uh.edu/lib/uhmain/support/plugins/ebraryRdr.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll AppInit_DLLs: ppsxpv.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Authentication Packages = msv1_0 wvauth ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\andrew~1\applic~1\mozilla\firefox\profiles\1tjkecab.default\ FF - plugin: c:\program files\common files\adobe\installers\f4ca0de7e69bc77df34b5de71c8a078\acrobat 8.0\acrobat\browser\nppdf32.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-29 64288] R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-10 104000] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264] S3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-6-10 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-6-10 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-6-10 168776] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] =============== Created Last 30 ================ 2011-01-05 06:46:06 388096 ----a-r- c:\docume~1\andrew~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-05 06:46:05 -------- d-----w- c:\program files\Trend Micro 2011-01-02 00:55:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-02 00:55:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-02 00:55:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-30 06:06:21 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-12-30 02:54:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-12-30 02:54:00 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-12-30 02:49:49 -------- d-----w- c:\docume~1\andrew~1\locals~1\applic~1\Sunbelt Software 2010-12-30 02:48:31 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2010-12-30 02:48:11 -------- d-----w- c:\program files\Lavasoft 2010-12-30 02:12:23 -------- d-----w- C:\_OTM 2010-12-27 05:02:14 -------- d-----w- c:\program files\Free HD Converter 2010-12-27 05:02:14 -------- d-----w- c:\docume~1\andrew~1\applic~1\FreeHDConverter 2010-12-27 04:53:18 -------- d-----w- c:\program files\Emicsoft Studio 2010-12-27 04:47:44 -------- d-----w- c:\docume~1\andrew~1\applic~1\GetRightToGo ==================== Find3M ==================== =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Windows 5.1.2600 Disk: ST9120823ASG rev.3.ADD -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B351555]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8b3577b0]; MOV EAX, [0x8b35782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B362AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B349EA0] \Driver\atapi[0x8B2ABEB8] -> IRP_MJ_CREATE -> 0x8B351555 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&16482f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x8B35139B user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ============= FINISH: 9:20:54.98 =============== Attach.txt log is here: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 6/10/2008 7:25:56 AM System Uptime: 1/5/2011 8:31:15 AM (1 hours ago) Motherboard: Dell Inc. | | Processor: Intel Pentium III Xeon processor | Microprocessor | 2593/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 112 GiB total, 25.303 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Broadcom NetXtreme 57xx Gigabit Controller Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01FE1028&REV_02\4&1E93A591&0&00E5 Manufacturer: Broadcom Name: Broadcom NetXtreme 57xx Gigabit Controller PNP Device ID: PCI\VEN_14E4&DEV_1673&SUBSYS_01FE1028&REV_02\4&1E93A591&0&00E5 Service: b57w2k Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET000 Service: CVirtA ==== System Restore Points =================== RP437: 10/6/2010 9:19:52 AM - System Checkpoint RP438: 10/8/2010 6:53:40 PM - System Checkpoint RP439: 10/11/2010 11:05:54 AM - System Checkpoint RP440: 10/12/2010 12:46:47 PM - System Checkpoint RP441: 10/13/2010 4:29:12 PM - System Checkpoint RP442: 10/17/2010 6:40:08 PM - System Checkpoint RP443: 10/20/2010 11:07:29 AM - System Checkpoint RP444: 10/23/2010 8:29:18 PM - System Checkpoint RP445: 10/25/2010 6:40:57 PM - System Checkpoint RP446: 10/27/2010 8:41:20 AM - System Checkpoint RP447: 10/28/2010 9:12:36 AM - System Checkpoint RP448: 11/1/2010 2:15:58 PM - System Checkpoint RP449: 11/4/2010 9:15:19 AM - System Checkpoint RP450: 11/8/2010 10:19:32 AM - System Checkpoint RP451: 11/9/2010 12:53:07 PM - System Checkpoint RP452: 11/11/2010 11:32:48 AM - System Checkpoint RP453: 11/12/2010 1:35:40 PM - System Checkpoint RP454: 11/15/2010 9:13:17 AM - System Checkpoint RP455: 11/16/2010 9:15:43 AM - System Checkpoint RP456: 11/17/2010 11:18:28 AM - System Checkpoint RP457: 11/18/2010 1:13:21 PM - System Checkpoint RP458: 11/18/2010 9:43:01 PM - Installed Epson Print CD RP459: 11/18/2010 9:44:58 PM - Removed Epson Print CD RP460: 11/18/2010 9:54:03 PM - Installed Epson Print CD RP461: 11/19/2010 12:10:48 AM - Removed Epson Print CD RP462: 11/19/2010 12:24:06 AM - Unsigned driver install RP463: 11/21/2010 2:47:15 PM - System Checkpoint RP464: 11/24/2010 1:12:21 AM - System Checkpoint RP465: 11/25/2010 2:18:58 PM - System Checkpoint RP466: 11/27/2010 9:12:20 PM - System Checkpoint RP467: 11/29/2010 10:16:38 AM - System Checkpoint RP468: 11/30/2010 11:35:38 AM - System Checkpoint RP469: 12/2/2010 10:50:49 AM - System Checkpoint RP470: 12/3/2010 12:38:23 PM - System Checkpoint RP471: 12/6/2010 4:03:13 PM - System Checkpoint RP472: 12/8/2010 8:46:32 AM - System Checkpoint RP473: 12/12/2010 7:16:21 PM - System Checkpoint RP474: 12/14/2010 8:18:26 AM - System Checkpoint RP475: 12/19/2010 1:19:16 AM - System Checkpoint RP476: 12/29/2010 8:22:00 PM - OTM Restore Point RP477: 12/31/2010 9:50:33 PM - System Checkpoint RP478: 1/2/2011 9:41:44 PM - System Checkpoint RP479: 1/5/2011 12:25:05 AM - System Checkpoint RP480: 1/5/2011 12:46:02 AM - Installed HiJackThis ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Ad-Aware Add or Remove Adobe Creative Suite 3 Web Premium Additional Bluetooth Drivers Adobe Acrobat 8 Professional Adobe Acrobat 8.1.4 Professional Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Version Cue CS3 Server {ko_KR} Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AFPL Ghostscript 8.14 AFPL Ghostscript Fonts AHV content for Acrobat and Flash Apple Application Support Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Sensor Minimum Install biolsp patch Bluetooth Stack for Windows by Toshiba Bonjour Broadcom ASF Management Applications Broadcom Management Programs Browser Address Error Redirector Cisco Systems VPN Client 5.0.06.0110 Conexant HDA D330 MDC V.92 Modem Dell Drivers MSI Dell Embassy Trust Suite by Wave Systems Dell Laser Printer 1110 Software Uninstall Dell Touchpad Digital Line Detect Document Manager Lite DVTSng for WindowsXP Ver.0.0.0 Rev.2 (BETA) EMBASSY Security Center EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems EPSON Scan ESC Home Page Plugin Express Burn Express Rip Finale 2008 Finale Reader 2010 Free HD Converter V 1.7 Gemalto GemSafe Standard Edition 5.1 Google Chrome GPL Ghostscript 8.62 GPL Ghostscript Fonts GSview 4.9 High Definition Audio Driver Package - KB835221 HiJackThis Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) ImTranslator for IE Intel® PROSet/Wireless Software IntelliSonic Speech Enhancement Ipswitch WS_FTP LE IrfanView (remove only) iTunes J2SE Runtime Environment 5.0 Update 6 Java(tm) 6 Update 15 KODAK EASYSHARE Gallery Upload ActiveX Control Logitech QuickCam Logitech QuickCam Driver Package Malwarebytes' Anti-Malware McAfee VirusScan Enterprise mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows XP Video Decoder Checkup Utility mIWA mLogView mMHouse Mobipocket Reader 6.2 Motorola Driver Installation 3.1.0 Motorola Software Update Mozilla Firefox (3.0.13) mPfMgr mPfWiz mProSafe mSCfg mSSO MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig NetWaiting NTRU TCG Software Stack NVIDIA Drivers PDF Settings PowerDVD Preboot Manager Private Information Manager QuickSet QuickTime RealPlayer Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio Update Manager Secure Update Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) Security Wizards Segoe UI Skype™ 4.0 Sonic Activation Module Switch Trusted Drive Manager tsp patch Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb958619) Update for Windows XP (KB951978) Update for Windows XP (KB955839) upekmsi Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.8a Wave Infrastructure Installer Wave Support Software WavePad Sound Editor WebFldrs XP Windows Installer 3.1 (KB893803) Windows Installer Clean Up Windows Installer Wrapper Wizard 0.2.0 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 1/5/2011 12:49:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 1/5/2011 12:47:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 1/5/2011 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402 1/4/2011 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402 1/3/2011 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 1/3/2011 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402 1/3/2011 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402 1/2/2011 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402 1/2/2011 11:28:22 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 1/2/2011 11:28:22 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 1/2/2011 11:14:30 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 1/2/2011 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402 1/2/2011 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 1/2/2011 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402 1/2/2011 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402 1/2/2011 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402 1/2/2011 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 1/2/2011 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402 ==== End Of File ===========================
  7. Hello: I may have a trojan infection. Before this post I used MBAM to do a full scan. The log is here: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5440 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/1/2011 10:28:10 PM mbam-log-2011-01-01 (22-28-10).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 357701 Time elapsed: 1 hour(s), 28 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Then I followed the steps listed at this url: [url="http://www.lavasoftsupport.com/index.php?showtopic=13639"]http://www.lavasoftsupport.com/index.php?showtopic=13639[/url] The only problem was step 2: scanning with Ad-Aware 2010 caused the system to crash every time ("Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience."). I was able to do step 3 and scan with GMER rootkit scanner. The log is here: GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit quick scan 2011-01-05 00:44:29 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9120823ASG rev.3.ADD Running: gmer.exe; Driver: C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\kxtdapod.sys ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8B35139B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8B35139B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8B35139B AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#5&16482f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- EOF - GMER 1.0.15 ---- I was then able to follow step 4 and scan with HijackThis. The log is here: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:46:41 AM, on 1/5/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\StacSV.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrobat.exe C:\Documents and Settings\andrew davis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Documents and Settings\andrew davis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080506 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080506 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522 O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\andrew davis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Installers\f4ca0de7e69bc77df34b5de71c8a078\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - [url="http://site.ebrary.com.ezproxy.lib.uh.edu/lib/uhmain/support/plugins/ebraryRdr.cab"]http://site.ebrary.com.ezproxy.lib.uh.edu/...s/ebraryRdr.cab[/url] O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=58813"]http://go.microsoft.com/fwlink/?linkid=58813[/url] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - [url="http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab"]http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab[/url] O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [url="https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url] O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [url="http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab"]http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab[/url] O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - [url="http://www.ritzpix.com/net/Uploader/LPUploader57.cab"]http://www.ritzpix.com/net/Uploader/LPUploader57.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: ppsxpv.dll O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 19403 bytes Thanks for any help.
  8. Gogo--Seems to be doing quite well now, and no error messages on startup! Many thanks for your help. ACD
  9. Hello--I ran the combofix script you provided, and I used HijackThis to fix the lines you named. But: When I went to fix the HijackThis entries, I was unable to find these lines: O2 - BHO: (no name) - {97394EE7-20FC-4F82-B47F-131CAA6F664A} - C:\WINDOWS\system32\geeeb.dll (file missing) O2 - BHO: (no name) - {B5AFF937-46FF-2859-DA27-4BE604835B9D} - C:\WINDOWS\system32\ohvkgtd.dll (file missing) O4 - HKLM\..\Run: [0c238f0d] rundll32.exe "C:\WINDOWS\system32\wmkgcdmj.dll",b O4 - HKCU\..\Run: [Hafjjddr] C:\WINDOWS\F?nts\?ttrib.exe And these lines don't seem to be appearing in the latest log (attached below). I checked all other lines you names and clicked "fix checked." I'm including the latest HijackThis log and combofix log below. Thanks. -------- HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:23:00 AM, on 12/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iolo\System Mechanic Professional 7\SMTrayNotify.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE O24 - Desktop Component 0: (no name) - About:Home -- End of file - 10857 bytes -------- combofix log: ComboFix 07-12-17.1 - Andrew Davis 2007-12-18 6:05:51.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.419 [GMT -6:00] Running from: C:\Documents and Settings\Andrew Davis\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Andrew Davis\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico C:\WINDOWS\SYSTEM32\jmdcgkmw.ini C:\WINDOWS\SYSTEM32\phofsojt.ini C:\WINDOWS\SYSTEM32\tmp.reg C:\WINDOWS\SYSTEM32\xxyxuro.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\QW5kcmV3IERhdmlz C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico C:\WINDOWS\SYSTEM32\jmdcgkmw.ini C:\WINDOWS\SYSTEM32\phofsojt.ini C:\WINDOWS\SYSTEM32\tmp.reg C:\WINDOWS\SYSTEM32\xxyxuro.dll . ((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))) . 2007-12-17 08:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe 2007-12-17 08:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-12-17 08:17 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe 2007-12-17 08:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-12-17 08:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-12-17 08:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe 2007-12-16 15:05 . 2007-12-17 13:57 <DIR> d-------- C:\Program Files\Netscape 2007-12-13 13:23 . 2007-12-13 13:23 <DIR> d-------- C:\Documents and Settings\Andrew Davis\Application Data\Netscape 2007-12-06 19:21 . 2007-12-06 19:21 <DIR> d-------- C:\Program Files\Dynamic Toolbar 2007-12-06 10:21 . 2007-12-06 10:21 <DIR> d-------- C:\Program Files\McAfee 2007-12-06 10:21 . 2007-12-06 10:21 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-06 10:21 . 2007-12-06 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-06 10:21 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys 2007-12-06 10:21 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys 2007-12-06 10:21 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys 2007-12-06 10:21 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys 2007-12-06 10:21 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys 2007-12-06 10:21 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll.sig 2007-12-06 10:14 . 2007-12-06 10:14 <DIR> d-------- C:\Program Files\iolo 2007-12-06 10:14 . 2007-12-06 10:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo 2007-12-06 10:14 . 2007-12-14 19:08 437,096 --a------ C:\WINDOWS\SYSTEM32\Incinerator.dll 2007-12-06 10:14 . 2007-11-20 22:34 35,840 --a------ C:\WINDOWS\SYSTEM32\iolobtdfg.exe 2007-12-06 10:14 . 2007-12-14 17:13 23,040 --a------ C:\WINDOWS\SYSTEM32\smrgdf.exe 2007-12-06 10:14 . 2006-07-24 17:51 9,341 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\filedisk.sys 2007-12-06 10:14 . 2007-12-06 10:14 406 --a------ C:\WINDOWS\SYSTEM32\ioloBootDefrag.cfg 2007-12-06 10:07 . 2007-12-06 10:07 74,703 --a------ C:\WINDOWS\SYSTEM32\mfc45.dll 2007-12-06 10:03 . 2007-12-17 07:54 <DIR> d-------- C:\Documents and Settings\Andrew Davis\Application Data\iolo 2007-12-06 10:03 . 2007-12-17 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2007-12-03 21:51 . 2007-12-03 21:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles 2007-12-03 07:23 . 2007-12-03 07:23 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 06:28 . 2007-12-03 06:28 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-03 06:28 . 2007-12-03 06:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-24 18:11 . 2007-12-04 11:37 <DIR> d----c--- C:\QUARANTINE 2007-11-24 17:05 . 2007-11-24 17:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems 2007-11-24 17:05 . 2006-11-17 03:06 1,495,552 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll 2007-11-24 12:03 . 2007-11-24 12:03 <DIR> d----c--- C:\VirusScan8.5i 2007-11-21 17:09 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll 2007-11-20 15:56 . 2007-11-24 16:30 <DIR> d-------- C:\Program Files\XoftSpySE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 19:28 --------- d-----w C:\Program Files\AOD 2007-12-06 19:34 --------- d-----w C:\Program Files\WS_FTP 2007-12-06 19:34 --------- d-----w C:\Program Files\Sony Handheld 2007-12-06 19:34 --------- d-----w C:\Program Files\Palm 2007-12-06 19:34 --------- d-----w C:\Program Files\IrfanView 2007-12-06 19:34 --------- d-----w C:\Program Files\Dictionary 2007-12-06 19:34 --------- d-----w C:\Program Files\Copy of Sony Handheld 2007-12-03 12:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-02 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-25 02:11 --------- d-----w C:\Program Files\iTunes 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll 2007-10-24 15:11 --------- d-----w C:\Documents and Settings\Andrew Davis\Application Data\OpenOffice.org2 2007-10-21 15:33 --------- d-----w C:\Program Files\QuickTime 2007-10-11 21:47 245,408 ----a-w C:\WINDOWS\SYSTEM32\unicows.dll 2007-01-06 22:27 560 ----a-w C:\Documents and Settings\Andrew Davis\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((( [email protected]_ 7.57.37.98 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-28 21:55:09 8,913 ----a-w C:\WINDOWS\mozver.dat + 2007-12-10 19:28:40 8,913 ----a-w C:\WINDOWS\mozver.dat - 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe + 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 180,269 2006-07-25 12:29:13 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe ----a-w 364,544 2003-01-31 16:27:26 C:\Program Files\Dell\QuickSet\bak\QuickSet.exe ----a-w 460,784 2007-03-15 16:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe ----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe ----a-w 241,664 2005-01-12 19:54:58 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe ----a-w 324 2007-11-20 23:08:10 C:\Program Files\HP\hpcoretech\bak\data\EvntData-300556401.xml ----a-w 256,576 2006-10-30 15:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 77,824 2007-06-05 11:52:56 C:\Program Files\Java\jre1.6.0\bin\bak\jusched.exe ----a-w 90,112 2002-08-14 22:29:26 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe ----a-w 282,624 2006-10-26 00:58:18 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 684,032 2005-07-22 16:57:59 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe ----a-w 98,304 2003-07-14 19:30:26 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe ----a-w 728,176 2006-04-19 14:30:04 C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe ----a-w 57,344 2003-07-11 19:51:16 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\ctfmon.exe ----a-w 28,672 2002-07-17 15:18:06 C:\WINDOWS\SYSTEM32\bak\DSentry.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "PCTVOICE"="pctspk.exe" [2002-07-18 15:58 C:\WINDOWS\SYSTEM32\pctspk.exe] "nwiz"="nwiz.exe" [2004-10-26 11:01 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\SYSTEM32\rundll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2007-12-14 19:07] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50] "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-03-17 11:26:44] HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-12-25 13:31:18] R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 08:50] R2 CVPNDRV;University of Houston IPsec Driver;C:\WINDOWS\System32\Drivers\CVPNDRV.sys [2002-08-07 13:23] R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11] R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 08:50] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41] . Contents of the 'Scheduled Tasks' folder "2007-11-16 01:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-03 01:57:34 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 06:09:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-18 6:10:49 C:\ComboFix2.txt ... 2007-12-17 13:05 C:\ComboFix3.txt ... 2007-12-03 08:01 . 2007-11-26 01:15:56 --- E O F ---
  10. Hello--thanks. I ran combo fix, and I'll include the log from this and the latest HijackThis log below. Combofix log: ComboFix 07-12-17.1 - Andrew Davis 2007-12-17 12:14:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367 [GMT -6:00] Running from: C:\Documents and Settings\Andrew Davis\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\jucvoolr.dll . ((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 ))))))))))))))))))))))))))))))) . 2007-12-17 08:18 . 2007-12-17 08:18 2,558 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-12-17 08:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe 2007-12-17 08:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-12-17 08:17 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe 2007-12-17 08:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-12-17 08:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-12-17 08:17 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe 2007-12-16 15:05 . 2007-12-17 07:00 <DIR> d-------- C:\Program Files\Netscape 2007-12-13 13:23 . 2007-12-13 13:23 <DIR> d-------- C:\Documents and Settings\Andrew Davis\Application Data\Netscape 2007-12-06 19:21 . 2007-12-06 19:21 <DIR> d-------- C:\Program Files\Dynamic Toolbar 2007-12-06 10:21 . 2007-12-06 10:21 <DIR> d-------- C:\Program Files\McAfee 2007-12-06 10:21 . 2007-12-06 10:21 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-12-06 10:21 . 2007-12-06 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-12-06 10:21 . 2006-11-30 08:50 168,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys 2007-12-06 10:21 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys 2007-12-06 10:21 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys 2007-12-06 10:21 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfetdik.sys 2007-12-06 10:21 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys 2007-12-06 10:21 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll.sig 2007-12-06 10:14 . 2007-12-06 10:14 <DIR> d-------- C:\Program Files\iolo 2007-12-06 10:14 . 2007-12-06 10:14 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo 2007-12-06 10:14 . 2007-12-14 19:08 437,096 --a------ C:\WINDOWS\SYSTEM32\Incinerator.dll 2007-12-06 10:14 . 2007-11-20 22:34 35,840 --a------ C:\WINDOWS\SYSTEM32\iolobtdfg.exe 2007-12-06 10:14 . 2007-12-14 17:13 23,040 --a------ C:\WINDOWS\SYSTEM32\smrgdf.exe 2007-12-06 10:14 . 2006-07-24 17:51 9,341 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\filedisk.sys 2007-12-06 10:14 . 2007-12-06 10:14 406 --a------ C:\WINDOWS\SYSTEM32\ioloBootDefrag.cfg 2007-12-06 10:07 . 2007-12-06 10:07 74,703 --a------ C:\WINDOWS\SYSTEM32\mfc45.dll 2007-12-06 10:03 . 2007-12-17 07:54 <DIR> d-------- C:\Documents and Settings\Andrew Davis\Application Data\iolo 2007-12-06 10:03 . 2007-12-17 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2007-12-03 21:51 . 2007-12-03 21:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles 2007-12-03 07:23 . 2007-12-03 07:23 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-03 06:28 . 2007-12-03 06:28 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-03 06:28 . 2007-12-03 06:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-30 13:11 . 2007-12-02 21:29 794,024 --ahs---- C:\WINDOWS\SYSTEM32\jmdcgkmw.ini 2007-11-28 09:50 . 2007-11-28 09:50 23,696 --a------ C:\WINDOWS\SYSTEM32\xxyxuro.dll 2007-11-24 18:11 . 2007-12-04 11:37 <DIR> d----c--- C:\QUARANTINE 2007-11-24 17:05 . 2007-11-24 17:05 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems 2007-11-24 17:05 . 2006-11-17 03:06 1,495,552 --a------ C:\WINDOWS\SYSTEM32\epoPGPsdk.dll 2007-11-24 12:03 . 2007-11-24 12:03 <DIR> d----c--- C:\VirusScan8.5i 2007-11-21 17:09 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll 2007-11-20 15:56 . 2007-11-24 16:30 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-20 14:18 . 2007-11-21 17:03 689,721 --ahs---- C:\WINDOWS\SYSTEM32\phofsojt.ini 2007-11-20 14:15 . 2007-11-24 11:58 <DIR> d--hs---- C:\WINDOWS\QW5kcmV3IERhdmlz 2007-11-18 15:23 . 2007-11-26 18:53 2,238 --a------ C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-10 19:28 --------- d-----w C:\Program Files\AOD 2007-12-06 19:34 --------- d-----w C:\Program Files\WS_FTP 2007-12-06 19:34 --------- d-----w C:\Program Files\Sony Handheld 2007-12-06 19:34 --------- d-----w C:\Program Files\Palm 2007-12-06 19:34 --------- d-----w C:\Program Files\IrfanView 2007-12-06 19:34 --------- d-----w C:\Program Files\Dictionary 2007-12-06 19:34 --------- d-----w C:\Program Files\Copy of Sony Handheld 2007-12-03 12:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-02 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-25 02:11 --------- d-----w C:\Program Files\iTunes 2007-10-24 15:11 --------- d-----w C:\Documents and Settings\Andrew Davis\Application Data\OpenOffice.org2 2007-10-21 15:33 --------- d-----w C:\Program Files\QuickTime 2007-01-06 22:27 560 ----a-w C:\Documents and Settings\Andrew Davis\Application Data\ViewerApp.dat . ((((((((((((((((((((((((((((( [email protected]_ 7.57.37.98 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-28 21:55:09 8,913 ----a-w C:\WINDOWS\mozver.dat + 2007-12-10 19:28:40 8,913 ----a-w C:\WINDOWS\mozver.dat - 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe + 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 180,269 2006-07-25 12:29:13 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe ----a-w 364,544 2003-01-31 16:27:26 C:\Program Files\Dell\QuickSet\bak\QuickSet.exe ----a-w 460,784 2007-03-15 16:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe ----a-w 49,152 2005-02-17 04:11:42 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe ----a-w 241,664 2005-01-12 19:54:58 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe ----a-w 324 2007-11-20 23:08:10 C:\Program Files\HP\hpcoretech\bak\data\EvntData-300556401.xml ----a-w 256,576 2006-10-30 15:36:36 C:\Program Files\iTunes\bak\iTunesHelper.exe ----a-w 77,824 2007-06-05 11:52:56 C:\Program Files\Java\jre1.6.0\bin\bak\jusched.exe ----a-w 90,112 2002-08-14 22:29:26 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe ----a-w 282,624 2006-10-26 00:58:18 C:\Program Files\QuickTime\bak\qttask.exe ----a-w 684,032 2005-07-22 16:57:59 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe ----a-w 98,304 2003-07-14 19:30:26 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\bak\IPMon32.exe ----a-w 728,176 2006-04-19 14:30:04 C:\Program Files\The Weather Channel FW\Desktop Weather\bak\DesktopWeather.exe ----a-w 57,344 2003-07-11 19:51:16 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\bak\ctfmon.exe ----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\SYSTEM32\ctfmon.exe ----a-w 28,672 2002-07-17 15:18:06 C:\WINDOWS\SYSTEM32\bak\DSentry.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97394EE7-20FC-4F82-B47F-131CAA6F664A}] C:\WINDOWS\system32\geeeb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AFF937-46FF-2859-DA27-4BE604835B9D}] C:\WINDOWS\system32\ohvkgtd.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [] "Hafjjddr"="C:\WINDOWS\F?nts\?ttrib.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [] "PCTVOICE"="pctspk.exe" [2002-07-18 15:58 C:\WINDOWS\SYSTEM32\pctspk.exe] "nwiz"="nwiz.exe" [2004-10-26 11:01 C:\WINDOWS\SYSTEM32\nwiz.exe] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\SYSTEM32\rundll32.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [] "0c238f0d"="C:\WINDOWS\system32\wmkgcdmj.dll" [] "SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2007-12-14 19:07] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50] "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-03-17 11:26:44] HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2004-12-25 13:31:18] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjjkh] R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 08:50] R2 CVPNDRV;University of Houston IPsec Driver;C:\WINDOWS\System32\Drivers\CVPNDRV.sys [2002-08-07 13:23] R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11] R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11] R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 08:50] S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41] . Contents of the 'Scheduled Tasks' folder "2007-11-16 01:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-03 01:57:34 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-17 13:01:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-17 13:05:30 - machine was rebooted C:\ComboFix2.txt ... 2007-12-03 08:01 . 2007-11-26 01:15:56 --- E O F --- --------------- HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:14:16 PM, on 12/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {97394EE7-20FC-4F82-B47F-131CAA6F664A} - C:\WINDOWS\system32\geeeb.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B5AFF937-46FF-2859-DA27-4BE604835B9D} - C:\WINDOWS\system32\ohvkgtd.dll (file missing) O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [0c238f0d] rundll32.exe "C:\WINDOWS\system32\wmkgcdmj.dll",b O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Hafjjddr] C:\WINDOWS\F?nts\?ttrib.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O15 - Trusted Zone: *.doginhispen.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - O20 - Winlogon Notify: jkkjjkh - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE O24 - Desktop Component 0: (no name) - About:Home -- End of file - 11983 bytes
  11. Thanks. I ran smitfraudfix.exe as you said. Here's the log: SmitFraudFix v2.269 Scan done at 8:18:13.95, Mon 12/17/2007 Run from C:\Documents and Settings\Andrew Davis\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andrew Davis »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Andrew Davis\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ANDREW~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Dell TrueMobile 1300 WLAN Mini-PCI Card - Packet Scheduler Miniport DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E467EF2-4E05-4211-B3DB-B3E129D1C4B9}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E467EF2-4E05-4211-B3DB-B3E129D1C4B9}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3E467EF2-4E05-4211-B3DB-B3E129D1C4B9}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  12. Hello--I had a bad malware infection that I think I've mostly resolved using spybot search and destroy, adaware, hijackthis, and combofix. Most popups have stopped. But the computer is still running slowly and seems to be using lots of processor power, and I get the message on boot: "C:\WINDOWS\system32\wmkgcdmj.dll--the specified module could not be found." I'm including the latest hjt log and also attaching the latest ad-aware log. Thanks. -------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:30:57 AM, on 12/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\iolo\System Mechanic Professional 7\SMTrayNotify.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {74D31022-161F-4521-B0E0-C1BF5C179A49} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: (no name) - {97394EE7-20FC-4F82-B47F-131CAA6F664A} - C:\WINDOWS\system32\geeeb.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B5AFF937-46FF-2859-DA27-4BE604835B9D} - C:\WINDOWS\system32\ohvkgtd.dll (file missing) O2 - BHO: (no name) - {D18EEBCA-920F-41C8-AAC9-9F6C56F2D84A} - (no file) O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [0c238f0d] rundll32.exe "C:\WINDOWS\system32\wmkgcdmj.dll",b O4 - HKLM\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Hafjjddr] C:\WINDOWS\F?nts\?ttrib.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU) O15 - Trusted Zone: *.doginhispen.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} - O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) - O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - O20 - Winlogon Notify: jkkjjkh - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Houston\UofH VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE O24 - Desktop Component 0: (no name) - About:Home -- End of file - 12378 bytes Ad_Aware_20071213_10_09_49.log
  13. Hello--I had a bad malware infection that I think I've mostly resolved using spybot search and destroy, adaware, hijackthis, and combofix. Most popups have stopped. But the computer is still running slowly and seems to be using lots of processor power, and I get the message on boot: "C:\WINDOWS\system32\wmkgcdmj.dll--the specified module could not be found." I can post any logs on request. Any suggestions for more fixes? Thanks.