Jump to content

dasudevil

Advanced Member
  • Content Count

    394
  • Joined

  • Last visited

About dasudevil

  • Rank
    Advanced Member

Contact Methods

  • Website URL
    http://

Previous Fields

  • Teams:
    Nothing Selected
  1. you can close this. The virus problem has been solved. Now to the new problem and ticket i guess. Thank you for everything. Donald
  2. JonTom, Good morning, Yea nothing major showed up on the scan and no problem with sticking with it. I had nothing better to do and well you have put a lot of time into this and did not want to let you down. COOL... Woke up this morning and noticed my PC was running pretty smooth. I think once it reboots i will run ccleaner, flush my dns, defrag, defrag the reg. OMG its already done i have not seen my pc run this fast in days... Issues: Boot up sound still very choppy System running at 74 - 100%. However i think that's because all the stuff needs to load. Not sure. Still not quite as fast as it was prior however i think a good cleaning will fix that. Now all i need is a good anti virus and firewall. What do you recommend if any? Also is there anything else i need to do too make sure i am 100% clean on this? Thank you, Don Okay after running the ccleaner, defrag on both c drive and registry, and selecting the check errors on the c drive the darn thing has yet to boot up and that was about 7 hours ago. I have restarted the PC, and even tried safe mode, and nothing happens it is hanging like its trying to load but wont. What can i do? Was able to used my scratched up XP disc to run a chkdsk /r in the recovery section. Chkdsk found and fixed one or more errors on the volume. 80027764 kilobytes total disk space 40089292 kilobytes are available. Is there anything else I can check or should do while in this cmd state, or should i just reboot? Keeping here it there till the morning i guess.
  3. Finally the scan worked. I wonder how long it took. Either way its done and glad... ESET Scan... C:\Qoobox\Quarantine\C\WINDOWS\system32\gpprefcl6.dll.vir a variant of Win32/Adware.Virtumonde.NHG application C:\System Volume Information\_restore{90FCBD1E-CEB3-43B0-8FA9-7C0E9F665E51}\RP4\A0001001.dll a variant of Win32/Adware.Virtumonde.NHG application Whats next boss?
  4. is there another type of scan i can do? its been going for 13hours and still at 15%. It was at that when i left for work... Either way i believe this pc is running slower then before. I rebooted after waiting 15 minuted for dds to open hopefully that may help, then again knowing my luck im screwed. LOL Cool reboot time 4 minutes. Now lets see how long till up after log in. 8 minutes till i was able to do something on the PC which was turn on avira. Trying to get you the dds but who knows how long... wow about 1 minute for it to actually load. COOL. Maybe ill be able to post a log before i pass out to sleep... HOLY CRAP the text popped right up... ATTACH UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/7/2009 10:52:39 AM System Uptime: 3/5/2011 5:21:09 AM (0 hours ago) Motherboard: MICRO-STAR | | MS-7145 Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2193/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 76 GiB total, 35.347 GiB free. D: is CDROM () F: is FIXED (NTFS) - 153 GiB total, 53.61 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0 Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\A569C810DC00 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\A569C810DC00 Service: NIC1394 ==== System Restore Points =================== RP1: 3/2/2011 11:12:58 AM - System Checkpoint RP2: 3/3/2011 7:53:03 AM - Installed Windows Internet Explorer 8. RP3: 3/3/2011 7:56:24 AM - Software Distribution Service 3.0 RP4: 3/3/2011 11:35:12 AM - Software Distribution Service 3.0 RP5: 3/4/2011 3:00:59 AM - Software Distribution Service 3.0 RP6: 3/4/2011 3:08:41 PM - Software Distribution Service 3.0 RP7: 3/4/2011 3:27:46 PM - Installed Java 6 Update 24 ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 5 AusLogics Disk Defrag AusLogics Registry Cleaner Avira AntiVir Personal - Free Antivirus Bonjour CA Yahoo! Anti-Spy (remove only) Canon iP2600 series Capture NX 2 CCleaner ConvertXtoDVD 4.0.12.327 DVD Shrink 3.2 DVDFab 6.2.0.5 (11/11/2009) ESET Online Scanner v3 File Uploader Foxit PDF IFilter Foxit Reader Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HTC Driver HTC Sync HxD Hex Editor version 1.7.7.0 iTunes Java Auto Updater Java 6 Update 24 Junk Mail filter update Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WinUsb 1.0 Mozilla Firefox (3.6.14) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Demo Nikon Message Center Nikon Transfer OGA Notifier 2.0.0048.0 Paint.NET v3.5.6 Panda ActiveScan 2.0 PC Wizard 2010.1.92 Picasa 3 Picture Control Utility QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Segoe UI SUPER © Version 2010.bld.38 (May 2, 2010) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2492475) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB976662) ViewNX Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VoiceOver Kit WebFldrs XP Windows Defender Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Mobile Device Updater Component Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver Yahoo! Search Protection Zoodles Zune Zune Language Pack (DEU) Zune Language Pack (ESP) Zune Language Pack (FRA) Zune Language Pack (ITA) Zune Language Pack (NLD) Zune Language Pack (PTB) Zune Language Pack (PTG) ==== Event Viewer Messages From Past Week ======== 3/4/2011 5:44:13 AM, error: VolSnap [14] - The shadow copy of volume C: was aborted because of an IO failure. 3/4/2011 3:04:31 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DONALD-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FE61F725-BC36-. The master browser is stopping or an election is being forced. 3/3/2011 8:28:39 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/3/2011 8:26:06 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/3/2011 8:11:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 3/3/2011 8:11:28 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/3/2011 8:10:46 AM, error: Service Control Manager [7022] - The Windows Search service hung on starting. 3/3/2011 7:38:53 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/3/2011 11:39:58 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 3/3/2011 10:44:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} 3/2/2011 7:53:04 AM, error: atapi [9] - The device, \Device\Ide\IdePort4, did not respond within the timeout period. 3/2/2011 7:35:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 3/2/2011 7:35:51 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/2/2011 7:31:59 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 3/2/2011 7:31:03 AM, error: Service Control Manager [7022] - The McShield service hung on starting. 3/2/2011 12:25:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 3/2/2011 12:24:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/2/2011 12:24:03 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/2/2011 12:21:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/2/2011 12:20:40 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/2/2011 12:16:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 11:31:42 AM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s). 3/2/2011 10:40:48 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 3/2/2011 10:38:34 AM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). 3/2/2011 10:32:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/2/2011 10:29:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss Tcpip 3/2/2011 10:29:55 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:19 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:25 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 2 time(s). 3/1/2011 8:04:16 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 2 time(s). 3/1/2011 8:03:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. . 3/1/2011 8:03:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Donald\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. . 3/1/2011 8:03:09 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system. 3/1/2011 8:03:04 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:04 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Validation Trust Protection Service service to connect. 3/1/2011 8:03:04 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2011 8:03:04 PM, error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2011 8:03:03 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:03 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 3/1/2011 8:01:46 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 3/1/2011 8:01:46 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 3/1/2011 2:41:24 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found. 3/1/2011 2:10:24 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 11:37:46 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort4. 2/27/2011 10:47:36 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} ==== End Of File =========================== DDS DDS (Ver_10-12-12.02) - NTFSx86 Run by Donald at 5:34:30.76 on Sat 03/05/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1524 [GMT -7:00] AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe c:\program files\avira\antivir desktop\avcenter.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Donald\Desktop\ANTIVI~1\EXEFIL~1\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239145717764 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239150007515 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\donald\applic~1\mozilla\firefox\profiles\l4gbgdse.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-1 28552] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-2 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-2 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-2 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-2 61960] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-2-27 25728] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 135664] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528] =============== Created Last 30 ================ 2011-03-04 23:02:05 -------- d-----w- c:\program files\ESET 2011-03-04 22:44:32 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-03-04 22:44:32 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-04 22:44:32 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-03-04 22:10:30 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{fe98640d-1a70-45f7-97b8-7daf8feb5076}\mpengine.dll 2011-03-03 17:31:39 -------- d-----w- c:\windows\system32\NtmsData 2011-03-03 14:49:14 -------- dc-h--w- c:\windows\ie8 2011-03-02 22:34:58 -------- d-sha-r- C:\cmdcons 2011-03-02 22:28:40 98816 ----a-w- c:\windows\sed.exe 2011-03-02 22:28:40 89088 ----a-w- c:\windows\MBR.exe 2011-03-02 22:28:40 256512 ----a-w- c:\windows\PEV.exe 2011-03-02 22:28:40 161792 ----a-w- c:\windows\SWREG.exe 2011-03-02 18:41:45 388096 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-03-02 18:41:40 -------- d-----w- c:\program files\Trend Micro 2011-03-02 18:35:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-02 18:35:39 -------- d-----w- c:\program files\Avira 2011-03-02 18:35:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-03-02 16:40:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-02 16:40:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-02 16:40:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 03:10:02 -------- d-----w- c:\docume~1\donald\applic~1\Avira 2011-03-02 02:16:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-03-02 02:11:56 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-01 21:50:50 -------- d-----w- c:\docume~1\donald\applic~1\Malwarebytes 2011-03-01 21:50:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-02-28 23:08:42 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\Nikon 2011-02-27 18:02:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-27 18:02:36 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-27 18:02:36 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-27 18:02:35 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-25 18:24:02 49152 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe 2011-02-25 18:23:30 335872 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{237cd223-1b9d-47e8-a76c-e478b83ccea2}\ARPPRODUCTICON.exe 2011-02-25 18:22:52 57344 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe 2011-02-25 18:19:59 -------- d-----w- c:\program files\common files\muvee Technologies 2011-02-25 18:19:52 -------- d-----w- c:\program files\common files\Nikon 2011-02-25 18:19:46 -------- d-----w- c:\program files\Nikon 2011-02-25 18:17:29 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\ArcSoft 2011-02-25 18:17:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft 2011-02-25 17:36:47 -------- d-----w- c:\program files\iPod ==================== Find3M ==================== 2011-02-28 23:55:19 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll ============= FINISH: 5:37:55.26 =============== Im going to try and run the online virus scan again. Who knows if that will even work again... Dont know if this matters but i did run the avira when i went to bed yesterday major showed up... Hopefully this PC will do something this time other then make us wait Night Don ---- Morning! WOW it is actually working this time, 47% done with 2 threats found so far. COOOOOOL. They are: Win32/Adware.Virtumonde.NHG both of them. Well today is a weird day. So i dont know how much ill be able to give ya or do. Was hoping this would have been done in 4 hours. Guess not. Ill post a txt as soon as i can
  5. omg.. this thing is taking for ever. So far 15 minutes and still waiting for iexplorer to open along with the control panel. Downloaded java on laptop and bringing it over and will update that way. If i can ever get into to use the pc that is. I SOOO WANNA throw this thing out the window. Ill provide your logs in the morning. Thank you, Don 45 minutes and finally java updated.
  6. Good morning JonTom ComboFix 11-03-03.01 - Donald 03/03/2011 16:28:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1464 [GMT -7:00] Running from: c:\documents and settings\Donald\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Donald\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\Jluqogajimonoba.bin" "c:\windows\system32\gpprefcl6.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Jluqogajimonoba.bin c:\windows\system32\gpprefcl6.dll . ((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 ))))))))))))))))))))))))))))))) . 2011-03-03 18:35 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4A0FBDFC-5A4A-483F-BAB9-16DEE1A58FD2}\mpengine.dll 2011-03-03 17:31 . 2011-03-03 18:22 -------- d-----w- c:\windows\system32\NtmsData 2011-03-03 15:14 . 2011-03-03 15:14 -------- d-----w- c:\windows\LastGood 2011-03-03 14:49 . 2011-03-03 14:55 -------- dc-h--w- c:\windows\ie8 2011-03-02 18:41 . 2011-03-02 18:41 388096 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-03-02 18:41 . 2011-03-02 18:41 -------- d-----w- c:\program files\Trend Micro 2011-03-02 18:35 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-02 18:35 . 2011-01-10 21:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-02 18:35 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-03-02 18:35 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-03-02 18:35 . 2011-03-02 18:35 -------- d-----w- c:\program files\Avira 2011-03-02 18:35 . 2011-03-02 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-03-02 16:40 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-02 16:40 . 2011-03-02 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 16:40 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-02 03:10 . 2011-03-02 03:10 -------- d-----w- c:\documents and settings\Donald\Application Data\Avira 2011-03-02 02:16 . 2011-03-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-03-02 02:11 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-01 21:50 . 2011-03-01 21:50 -------- d-----w- c:\documents and settings\Donald\Application Data\Malwarebytes 2011-03-01 21:50 . 2011-03-01 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-28 23:08 . 2011-02-28 23:08 -------- d-----w- c:\documents and settings\Donald\Local Settings\Application Data\Nikon 2011-02-27 18:02 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-27 18:02 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-27 18:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-27 18:02 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-27 17:50 . 2011-02-27 17:50 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Local Settings\Application Data\Nikon 2011-02-27 17:50 . 2011-02-27 18:02 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Application Data\NIKON 2011-02-25 22:58 . 2011-02-25 22:58 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Local Settings\Application Data\ArcSoft 2011-02-25 22:58 . 2011-02-25 22:58 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Application Data\ArcSoft 2011-02-25 18:26 . 2011-02-28 23:36 -------- d-----w- c:\documents and settings\Donald\Application Data\Nikon 2011-02-25 18:24 . 2011-03-01 00:03 49152 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2011-02-25 18:23 . 2011-02-25 18:23 335872 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2011-02-25 18:22 . 2011-02-25 18:22 57344 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2011-02-25 18:19 . 2011-02-25 18:19 -------- d-----w- c:\program files\Common Files\muvee Technologies 2011-02-25 18:19 . 2011-03-01 00:02 -------- d-----w- c:\program files\Common Files\Nikon 2011-02-25 18:19 . 2011-02-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2011-02-25 18:19 . 2011-03-01 00:02 -------- d-----w- c:\program files\Nikon 2011-02-25 18:19 . 2011-02-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15 2011-02-25 18:19 . 2011-02-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp 2011-02-25 18:17 . 2011-02-25 18:17 -------- d-----w- c:\documents and settings\Donald\Local Settings\Application Data\ArcSoft 2011-02-25 18:17 . 2011-02-25 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2011-02-25 18:14 . 2011-02-25 18:14 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-02-25 18:14 . 2011-02-25 18:14 -------- d-----w- c:\program files\ArcSoft 2011-02-25 18:11 . 2011-02-25 18:17 -------- d-----w- c:\documents and settings\Donald\Application Data\ArcSoft 2011-02-25 17:36 . 2011-02-25 17:36 -------- d-----w- c:\program files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-02 05:04 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys 2011-02-28 23:55 . 2003-03-19 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-02-11 06:54 . 2009-04-08 01:05 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-02-03 00:11 . 2009-10-03 02:05 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\NtmsData ---- 2011-03-03 17:31 . 2011-03-03 17:31 816 ----a-w- c:\windows\system32\NtmsData\NTMSREG 2011-03-03 17:31 . 2011-03-03 18:22 85208 ----a-w- c:\windows\system32\NtmsData\NTMSIDX 2011-03-03 17:31 . 2011-03-03 18:22 110592 ----a-w- c:\windows\system32\NtmsData\NTMSDATA 2011-03-03 17:31 . 2011-03-03 18:22 110592 ----a-w- c:\windows\system32\NtmsData\NTMSDATA.BAK ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "RadeSvc"=2 (0x2) "CdfSvc"=2 (0x2) "iPod Service"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "YahooAUService"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "wlidsvc"=2 (0x2) "gupdate"=2 (0x2) "WMZuneComm"=3 (0x3) "IDriverT"=3 (0x3) "ACDaemon"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/1/2011 7:11 PM 28552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2011 11:36 AM 135336] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/27/2010 9:53 AM 25728] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 5:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 10:24 AM 135664] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] 2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 17:24] 2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 17:24] 2011-03-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Donald\Application Data\Mozilla\Firefox\Profiles\l4gbgdse.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-03 16:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2011-03-03 16:46:19 ComboFix-quarantined-files.txt 2011-03-03 23:46 ComboFix2.txt 2011-03-03 19:07 ComboFix3.txt 2011-03-02 22:59 Pre-Run: 38,259,195,904 bytes free Post-Run: 38,246,141,952 bytes free - - End Of File - - 731D953C81394173CBC8D740A5DEBD4B --------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5934 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/3/2011 8:41:57 PM mbam-log-2011-03-03 (20-41-57).txt Scan type: Full scan (C:\|F:\|) Objects scanned: 306960 Time elapsed: 3 hour(s), 47 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------- PC still running a bit slower then usual. No longer sucking up 100% CPU when nothing is running. Its at 100% when i select the pc to do something. Whats next sir?
  7. JonTom, Without running these programs yet better then before yet no where near as good as it once was. Still running @ 100% when a program is opened up or running. If nothing is going on its at 0% like it should be. Im running the programs now and will post in the morning when i get homes. I work the 3rd shift. Thanks Don Update... On phone so forgive my spelling... I noticed the file you wanted me to scan a few posts back was removed along with the .bin one. Right now its scanning with the malwaree one and will not be able to post till I get home in 11 hours. I think we are making progress...
  8. Alright this one said something... Says File is Empty (0 bytes) JonTom, Did step two and got some stuff going on on the PC. First of all combofix asked for an update after the system told me to close it down since it was not working. (i ignored that one) It has updated and now is attempting to create a new system restore point. At this moment I am still waiting for the blue box to disappear. I have checked the the c drive for the txt in question and nothing. Right now combofix is scanning saying it should not take more then 10 minutes yadda yadda yadda... Ill hopefully be able to post something when its done. Okay got something. Said it was deleting a file: C:documents and settings\donald\application data\chrtmp Now im waiting for it to be finished. Says i cant touch. Trying to keep you up to date as much as possible. BRB again Hope this is what we are looking for.... ComboFix 11-03-03.01 - Donald 03/03/2011 11:49:29.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -7:00] Running from: c:\documents and settings\Donald\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Donald\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Donald\Application Data\chrtmp . ((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 ))))))))))))))))))))))))))))))) . 2011-03-03 18:35 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4A0FBDFC-5A4A-483F-BAB9-16DEE1A58FD2}\mpengine.dll 2011-03-03 17:31 . 2011-03-03 18:22 -------- d-----w- c:\windows\system32\NtmsData 2011-03-03 15:14 . 2011-03-03 15:14 -------- d-----w- c:\windows\LastGood 2011-03-03 14:49 . 2011-03-03 14:55 -------- dc-h--w- c:\windows\ie8 2011-03-02 18:41 . 2011-03-02 18:41 388096 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-03-02 18:41 . 2011-03-02 18:41 -------- d-----w- c:\program files\Trend Micro 2011-03-02 18:35 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-02 18:35 . 2011-01-10 21:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-02 18:35 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-03-02 18:35 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-03-02 18:35 . 2011-03-02 18:35 -------- d-----w- c:\program files\Avira 2011-03-02 18:35 . 2011-03-02 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-03-02 16:40 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-02 16:40 . 2011-03-02 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 16:40 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-02 03:10 . 2011-03-02 03:10 -------- d-----w- c:\documents and settings\Donald\Application Data\Avira 2011-03-02 02:16 . 2011-03-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-03-02 02:11 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-01 21:50 . 2011-03-01 21:50 -------- d-----w- c:\documents and settings\Donald\Application Data\Malwarebytes 2011-03-01 21:50 . 2011-03-01 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-01 20:19 . 2011-03-02 16:08 0 ----a-w- c:\windows\Jluqogajimonoba.bin 2011-02-28 23:19 . 2011-02-28 23:19 52736 --sha-r- c:\windows\system32\gpprefcl6.dll 2011-02-28 23:08 . 2011-02-28 23:08 -------- d-----w- c:\documents and settings\Donald\Local Settings\Application Data\Nikon 2011-02-27 18:02 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-27 18:02 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-27 18:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-27 18:02 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-27 17:50 . 2011-02-27 17:50 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Local Settings\Application Data\Nikon 2011-02-27 17:50 . 2011-02-27 18:02 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Application Data\NIKON 2011-02-25 22:58 . 2011-02-25 22:58 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Local Settings\Application Data\ArcSoft 2011-02-25 22:58 . 2011-02-25 22:58 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Application Data\ArcSoft 2011-02-25 18:26 . 2011-02-28 23:36 -------- d-----w- c:\documents and settings\Donald\Application Data\Nikon 2011-02-25 18:24 . 2011-03-01 00:03 49152 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2011-02-25 18:23 . 2011-02-25 18:23 335872 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2011-02-25 18:22 . 2011-02-25 18:22 57344 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2011-02-25 18:19 . 2011-02-25 18:19 -------- d-----w- c:\program files\Common Files\muvee Technologies 2011-02-25 18:19 . 2011-03-01 00:02 -------- d-----w- c:\program files\Common Files\Nikon 2011-02-25 18:19 . 2011-02-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2011-02-25 18:19 . 2011-03-01 00:02 -------- d-----w- c:\program files\Nikon 2011-02-25 18:19 . 2011-02-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15 2011-02-25 18:19 . 2011-02-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp 2011-02-25 18:17 . 2011-02-25 18:17 -------- d-----w- c:\documents and settings\Donald\Local Settings\Application Data\ArcSoft 2011-02-25 18:17 . 2011-02-25 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2011-02-25 18:14 . 2011-02-25 18:14 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-02-25 18:14 . 2011-02-25 18:14 -------- d-----w- c:\program files\ArcSoft 2011-02-25 18:11 . 2011-02-25 18:17 -------- d-----w- c:\documents and settings\Donald\Application Data\ArcSoft 2011-02-25 17:36 . 2011-02-25 17:36 -------- d-----w- c:\program files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-02 05:04 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys 2011-02-28 23:55 . 2003-03-19 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-02-11 06:54 . 2009-04-08 01:05 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-02-03 00:11 . 2009-10-03 02:05 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\system32\gpprefcl6.dll --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 52736 Created time: 2011-02-28 23:19 Modified time: 2011-02-28 23:19 MD5: !HASH: COULD NOT OPEN FILE !!!!! SHA1: !HASH: COULD NOT OPEN FILE !!!!! ((((((((((((((((((((((((((((( [email protected]_22.53.31 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-07 23:35 . 2008-11-08 01:55 26144 c:\windows\system32\spupdsvc.exe + 2009-04-07 23:35 . 2009-01-08 01:21 26144 c:\windows\system32\spupdsvc.exe + 2009-04-08 02:09 . 2009-01-08 01:20 16928 c:\windows\system32\spmsg.dll - 2009-04-08 02:09 . 2008-11-08 01:55 16928 c:\windows\system32\spmsg.dll + 2011-03-03 14:59 . 2009-03-08 11:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll + 2011-03-03 14:59 . 2008-07-08 13:02 17272 c:\windows\ie8updates\KB982381-IE8\spmsg.dll + 2011-03-03 14:59 . 2008-07-08 13:02 26488 c:\windows\ie8updates\KB982381-IE8\spcustom.dll - 2010-06-10 10:10 . 2010-02-25 06:24 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll + 2011-03-03 14:59 . 2009-03-08 11:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll - 2010-06-10 10:10 . 2010-02-25 06:24 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll + 2011-03-03 14:59 . 2009-03-08 11:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll - 2011-02-10 10:01 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll + 2011-03-03 15:02 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll + 2011-03-03 15:02 . 2010-07-05 13:15 17272 c:\windows\ie8updates\KB2482017-IE8\spmsg.dll + 2011-03-03 15:02 . 2010-07-05 13:15 26488 c:\windows\ie8updates\KB2482017-IE8\spcustom.dll + 2011-03-03 15:02 . 2009-03-08 11:31 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll - 2011-02-10 10:01 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll - 2011-02-10 10:01 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll + 2011-03-03 15:02 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll + 2011-03-03 15:02 . 2009-03-08 11:34 43008 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll - 2011-02-10 10:01 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll + 2011-03-03 15:02 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll + 2011-03-03 14:49 . 2008-04-14 00:12 37888 c:\windows\ie8\url.dll - 2009-04-08 01:07 . 2008-04-14 00:12 37888 c:\windows\ie8\url.dll + 2011-03-03 14:52 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll - 2009-04-08 01:09 . 2009-03-08 21:23 58464 c:\windows\ie8\spuninst\iecustom.dll + 2011-03-03 14:49 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll - 2009-04-08 01:07 . 2008-04-14 00:12 39424 c:\windows\ie8\pngfilt.dll + 2011-03-03 14:49 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll - 2009-04-08 01:07 . 2008-04-14 00:12 96256 c:\windows\ie8\occache.dll - 2009-04-08 01:07 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll + 2011-03-03 14:49 . 2008-04-13 16:26 56832 c:\windows\ie8\mshtmler.dll + 2011-03-03 14:49 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe - 2009-04-08 01:07 . 2008-04-14 00:12 29184 c:\windows\ie8\mshta.exe + 2011-03-03 14:49 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll - 2009-04-08 01:07 . 2008-04-14 00:11 22016 c:\windows\ie8\licmgr10.dll - 2009-04-08 01:07 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll + 2011-03-03 14:49 . 2008-04-14 00:11 15872 c:\windows\ie8\jsproxy.dll - 2009-04-08 01:07 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll + 2011-03-03 14:49 . 2008-04-14 00:11 96256 c:\windows\ie8\inseng.dll + 2011-03-03 14:49 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll - 2009-04-08 01:07 . 2008-04-14 00:11 35840 c:\windows\ie8\imgutil.dll - 2009-04-08 01:07 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe + 2011-03-03 14:49 . 2008-04-14 00:12 93184 c:\windows\ie8\iexplore.exe - 2009-04-08 01:07 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll + 2011-03-03 14:49 . 2008-04-14 00:11 62976 c:\windows\ie8\iesetup.dll + 2011-03-03 14:49 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll - 2009-04-08 01:07 . 2008-04-14 00:11 48640 c:\windows\ie8\iernonce.dll + 2011-03-03 14:49 . 2008-04-14 00:11 81920 c:\windows\ie8\ieencode.dll - 2009-04-08 01:07 . 2008-04-14 00:11 81920 c:\windows\ie8\ieencode.dll + 2011-03-03 14:49 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe - 2009-04-08 01:07 . 2008-04-14 00:12 34304 c:\windows\ie8\ie4uinit.exe - 2009-04-08 01:07 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll + 2011-03-03 14:49 . 2008-04-14 00:11 38912 c:\windows\ie8\hmmapi.dll + 2011-03-03 14:49 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll - 2009-04-08 01:07 . 2008-04-14 00:11 35328 c:\windows\ie8\corpol.dll - 2009-04-08 01:07 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll + 2011-03-03 14:49 . 2008-04-14 00:11 99840 c:\windows\ie8\advpack.dll - 2009-04-08 01:07 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll + 2011-03-03 14:49 . 2008-04-14 00:11 61440 c:\windows\ie8\admparse.dll + 2009-04-08 01:05 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll + 2011-03-03 15:01 . 2009-03-08 11:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll - 2001-08-23 12:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll + 2001-08-23 12:00 . 2009-03-08 11:33 420352 c:\windows\system32\vbscript.dll - 2001-08-23 12:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll + 2001-08-23 12:00 . 2009-03-08 11:33 726528 c:\windows\system32\jscript.dll - 2009-03-08 11:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll + 2009-03-08 11:33 . 2009-03-08 11:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2009-01-08 01:20 . 2009-01-08 01:20 474112 c:\windows\system32\dllcache\shlwapi.dll - 2009-01-08 01:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll + 2009-03-08 11:33 . 2009-03-08 11:33 726528 c:\windows\system32\dllcache\jscript.dll - 2009-03-08 11:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll + 2011-03-03 14:59 . 2009-03-08 11:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll + 2011-03-03 14:59 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\updspapi.dll + 2011-03-03 14:59 . 2008-07-08 13:02 755576 c:\windows\ie8updates\KB982381-IE8\update.exe - 2010-06-10 10:10 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll + 2011-03-03 14:59 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll + 2011-03-03 14:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe - 2010-06-10 10:10 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe + 2011-03-03 14:59 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst.exe + 2011-03-03 14:59 . 2009-03-08 11:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll + 2011-03-03 14:59 . 2009-03-08 11:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll - 2010-06-10 10:10 . 2010-02-25 06:24 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll - 2010-06-10 10:10 . 2010-02-25 06:24 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll + 2011-03-03 14:59 . 2009-03-08 11:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll + 2011-03-03 14:59 . 2009-03-08 11:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll + 2011-03-03 14:59 . 2009-03-08 11:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll - 2010-06-10 10:10 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll + 2011-03-03 14:59 . 2009-03-08 11:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll + 2011-03-03 14:59 . 2009-03-08 21:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll - 2010-06-10 10:10 . 2010-02-24 09:54 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe + 2011-03-03 14:59 . 2009-03-08 11:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe - 2011-02-10 10:01 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll + 2011-03-03 15:02 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll + 2011-03-03 15:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\updspapi.dll + 2011-03-03 15:02 . 2010-07-05 13:15 755576 c:\windows\ie8updates\KB2482017-IE8\update.exe + 2011-03-03 15:03 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll - 2011-02-10 10:01 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll - 2011-02-10 10:01 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe + 2011-03-03 15:03 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe + 2011-03-03 15:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst.exe - 2011-02-10 10:01 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll + 2011-03-03 15:02 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll - 2011-02-10 10:01 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll + 2011-03-03 15:02 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll + 2011-03-03 15:02 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll - 2011-02-10 10:01 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll + 2011-03-03 15:02 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll + 2011-03-03 15:02 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll - 2011-02-10 10:01 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll + 2011-03-03 15:02 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll - 2011-02-10 10:01 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll - 2011-02-10 10:01 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll + 2011-03-03 15:02 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll + 2011-03-03 15:02 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe + 2011-03-03 15:01 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll + 2011-03-03 15:01 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe - 2009-04-08 01:07 . 2008-04-14 00:12 666112 c:\windows\ie8\wininet.dll + 2011-03-03 14:49 . 2008-04-14 00:12 666112 c:\windows\ie8\wininet.dll - 2009-04-08 01:07 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll + 2011-03-03 14:49 . 2008-04-14 00:12 276480 c:\windows\ie8\webcheck.dll + 2011-03-03 14:49 . 2008-04-14 00:12 851968 c:\windows\ie8\vgx.dll - 2009-04-08 01:07 . 2008-04-14 00:12 851968 c:\windows\ie8\vgx.dll + 2011-03-03 14:49 . 2008-04-14 00:12 434176 c:\windows\ie8\vbscript.dll - 2009-04-08 01:07 . 2008-04-14 00:12 434176 c:\windows\ie8\vbscript.dll + 2011-03-03 14:49 . 2008-04-14 00:12 619520 c:\windows\ie8\urlmon.dll - 2009-04-08 01:07 . 2008-04-14 00:12 619520 c:\windows\ie8\urlmon.dll - 2009-04-08 01:09 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll + 2011-03-03 14:52 . 2009-01-08 01:21 382496 c:\windows\ie8\spuninst\updspapi.dll + 2011-03-03 14:52 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe - 2009-04-08 01:09 . 2009-01-08 01:20 231456 c:\windows\ie8\spuninst\spuninst.exe - 2009-04-08 01:07 . 2008-04-14 00:12 532480 c:\windows\ie8\mstime.dll + 2011-03-03 14:49 . 2008-04-14 00:12 532480 c:\windows\ie8\mstime.dll + 2011-03-03 14:49 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll - 2009-04-08 01:07 . 2008-04-14 00:12 146432 c:\windows\ie8\msrating.dll + 2011-03-03 14:49 . 2001-08-23 12:00 146432 c:\windows\ie8\msls31.dll - 2009-04-08 01:07 . 2001-08-23 12:00 146432 c:\windows\ie8\msls31.dll - 2009-04-08 01:07 . 2008-04-14 00:11 449024 c:\windows\ie8\mshtmled.dll + 2011-03-03 14:49 . 2008-04-14 00:11 449024 c:\windows\ie8\mshtmled.dll - 2009-04-08 01:07 . 2008-04-14 00:11 512000 c:\windows\ie8\jscript.dll + 2011-03-03 14:49 . 2008-04-14 00:11 512000 c:\windows\ie8\jscript.dll + 2011-03-03 14:49 . 2008-04-14 00:11 251904 c:\windows\ie8\iepeers.dll - 2009-04-08 01:07 . 2008-04-14 00:11 251904 c:\windows\ie8\iepeers.dll + 2011-03-03 14:49 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll - 2009-04-08 01:07 . 2008-04-14 00:11 323584 c:\windows\ie8\iedkcs32.dll + 2011-03-03 14:49 . 2001-08-23 12:00 221184 c:\windows\ie8\ieakui.dll - 2009-04-08 01:07 . 2001-08-23 12:00 221184 c:\windows\ie8\ieakui.dll - 2009-04-08 01:07 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll + 2011-03-03 14:49 . 2008-04-14 00:11 216576 c:\windows\ie8\ieaksie.dll + 2011-03-03 14:49 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll - 2009-04-08 01:07 . 2008-04-14 00:11 143360 c:\windows\ie8\ieakeng.dll - 2009-04-08 01:07 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll + 2011-03-03 14:49 . 2008-04-14 00:11 205312 c:\windows\ie8\dxtrans.dll + 2011-03-03 14:49 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll - 2009-04-08 01:07 . 2008-04-14 00:11 357888 c:\windows\ie8\dxtmsft.dll + 2011-03-03 14:59 . 2009-03-08 11:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll + 2011-03-03 14:59 . 2009-03-08 11:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll + 2011-03-03 14:59 . 2009-03-08 11:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll + 2011-03-03 15:02 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll + 2011-03-03 15:02 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll + 2011-03-03 15:02 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll + 2011-03-03 14:49 . 2008-04-14 00:11 3066880 c:\windows\ie8\mshtml.dll - 2009-04-08 01:07 . 2008-04-14 00:11 3066880 c:\windows\ie8\mshtml.dll + 2011-03-03 14:59 . 2009-03-08 11:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll + 2011-03-03 15:02 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "RadeSvc"=2 (0x2) "CdfSvc"=2 (0x2) "iPod Service"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "YahooAUService"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "wlidsvc"=2 (0x2) "gupdate"=2 (0x2) "WMZuneComm"=3 (0x3) "IDriverT"=3 (0x3) "ACDaemon"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/1/2011 7:11 PM 28552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2011 11:36 AM 135336] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/27/2010 9:53 AM 25728] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 5:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 10:24 AM 135664] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] 2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 17:24] 2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 17:24] 2011-03-03 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Donald\Application Data\Mozilla\Firefox\Profiles\l4gbgdse.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-03 12:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2011-03-03 12:07:02 ComboFix-quarantined-files.txt 2011-03-03 19:06 ComboFix2.txt 2011-03-02 22:59 Pre-Run: 38,252,957,696 bytes free Post-Run: 38,232,780,800 bytes free - - End Of File - - 07CC90AE0140FD2C3AD0BE726F7363A9
  9. That is like the exact same thing i was doing. Still nothing even after waiting almost 2 hours to see if it did something. I even tried selecting the exact same file without the copy paste. Still nothing in return.
  10. Okay did all that. How long does this actually take? I placed that file in the browse section and it instantly reloaded back to the start page. Am i missing something? No results. This is all done on the infected PC correct? Im letting it run to see what may happen if anything. Will check back in a few to see. BTW infected PC is now online and able to view the net. Still have not done any googling or searching till i have been given the OKAY from you. Also this is done in IE8. Mozilla does not even look close to the same. Thank you Donald
  11. McAfee is on the NON infected PC. Sorry i should have been clear about that. I believe you that its clean. Hello Tom, Combo Fix log is posted above. Also unhooked the desktop to the net again. I had to hook up to dl the combofix thing since it asked me too. Waiting for your reply master...
  12. On the auto run eater, McAfee said it was a Trojan and removed the files before i could open it on my laptop. I am currently downloading and running combofix on bad PC. Up to stage 10 Will report back once i get the file your looking for. Also are you saying once this is done i can use the net and everything should be fine? ComboFix ComboFix 11-03-02.01 - Donald 03/02/2011 15:42:42.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1448 [GMT -7:00] Running from: c:\documents and settings\Donald\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Donald\Application Data\Adobe\plugs c:\documents and settings\Donald\Application Data\inst.exe c:\documents and settings\Donald\Local Settings\Application Data\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01} c:\documents and settings\Donald\Local Settings\Application Data\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01}\chrome.manifest c:\documents and settings\Donald\Local Settings\Application Data\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01}\chrome\content\_cfg.js c:\documents and settings\Donald\Local Settings\Application Data\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01}\chrome\content\overlay.xul c:\documents and settings\Donald\Local Settings\Application Data\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01}\install.rdf c:\windows\obocacezafitequw.dll . ((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 ))))))))))))))))))))))))))))))) . 2011-03-02 18:41 . 2011-03-02 18:41 388096 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-03-02 18:41 . 2011-03-02 18:41 -------- d-----w- c:\program files\Trend Micro 2011-03-02 18:35 . 2011-01-10 21:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-02 18:35 . 2011-01-10 21:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-02 18:35 . 2010-06-17 21:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-03-02 18:35 . 2010-06-17 21:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-03-02 18:35 . 2011-03-02 18:35 -------- d-----w- c:\program files\Avira 2011-03-02 18:35 . 2011-03-02 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-03-02 16:40 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-02 16:40 . 2011-03-02 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 16:40 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-02 03:10 . 2011-03-02 03:10 -------- d-----w- c:\documents and settings\Donald\Application Data\Avira 2011-03-02 02:16 . 2011-03-02 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-03-02 02:11 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-01 21:50 . 2011-03-01 21:50 -------- d-----w- c:\documents and settings\Donald\Application Data\Malwarebytes 2011-03-01 21:50 . 2011-03-01 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-01 20:19 . 2011-03-02 16:08 0 ----a-w- c:\windows\Jluqogajimonoba.bin 2011-02-28 23:19 . 2011-02-28 23:19 52736 --sha-r- c:\windows\system32\gpprefcl6.dll 2011-02-28 23:08 . 2011-02-28 23:08 -------- d-----w- c:\documents and settings\Donald\Local Settings\Application Data\Nikon 2011-02-27 18:02 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-27 18:02 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-27 18:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-27 18:02 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-27 17:50 . 2011-02-27 17:50 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Local Settings\Application Data\Nikon 2011-02-27 17:50 . 2011-02-27 18:02 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Application Data\NIKON 2011-02-25 22:58 . 2011-02-25 22:58 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Local Settings\Application Data\ArcSoft 2011-02-25 22:58 . 2011-02-25 22:58 -------- d-----w- c:\documents and settings\Stephanie.DONALD-JM9PKQZW\Application Data\ArcSoft 2011-02-25 18:26 . 2011-02-28 23:36 -------- d-----w- c:\documents and settings\Donald\Application Data\Nikon 2011-02-25 18:24 . 2011-03-01 00:03 49152 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2011-02-25 18:23 . 2011-02-25 18:23 335872 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2011-02-25 18:22 . 2011-02-25 18:22 57344 ----a-r- c:\documents and settings\Donald\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2011-02-25 18:19 . 2011-02-25 18:19 -------- d-----w- c:\program files\Common Files\muvee Technologies 2011-02-25 18:19 . 2011-03-01 00:02 -------- d-----w- c:\program files\Common Files\Nikon 2011-02-25 18:19 . 2011-02-25 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon 2011-02-25 18:19 . 2011-03-01 00:02 -------- d-----w- c:\program files\Nikon 2011-02-25 18:19 . 2011-02-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15 2011-02-25 18:19 . 2011-02-27 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp 2011-02-25 18:17 . 2011-02-25 18:17 -------- d-----w- c:\documents and settings\Donald\Local Settings\Application Data\ArcSoft 2011-02-25 18:17 . 2011-02-25 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2011-02-25 18:14 . 2011-02-25 18:14 -------- d-----w- c:\program files\Common Files\ArcSoft 2011-02-25 18:14 . 2011-02-25 18:14 -------- d-----w- c:\program files\ArcSoft 2011-02-25 18:11 . 2011-02-25 18:17 -------- d-----w- c:\documents and settings\Donald\Application Data\ArcSoft 2011-02-25 17:36 . 2011-02-25 17:36 -------- d-----w- c:\program files\iPod 2011-02-25 09:04 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B34A222C-6B89-4AC1-AB72-FEA8AE2B11D3}\mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-02 05:04 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys 2011-02-28 23:55 . 2003-03-19 19:05 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-02-03 00:11 . 2009-10-03 02:05 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-13 09:41 . 2009-04-08 01:05 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59 . 2001-08-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15 . 2001-08-23 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30 . 2001-08-23 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38 . 2001-08-23 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07 . 2001-08-17 13:48 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-07-06 20:30 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor] 2009-09-16 01:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-08-11 03:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "ose"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "idsvc"=3 (0x3) "RadeSvc"=2 (0x2) "CdfSvc"=2 (0x2) "iPod Service"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "YahooAUService"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "ZuneNetworkSvc"=3 (0x3) "wlidsvc"=2 (0x2) "gupdate"=2 (0x2) "WMZuneComm"=3 (0x3) "IDriverT"=3 (0x3) "ACDaemon"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/1/2011 7:11 PM 28552] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/2/2011 11:36 AM 135336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/27/2010 9:53 AM 25728] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 5:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2010 10:24 AM 135664] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528] --- Other Services/Drivers In Memory --- *NewlyCreated* - ANTIVIRSCHEDULERSERVICE *NewlyCreated* - ANTIVIRSERVICE *NewlyCreated* - AVGIO *NewlyCreated* - AVGNTFLT *NewlyCreated* - AVIPBB *NewlyCreated* - NAPAGENT *NewlyCreated* - NORMANDY *Deregistered* - fgxorpod *Deregistered* - Normandy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder 2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] 2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 17:24] 2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 17:24] 2011-03-01 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] 2011-03-02 c:\windows\Tasks\User_Feed_Synchronization-{6C3CAFB6-C30C-428B-88B1-24CEE525D646}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] 2011-03-02 c:\windows\Tasks\User_Feed_Synchronization-{D3A56D5F-2D43-4A65-A85F-C8C439885739}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi FF - ProfilePath - c:\documents and settings\Donald\Application Data\Mozilla\Firefox\Profiles\l4gbgdse.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - HKLM-Run-Iqatufira - c:\windows\obocacezafitequw.dll SafeBoot-klmdb.sys SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Iqatufira - c:\windows\obocacezafitequw.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-02 15:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2011-03-02 15:59:14 ComboFix-quarantined-files.txt 2011-03-02 22:58 Pre-Run: 37,634,097,152 bytes free Post-Run: 38,700,331,008 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /noguiboot - - End Of File - - FBF682A518B86A7AB6033188A1604C33
  13. HELLLOOOOOOO JonTom... The welcome to the pit should read welcome back... OOO maybe one could be made. LOL... Thank you for replying. I am using my laptop which is next to the desk top so i am able to copy paste files between my thumbnail drive and use the Net... As of right now and the past hour or so the desktop has been removed from the net. We are safe there. Running now... By time i finished typing this it was done here is what i got: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-02 13:02:16 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Donald\LOCALS~1\Temp\fgxorpod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DAD360, 0x307AC7, 0xE8000020] ? C:\DOCUME~1\Donald\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[840] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Here is the new DDS Logs: DDS (Ver_10-12-12.02) - NTFSx86 Run by Donald at 12:44:40.01 on Wed 03/02/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1533 [GMT -7:00] AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\System32\cisvc.exe svchost.exe svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Donald\Desktop\Anti Virus Crap\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iqatufira] rundll32.exe "c:\windows\obocacezafitequw.dll",Startup mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239145717764 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239150007515 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\donald\applic~1\mozilla\firefox\profiles\l4gbgdse.default\ FF - prefs.js: browser.startup.homepage - msn.com FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: XULRunner: {3D2E6DD9-A61B-4D58-AA40-EE831898BB01} - c:\documents and settings\donald\local settings\application data\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-1 28552] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-2 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-2 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-2 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-2 61960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-2-27 25728] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 135664] S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528] =============== Created Last 30 ================ 2011-03-02 18:41:45 388096 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-03-02 18:41:40 -------- d-----w- c:\program files\Trend Micro 2011-03-02 18:35:47 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-02 18:35:39 -------- d-----w- c:\program files\Avira 2011-03-02 18:35:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-03-02 16:40:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-02 16:40:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-02 16:40:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-02 03:10:02 -------- d-----w- c:\docume~1\donald\applic~1\Avira 2011-03-02 02:16:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-03-02 02:11:56 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-01 21:50:50 -------- d-----w- c:\docume~1\donald\applic~1\Malwarebytes 2011-03-01 21:50:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-01 20:19:33 0 ----a-w- c:\windows\Jluqogajimonoba.bin 2011-03-01 20:18:53 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01} 2011-02-28 23:19:41 52736 --sha-r- c:\windows\system32\gpprefcl6.dll 2011-02-28 23:08:42 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\Nikon 2011-02-27 18:02:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-27 18:02:36 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-27 18:02:36 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-27 18:02:35 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-25 18:24:02 49152 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe 2011-02-25 18:23:30 335872 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{237cd223-1b9d-47e8-a76c-e478b83ccea2}\ARPPRODUCTICON.exe 2011-02-25 18:22:52 57344 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe 2011-02-25 18:19:59 -------- d-----w- c:\program files\common files\muvee Technologies 2011-02-25 18:19:52 -------- d-----w- c:\program files\common files\Nikon 2011-02-25 18:19:46 -------- d-----w- c:\program files\Nikon 2011-02-25 18:17:29 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\ArcSoft 2011-02-25 18:17:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft 2011-02-25 17:36:47 -------- d-----w- c:\program files\iPod 2011-02-25 09:04:57 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b34a222c-6b89-4ac1-ab72-fea8ae2b11d3}\mpengine.dll ==================== Find3M ==================== 2011-02-28 23:55:19 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll ============= FINISH: 12:47:10.32 =============== Attach Logs: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/7/2009 10:52:39 AM System Uptime: 3/2/2011 10:33:04 AM (2 hours ago) Motherboard: MICRO-STAR | | MS-7145 Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2193/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 76 GiB total, 35.211 GiB free. D: is CDROM () F: is FIXED (NTFS) - 153 GiB total, 53.63 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0 Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0 Service: Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: 1394 Net Adapter Device ID: V1394\NIC1394\A569C810DC00 Manufacturer: Microsoft Name: 1394 Net Adapter PNP Device ID: V1394\NIC1394\A569C810DC00 Service: NIC1394 ==== System Restore Points =================== RP1: 3/2/2011 11:12:58 AM - System Checkpoint ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 5 AusLogics Disk Defrag AusLogics Registry Cleaner Avira AntiVir Personal - Free Antivirus Bonjour CA Yahoo! Anti-Spy (remove only) Canon iP2600 series Capture NX 2 CCleaner ConvertXtoDVD 4.0.12.327 DVD Shrink 3.2 DVDFab 6.2.0.5 (11/11/2009) File Uploader Foxit PDF IFilter Foxit Reader Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HTC Driver HTC Sync HxD Hex Editor version 1.7.7.0 iTunes Java 6 Update 13 Junk Mail filter update Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WinUsb 1.0 Mozilla Firefox (3.6.14) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Demo Nikon Message Center Nikon Transfer OGA Notifier 2.0.0048.0 Paint.NET v3.5.6 Panda ActiveScan 2.0 PC Wizard 2010.1.92 Picasa 3 Picture Control Utility QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Segoe UI SUPER © Version 2010.bld.38 (May 2, 2010) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2492475) Update for Windows Internet Explorer 8 (KB968220) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows Internet Explorer 8 (KB982632) ViewNX Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VoiceOver Kit WebFldrs XP Windows Defender Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Mobile Device Updater Component Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver Yahoo! Search Protection Zoodles Zune Zune Language Pack (DEU) Zune Language Pack (ESP) Zune Language Pack (FRA) Zune Language Pack (ITA) Zune Language Pack (NLD) Zune Language Pack (PTB) Zune Language Pack (PTG) ==== Event Viewer Messages From Past Week ======== 3/2/2011 7:35:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. 3/2/2011 7:35:51 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/2/2011 7:31:44 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/2/2011 7:31:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 3/2/2011 7:31:03 AM, error: Service Control Manager [7022] - The McShield service hung on starting. 3/2/2011 12:17:25 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 3/2/2011 12:17:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/2/2011 12:16:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/2/2011 12:16:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/2/2011 12:16:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM avgio avipbb Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 3/2/2011 12:16:05 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/2/2011 11:31:42 AM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s). 3/2/2011 11:31:31 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/2/2011 11:31:21 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 3/2/2011 11:00:11 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DONALD-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FE61F725-BC36-. The master browser is stopping or an election is being forced. 3/2/2011 10:40:28 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8} 3/2/2011 10:29:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM Fips IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss Tcpip 3/1/2011 8:20:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:19 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:25 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 2 time(s). 3/1/2011 8:04:16 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 2 time(s). 3/1/2011 8:03:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. . 3/1/2011 8:03:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Donald\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. . 3/1/2011 8:03:09 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system. 3/1/2011 8:03:04 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:04 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Validation Trust Protection Service service to connect. 3/1/2011 8:03:04 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2011 8:03:04 PM, error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2011 8:03:03 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:01:53 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 3/1/2011 2:10:24 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 2:03:24 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found. 3/1/2011 2:01:19 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 3/1/2011 2:01:19 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 3/1/2011 11:37:46 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort4. 3/1/2011 11:34:45 PM, error: atapi [9] - The device, \Device\Ide\IdePort4, did not respond within the timeout period. 3/1/2011 1:15:00 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/27/2011 10:47:36 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 2/25/2011 11:34:44 AM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). ==== End Of File =========================== RKUnhooker Report RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0xB8DAD000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6856704 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 163.71 ) 0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5783552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 163.71 ) 0xB8B01000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2297856 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM)) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2069376 bytes 0x804D7000 RAW 2069376 bytes 0x804D7000 WMIxWDM 2069376 bytes 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xB9E30000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xB3301000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime) 0xB0068000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB3394000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xB014D000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xAF88E000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver) 0xBF596000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0xADFF5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xB33F2000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xAE56D000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB9E03000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xADFCA000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer) 0xB00D8000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xB0125000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xAE317000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement) 0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xB0042000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xAE050000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver) 0xB8ADD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB8D75000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB8D52000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xAF90E000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export)) 0xB0103000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x806D1000 ACPI_HAL 131840 bytes 0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xAE5D7000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver ) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xB9DE9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xB0002000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xADFB2000 C:\DOCUME~1\Donald\LOCALS~1\Temp\fgxorpod.sys 98304 bytes 0xB9ED4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB8AB2000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xB9EBD000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver) 0xAE1C8000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver) 0xAF5D1000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB8AC9000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver) 0xB8D99000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xB01A6000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xAE59A000 C:\WINDOWS\System32\DRIVERS\sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB8AA1000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xB9447000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xBA2A8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver) 0xBA208000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client) 0xBA2C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xBA2B8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xAF73E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xBA1E8000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA0C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver) 0xBA198000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0xBA288000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver) 0xBA108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xBA2D8000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xBA2E8000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xBA168000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices) 0xBA308000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xBA268000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xBA298000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xBA2F8000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA188000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 45056 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator) 0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xBA1A8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xBA178000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xB9457000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xBA318000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xBA1F8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xAE166000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xB9437000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xBA380000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xBA440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xBA458000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xBA3E0000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xB34BC000 C:\DOCUME~1\Donald\LOCALS~1\Temp\mbr.sys 28672 bytes 0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver) 0xBA448000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0xBA460000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA4A0000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xBA338000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver) 0xBA410000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver) 0xBA450000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0xBA370000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xBA378000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA490000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA498000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA468000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xBA438000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver) 0xB34B4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xBA554000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xAF56F000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xBA544000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xB9DB9000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB9DB5000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xBA594000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xB797B000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xBA580000 C:\WINDOWS\System32\Drivers\vulfntr.sys 12288 bytes (VIA Technologies, Inc., VIA USB Roothub Lower Filter Driver) 0xBA5E2000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter) 0xBA62C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xBA634000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xBA62A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA62E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA658000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver) 0xBA630000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA622000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA628000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA697000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xBA6E0000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA793000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== Said something about nothing found with a frown. Waiting for your next step sir. Thank you, Don
  14. Okay did the GMER scan when writing this and froze PC. Had to reboot 4 times. Was able to get into safe mode and scanned over night. Thing takes for EVER... Said nothing was wrong with system or something like that. So i rebooted and NOW cant even get into the PC. Im stuck at the black screen of we are sorry your pc did not start... So far thats all i got in the first post. If i can figure out how to get this darn thing to load ill run it again. OMG. Finally got in after what 30 minutes. Something is USING THAT MEMORY. going into task manager and killing off some programs. Nothing in applications tab and CPU is at 100% constantly...Also unable to stop McAfee and Avira from running. Im also going to uninstall all the anti virus crap i installed since i completely removed it from the net. Want to THROW the darn thing out the window. I cant stand typing on a laptop. THank you Im starting to wonder if i have had this virus for a while and now it activated. My PC is running HORRIBLE and i have nothing on. I have to reboot when in the scan for Gmer thing. Completly freezes PC. I have uninstalled everything including virus protections and tried the GMER and still no help. So i reinstalled Malware bytes and avira. At this moment NOTHING is showing i have a virus or malware however i know the redirect is still there. Its doing it. What am i missing?
  15. Started off with a bunch of pop up windows when i logged on. Then found out it was the Antimalware Doctor virus. Well that was sorta easy to remove. Took me a while but i got it. After removing that i figured out i got a Google issue. No matter what i search i get redirected. Googled that and whoola it led me here I have all the files needed except One which destroys the PC to inoperable. Here we go... Hijack Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:48:41 AM, on 3/2/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iqatufira] rundll32.exe "C:\WINDOWS\obocacezafitequw.dll",Startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239145717764 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239150007515 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- End of file - 6711 bytes Lets see system info... Windows XP SP3 AMD 2.19 Ghz 2.0 GB Ram Have Cox version of McAfee Recent downloads to remove malware and Trojans: Avira AntiVir (McAfee was turned off when i scanned) Super AntiSpyware Free Edition Malwarebytes TdssKiller All programs reported clean after reboot and did a quick scan. Followed instructions provided by JomTom 1. Please perform the following scan Attach.txt Scan UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/7/2009 10:52:39 AM System Uptime: 3/1/2011 10:04:07 PM (0 hours ago) Motherboard: MICRO-STAR | | MS-7145 Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2193/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 76 GiB total, 34.93 GiB free. D: is CDROM () F: is FIXED (NTFS) - 153 GiB total, 53.63 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0 Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0 Service: ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11.5 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Panorama Maker 5 AusLogics Disk Defrag AusLogics Registry Cleaner Avira AntiVir Personal - Free Antivirus Bonjour CA Yahoo! Anti-Spy (remove only) Canon iP2600 series Capture NX 2 CCleaner ConvertXtoDVD 4.0.12.327 DVD Shrink 3.2 DVDFab 6.2.0.5 (11/11/2009) File Uploader Foxit PDF IFilter Foxit Reader Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HTC Driver HTC Sync HxD Hex Editor version 1.7.7.0 iTunes Java 6 Update 13 Junk Mail filter update Malwarebytes' Anti-Malware McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WinUsb 1.0 MobileMe Control Panel MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Demo Nikon Message Center Nikon Transfer OGA Notifier 2.0.0048.0 Paint.NET v3.5.6 Panda ActiveScan 2.0 PC Wizard 2010.1.92 Picasa 3 Picture Control Utility QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2289158) Security Update for 2007 Microsoft Office System (KB2344875) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB2345035) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office PowerPoint Viewer (KB2413381) Security Update for Microsoft Office Publisher 2007 (KB2284697) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Segoe UI SUPER © Version 2010.bld.38 (May 2, 2010) SUPERAntiSpyware Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office Outlook 2007 (KB2412171) Update for Outlook 2007 Junk Email Filter (KB2492475) Update for Windows Internet Explorer 8 (KB968220) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows Internet Explorer 8 (KB982632) ViewNX Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VoiceOver Kit WebFldrs XP Windows Defender Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Upload Tool Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Mobile Device Updater Component Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver Yahoo! Search Protection Zoodles Zune Zune Language Pack (DEU) Zune Language Pack (ESP) Zune Language Pack (FRA) Zune Language Pack (ITA) Zune Language Pack (NLD) Zune Language Pack (PTB) Zune Language Pack (PTG) ==== Event Viewer Messages From Past Week ======== 3/1/2011 8:20:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Proxy Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:30 PM, error: Service Control Manager [7034] - The McAfee Network Agent service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:07:19 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 3 time(s). 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:29 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:04:25 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 2 time(s). 3/1/2011 8:04:16 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 2 time(s). 3/1/2011 8:03:09 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. . 3/1/2011 8:03:09 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Donald\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. . 3/1/2011 8:03:09 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system. 3/1/2011 8:03:04 PM, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:04 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/1/2011 8:03:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Validation Trust Protection Service service to connect. 3/1/2011 8:03:04 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2011 8:03:04 PM, error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/1/2011 8:03:03 PM, error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 8:01:53 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 3/1/2011 2:10:24 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 3/1/2011 2:03:24 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found. 3/1/2011 2:01:19 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 3/1/2011 2:01:19 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 3/1/2011 1:15:00 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 2/23/2011 8:04:52 AM, error: Service Control Manager [7024] - The Routing and Remote Access service terminated with service-specific error 711 (0x2C7). 2/23/2011 7:45:21 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} ==== End Of File =========================== DDS Scan DDS (Ver_10-12-12.02) - NTFSx86 Run by Donald at 22:38:37.70 on Tue 03/01/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1397 [GMT -7:00] AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Disabled* ============== Running Processes =============== C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Donald\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: H - No File uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110121182549.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [iqatufira] rundll32.exe "c:\windows\obocacezafitequw.dll",Startup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239145717764 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239150007515 DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-21 386840] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-3-1 28552] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-1 11608] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-21 84072] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-1 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-1 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-1 61960] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-7 93320] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-21 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-21 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-21 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-21 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-21 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-21 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-21 55840] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-21 152960] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-21 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-21 88544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-2-27 25728] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-21 52104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-21 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-21 84264] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-20 135664] S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528] =============== Created Last 30 ================ 2011-03-02 03:10:02 -------- d-----w- c:\docume~1\donald\applic~1\Avira 2011-03-02 03:03:56 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-02 03:03:54 -------- d-----w- c:\program files\Avira 2011-03-02 03:03:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-03-02 02:16:35 -------- d-----w- c:\docume~1\donald\applic~1\SUPERAntiSpyware.com 2011-03-02 02:16:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2011-03-02 02:16:14 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-03-02 02:11:56 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-01 21:50:50 -------- d-----w- c:\docume~1\donald\applic~1\Malwarebytes 2011-03-01 21:50:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-01 21:50:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-01 21:50:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-01 21:50:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-01 20:19:33 0 ----a-w- c:\windows\Jluqogajimonoba.bin 2011-03-01 20:18:53 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\{3D2E6DD9-A61B-4D58-AA40-EE831898BB01} 2011-02-28 23:19:41 52736 --sha-r- c:\windows\system32\gpprefcl6.dll 2011-02-28 23:08:42 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\Nikon 2011-02-27 18:02:47 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-02-27 18:02:36 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2011-02-27 18:02:36 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2011-02-27 18:02:35 159232 ----a-w- c:\windows\system32\ptpusd.dll 2011-02-25 18:24:02 49152 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{d2fcc1ae-6311-47c5-8130-c6c66d77dd71}\ARPPRODUCTICON.exe 2011-02-25 18:23:30 335872 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{237cd223-1b9d-47e8-a76c-e478b83ccea2}\ARPPRODUCTICON.exe 2011-02-25 18:22:52 57344 ----a-r- c:\docume~1\donald\applic~1\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe 2011-02-25 18:19:59 -------- d-----w- c:\program files\common files\muvee Technologies 2011-02-25 18:19:52 -------- d-----w- c:\program files\common files\Nikon 2011-02-25 18:19:46 -------- d-----w- c:\program files\Nikon 2011-02-25 18:17:29 -------- d-----w- c:\docume~1\donald\locals~1\applic~1\ArcSoft 2011-02-25 18:17:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft 2011-02-25 17:36:47 -------- d-----w- c:\program files\iPod 2011-02-25 09:04:57 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b34a222c-6b89-4ac1-ab72-fea8ae2b11d3}\mpengine.dll ==================== Find3M ==================== 2011-02-28 23:55:19 106496 ----a-w- c:\windows\system32\ATL71.DLL 2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll ============= FINISH: 22:38:57.10 =============== 2 Please scan your system with GMER still scanning will upload when finished. TDDS Killer Before: 2011/03/01 22:02:27.0203 0664 TDSS rootkit removing tool 2.4.19.0 Feb 28 2011 17:08:37 2011/03/01 22:02:27.0671 0664 ================================================================================ 2011/03/01 22:02:27.0671 0664 SystemInfo: 2011/03/01 22:02:27.0671 0664 2011/03/01 22:02:27.0671 0664 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/01 22:02:27.0671 0664 Product type: Workstation 2011/03/01 22:02:27.0671 0664 ComputerName: DONALD-COMPUTER 2011/03/01 22:02:27.0671 0664 UserName: Donald 2011/03/01 22:02:27.0671 0664 Windows directory: C:\WINDOWS 2011/03/01 22:02:27.0671 0664 System windows directory: C:\WINDOWS 2011/03/01 22:02:27.0671 0664 Processor architecture: Intel x86 2011/03/01 22:02:27.0671 0664 Number of processors: 1 2011/03/01 22:02:27.0671 0664 Page size: 0x1000 2011/03/01 22:02:27.0671 0664 Boot type: Normal boot 2011/03/01 22:02:27.0671 0664 ================================================================================ 2011/03/01 22:02:27.0937 0664 Initialize success 2011/03/01 22:02:30.0468 0360 ================================================================================ 2011/03/01 22:02:30.0468 0360 Scan started 2011/03/01 22:02:30.0468 0360 Mode: Manual; 2011/03/01 22:02:30.0468 0360 ================================================================================ 2011/03/01 22:02:32.0062 0360 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 2011/03/01 22:02:32.0203 0360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/01 22:02:32.0265 0360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/01 22:02:32.0375 0360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/01 22:02:32.0437 0360 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/01 22:02:32.0656 0360 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/03/01 22:02:32.0796 0360 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 2011/03/01 22:02:33.0078 0360 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/03/01 22:02:33.0328 0360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/01 22:02:33.0390 0360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/01 22:02:33.0468 0360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/01 22:02:33.0500 0360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/01 22:02:33.0562 0360 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 2011/03/01 22:02:33.0734 0360 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/03/01 22:02:33.0796 0360 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/03/01 22:02:33.0875 0360 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/03/01 22:02:33.0953 0360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/01 22:02:34.0015 0360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/01 22:02:34.0078 0360 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/03/01 22:02:34.0140 0360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/01 22:02:34.0187 0360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/01 22:02:34.0218 0360 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/01 22:02:34.0265 0360 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys 2011/03/01 22:02:34.0484 0360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/01 22:02:34.0546 0360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/01 22:02:34.0578 0360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/01 22:02:34.0625 0360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/01 22:02:34.0671 0360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/01 22:02:34.0750 0360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/01 22:02:34.0812 0360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/01 22:02:34.0859 0360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/01 22:02:34.0890 0360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/01 22:02:34.0937 0360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/03/01 22:02:34.0984 0360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/01 22:02:35.0015 0360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/01 22:02:35.0062 0360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/01 22:02:35.0109 0360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/03/01 22:02:35.0156 0360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/01 22:02:35.0203 0360 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/01 22:02:35.0312 0360 HTCAND32 (203e078b915eb67e100c972f9d337250) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys 2011/03/01 22:02:35.0375 0360 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/01 22:02:35.0468 0360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/01 22:02:35.0515 0360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/01 22:02:35.0703 0360 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/01 22:02:35.0750 0360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/01 22:02:35.0796 0360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/01 22:02:35.0859 0360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/01 22:02:35.0906 0360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/01 22:02:35.0953 0360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/01 22:02:36.0000 0360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/01 22:02:36.0031 0360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/01 22:02:36.0078 0360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/01 22:02:36.0125 0360 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/01 22:02:36.0250 0360 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/03/01 22:02:36.0312 0360 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/03/01 22:02:36.0359 0360 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/03/01 22:02:36.0421 0360 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys 2011/03/01 22:02:36.0500 0360 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/03/01 22:02:36.0531 0360 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/03/01 22:02:36.0546 0360 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/03/01 22:02:36.0593 0360 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/03/01 22:02:36.0640 0360 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2011/03/01 22:02:36.0687 0360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/01 22:02:36.0750 0360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/01 22:02:36.0812 0360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/01 22:02:36.0859 0360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/01 22:02:36.0890 0360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/01 22:02:36.0953 0360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/01 22:02:37.0031 0360 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/01 22:02:37.0093 0360 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys 2011/03/01 22:02:37.0140 0360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/01 22:02:37.0203 0360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/01 22:02:37.0265 0360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/01 22:02:37.0296 0360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/01 22:02:37.0343 0360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/01 22:02:37.0390 0360 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/03/01 22:02:37.0421 0360 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/01 22:02:37.0468 0360 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/03/01 22:02:37.0515 0360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/01 22:02:37.0562 0360 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/03/01 22:02:37.0625 0360 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/01 22:02:37.0656 0360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/01 22:02:37.0687 0360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/01 22:02:37.0734 0360 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/01 22:02:37.0796 0360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/01 22:02:37.0859 0360 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/01 22:02:37.0937 0360 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/03/01 22:02:37.0968 0360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/01 22:02:38.0015 0360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/01 22:02:38.0078 0360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/01 22:02:38.0312 0360 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/01 22:02:38.0421 0360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/01 22:02:38.0437 0360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/01 22:02:38.0484 0360 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/03/01 22:02:38.0546 0360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/01 22:02:38.0578 0360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/01 22:02:38.0609 0360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/01 22:02:38.0671 0360 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2011/03/01 22:02:38.0718 0360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/01 22:02:38.0781 0360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/01 22:02:38.0843 0360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/01 22:02:38.0906 0360 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 2011/03/01 22:02:39.0140 0360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/01 22:02:39.0171 0360 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/03/01 22:02:39.0203 0360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/01 22:02:39.0250 0360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/01 22:02:39.0406 0360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/01 22:02:39.0453 0360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/01 22:02:39.0484 0360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/01 22:02:39.0515 0360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/01 22:02:39.0562 0360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/01 22:02:39.0593 0360 RDPCDD (7d2e1f5e54938d4be57bab81e126f856) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/01 22:02:39.0593 0360 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: 7d2e1f5e54938d4be57bab81e126f856, Fake md5: 4912d5b403614ce99c28420f75353332 2011/03/01 22:02:39.0593 0360 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/03/01 22:02:39.0640 0360 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/01 22:02:39.0687 0360 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/01 22:02:39.0734 0360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/01 22:02:39.0781 0360 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2011/03/01 22:02:39.0843 0360 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/03/01 22:02:39.0968 0360 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/03/01 22:02:40.0000 0360 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/03/01 22:02:40.0078 0360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/01 22:02:40.0140 0360 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/03/01 22:02:40.0203 0360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/01 22:02:40.0296 0360 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/03/01 22:02:40.0390 0360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/01 22:02:40.0437 0360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVER
×
×
  • Create New...