Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: JAJsangel on July 31, 2011, 08:47:44 AM
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/30/2011 at 05:31 AM
Application Version : 4.55.1000
Core Rules Database Version : 7065
Trace Rules Database Version: 4877
Scan type : Complete Scan
Total Scan Time : 04:43:56
Memory items scanned : 219
Memory threats detected : 0
Registry items scanned : 8864
Registry threats detected : 1
File items scanned : 224848
File threats detected : 0
System.BrokenFileAssociation
HKCR\.exe
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7035
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/31/2011 10:01:35 AM
mbam-log-2011-07-31 (10-01-35).txt
Scan type: Quick scan
Objects scanned: 189906
Time elapsed: 8 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\IMSIDE1EGATE.APPLICATION.1 (Adware.Mywebsearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CLASSES_ROOT\IMsiDe1egate.Application.1\(default) (Adware.Mywebsearch) -> Value: (default) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I
-
Cannot save HijackThis log because it stops in the middle and closes.
Idk if you can tell from the log but the broken file association that SAS finds keeps coming up everytime even though I delete it
The virus caused the DHCP client to not be able to run because of dependies as it must have deleted afd.sys from drivers folder
-
Content deleted by Allan and PM sent
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
********************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 20:29:43 on 2011-07-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1502.921 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\my backup -- 10-02-28 0905pm\program files\unlocker\UnlockerAssistant .exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - http://tbedits.ourbabymaker.com/one-toolbaredits/menusearch.jhtml?s=100000471&p=YRxdm002YYus&si=&a=823FBA0F-8815-436D-80D0-930A375307E7&n=2011021322
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.105/FreeRealmsInstaller.cab?v=1050
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7E84AF2-BF0A-4922-A077-60CFFF0F2E62} - hxxp://www.thesimsresource.com/TSRChat.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{BCF78751-457E-41E7-BD21-13197F729753} : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-11-20 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-29 366640]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-3-30 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-3-30 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-3-30 9088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-29 22712]
S1 cjvirmuu;cjvirmuu;\??\c:\windows\system32\drivers\cjvirmuu.sys --> c:\windows\system32\drivers\cjvirmuu.sys [?]
S1 mithjvxk;mithjvxk;\??\c:\windows\system32\drivers\mithjvxk.sys --> c:\windows\system32\drivers\mithjvxk.sys [?]
S1 onkjlnqh;onkjlnqh;\??\c:\windows\system32\drivers\onkjlnqh.sys --> c:\windows\system32\drivers\onkjlnqh.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-6 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-29 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\196.tmp --> c:\windows\system32\196.tmp [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
scrfile="%1" %*
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-08-01 00:17:54 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-31 21:25:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 21:25:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-31 19:08:18 138368 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08:18 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-31 14:29:29 -------- d-----w- c:\program files\Trend Micro
2011-07-31 14:19:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-31 00:24:13 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23:45 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23:33 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22:58 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21:39 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21:37 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20:22 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19:53 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18:13 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17:44 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17:43 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16:21 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16:03 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15:13 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14:55 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14:19 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14:08 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14:00 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13:55 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13:51 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13:22 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13:21 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13:20 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13:19 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12:08 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11:44 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10:32 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10:20 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10:08 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10:03 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09:45 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09:13 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08:50 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08:39 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08:38 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08:17 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08:02 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-07-31 00:07:59 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:06:50 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05:19 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05:14 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05:08 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05:08 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02:30 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02:25 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01:19 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01:01 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00:49 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00:36 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59:45 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59:41 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59:34 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59:33 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 13:20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 00:37:33 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-28 00:12:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-26 22:12:25 -------- d-----w- c:\windows\system32\syncdb
2011-07-26 18:11:04 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-25 23:39:51 -------- d-----w- c:\program files\Panda Security
2011-07-25 23:30:20 -------- d--h--w- c:\windows\PIF
2011-07-12 06:34:55 -------- d-----w- c:\program files\Yahoo!
.
==================== Find3M ====================
.
2011-07-31 14:19:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-27 20:38:43 150016 ----a-w- c:\windows\system32\nvsvc32.exe
2011-07-12 06:42:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 06:17:51 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-06-26 06:17:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-06-26 06:17:26 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 20:30:15.62 ===============
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 20:29:43 on 2011-07-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1502.921 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {52794457-af6c-4c50-9def-f2e24f4c8889} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\my backup -- 10-02-28 0905pm\program files\unlocker\UnlockerAssistant .exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Power2GoExpress] NA
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search - http://tbedits.ourbabymaker.com/one-toolbaredits/menusearch.jhtml?s=100000471&p=YRxdm002YYus&si=&a=823FBA0F-8815-436D-80D0-930A375307E7&n=2011021322
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\finalvideodownloader\fvdRunner.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.105/FreeRealmsInstaller.cab?v=1050
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D7E84AF2-BF0A-4922-A077-60CFFF0F2E62} - hxxp://www.thesimsresource.com/TSRChat.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{BCF78751-457E-41E7-BD21-13197F729753} : DhcpNameServer = 10.0.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-11-20 14336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-29 366640]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-3-30 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-3-30 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-3-30 9088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-29 22712]
S1 cjvirmuu;cjvirmuu;\??\c:\windows\system32\drivers\cjvirmuu.sys --> c:\windows\system32\drivers\cjvirmuu.sys [?]
S1 mithjvxk;mithjvxk;\??\c:\windows\system32\drivers\mithjvxk.sys --> c:\windows\system32\drivers\mithjvxk.sys [?]
S1 onkjlnqh;onkjlnqh;\??\c:\windows\system32\drivers\onkjlnqh.sys --> c:\windows\system32\drivers\onkjlnqh.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\owner\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\owner\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-3-6 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-29 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\196.tmp --> c:\windows\system32\196.tmp [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
scrfile="%1" %*
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-08-01 00:17:54 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-31 21:25:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 21:25:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-31 19:08:18 138368 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08:18 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-31 14:29:29 -------- d-----w- c:\program files\Trend Micro
2011-07-31 14:19:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-31 00:24:13 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24:08 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23:45 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23:33 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22:58 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21:39 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21:37 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20:22 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19:53 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18:13 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17:44 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17:43 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16:21 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16:03 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15:13 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14:55 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14:19 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14:08 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14:00 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13:55 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13:51 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13:22 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13:21 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13:20 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13:19 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12:08 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11:44 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10:32 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10:20 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10:08 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10:03 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09:45 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09:13 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08:50 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08:39 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08:38 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08:17 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08:02 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07:59 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-07-31 00:07:59 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:06:50 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05:19 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05:14 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05:08 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05:08 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02:30 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02:25 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01:19 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01:01 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00:49 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00:36 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59:45 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59:41 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59:34 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59:33 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20:44 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-29 13:20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-28 00:37:33 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-28 00:12:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-07-26 22:12:25 -------- d-----w- c:\windows\system32\syncdb
2011-07-26 18:11:04 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-25 23:39:51 -------- d-----w- c:\program files\Panda Security
2011-07-25 23:30:20 -------- d--h--w- c:\windows\PIF
2011-07-12 06:34:55 -------- d-----w- c:\program files\Yahoo!
.
==================== Find3M ====================
.
2011-07-31 14:19:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-27 20:38:43 150016 ----a-w- c:\windows\system32\nvsvc32.exe
2011-07-12 06:42:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-26 06:17:51 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-06-26 06:17:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-06-26 06:17:26 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2002-07-26 21:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 20:30:15.62 ===============
-
It would appear that you don't have an Anti-Virus program on your computer. Please download and install one of these free AV's from the list below. NOTE: Don't install AVG because it will interfere with one of the other scans I want to run later.
Also, you didn't include one of the DDS logs. Please find Attach.txt and include it in your next reply.
Before we continue download and install a free antivirus.
Remember to only install one antivirus!
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
-
ok I wasn't going to install AVG anyway because I've always been told it isn't very good.
is GPbaseservice2 a virus? because it always tries to start when I boot to windows. I tried googling it before and didn't find anything
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 12:08:49 AM
System Uptime: 7/31/2011 6:52:53 PM (2 hours ago)
.
Motherboard: First International Computer, Inc. | | K8MC51G
Processor: AMD Sempron(tm) Processor 3400+ | Socket 754 | 2009/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 96.438 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 2.233 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 233 GiB total, 134.138 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_60061509&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_60061509&REV_A2\3&2411E6FE&0&51
Service:
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700,10.0.0.6
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Akamai NetSession Interface
CopyTrans Suite Remove Only
Diablo II
HiJackThis
Spybot - Search & Destroy
TS3 Custom Launcher
.
==== Event Viewer Messages From Past Week ========
.
7/31/2011 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
7/31/2011 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
7/31/2011 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
7/31/2011 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
7/31/2011 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
7/31/2011 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
7/31/2011 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
7/31/2011 12:57:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/31/2011 12:52:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/31/2011 10:36:26 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/29/2011 9:20:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/29/2011 7:47:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips Processor SASDIFSV SASKUTIL SBRE
7/28/2011 3:55:02 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: A socket operation encountered a dead network.
7/28/2011 3:55:02 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: A socket operation encountered a dead network.
7/28/2011 3:55:02 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: Afd
7/28/2011 3:55:02 PM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
7/28/2011 3:55:02 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: Afd
7/28/2011 10:30:31 AM, error: Service Control Manager [7003] - The Network Location Awareness (NLA) service depends on the following nonexistent service: AFD
7/27/2011 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
7/27/2011 8:55:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/27/2011 8:25:57 AM, error: Service Control Manager [7034] - The Panda TPSrv service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 4:37:11 PM, error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000] - The Panda TPSrv service failed to start due to the following error: Access is denied.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:37:11 PM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:36:20 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/27/2011 4:34:11 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
7/27/2011 4:34:11 PM, error: DCOM [10000] - Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}. The error: "%2" Happened while starting this command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe -Embedding
7/27/2011 4:34:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL SBRE
7/27/2011 4:34:10 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The system cannot find the file specified.
7/27/2011 4:31:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/27/2011 4:31:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Panda Software Controller with arguments "" in order to run the server: {1D13E84F-91EE-45C7-9656-A05E3417B4D5}
7/27/2011 4:24:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT pavboot Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE ShldDrv Tcpip WS2IFSL
7/27/2011 4:24:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:24:34 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/27/2011 4:24:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/27/2011 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
7/27/2011 3:14:02 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
7/27/2011 3:14:02 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/27/2011 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
7/27/2011 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
7/27/2011 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
7/27/2011 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
7/27/2011 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
7/27/2011 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
7/26/2011 6:49:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/26/2011 6:37:29 AM, error: Service Control Manager [7000] - The SASKUTIL service failed to start due to the following error: The system cannot find the path specified.
7/26/2011 6:13:30 AM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ee391.
7/26/2011 6:00:01 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
7/26/2011 5:44:19 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
7/26/2011 5:44:19 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V9 service terminated unexpectedly. It has done this 1 time(s).
7/26/2011 5:29:29 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
7/26/2011 5:26:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT pavboot Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/26/2011 2:11:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/26/2011 11:57:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT pavboot Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/26/2011 1:55:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips pavboot Processor SASDIFSV SASKUTIL SBRE
7/25/2011 7:34:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor SASDIFSV SASKUTIL SBRE
7/25/2011 7:30:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SBRE Tcpip WS2IFSL
7/25/2011 7:26:47 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 47077 service to connect.
7/25/2011 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
7/25/2011 12:59:54 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASKUTIL SBRE Tcpip WS2IFSL
7/25/2011 12:56:21 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/25/2011 12:37:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
7/24/2011 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
7/24/2011 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
7/24/2011 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
7/24/2011 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
7/24/2011 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
7/24/2011 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================
-
is GPbaseservice2 a virus?
It has something to do with a HP printer installation. If you recently installed such a printer, why not uninstall the printer and do a new installation to see if that fixes the problem.
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
I didn't know how to install the recovery console without the internet on the infected one so......
ComboFix 11-08-01.05 - Owner 08/01/2011 19:33:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1502.952 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\ff-overlay.xul
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\overlay.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\install.rdf
c:\documents and settings\Owner\Error.log
c:\documents and settings\Owner\WINDOWS
c:\program files\UNWISE.EXE
c:\recycled\Recycled
c:\windows\$NtUninstallKB47884$
c:\windows\$NtUninstallKB47884$\2027078655
c:\windows\$NtUninstallKB47884$\3613430675\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB47884$\3613430675\L\iopiovam
c:\windows\$NtUninstallKB47884$\3613430675\loader.tlb
c:\windows\$NtUninstallKB47884$\3613430675\U\@00000001
c:\windows\$NtUninstallKB47884$\3613430675\U\@000000c0
c:\windows\$NtUninstallKB47884$\3613430675\U\@000000cb
c:\windows\$NtUninstallKB47884$\3613430675\U\@000000cf
c:\windows\$NtUninstallKB47884$\3613430675\U\@80000000
c:\windows\$NtUninstallKB47884$\3613430675\U\@800000c0
c:\windows\$NtUninstallKB47884$\3613430675\U\@800000cb
c:\windows\$NtUninstallKB47884$\3613430675\U\@800000cf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\Update.bat
G:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 04:26 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-01 04:26 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-01 04:26 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-01 04:26 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-01 04:26 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-01 04:26 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-01 04:26 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-01 04:26 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-01 04:26 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-01 04:26 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-01 04:26 . 2011-08-01 04:26 -------- d-----w- c:\program files\AVAST Software
2011-07-31 21:25 . 2011-08-01 04:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 21:25 . 2011-08-01 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-31 19:08 . 2008-08-14 09:51 138368 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08 . 2008-08-14 09:51 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-31 14:29 . 2011-07-31 14:29 -------- d-----w- c:\program files\Trend Micro
2011-07-31 14:19 . 2011-07-31 14:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-31 00:24 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22 . 2008-04-13 17:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18 . 2008-04-13 17:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17 . 2008-04-13 17:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17 . 2008-04-13 17:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16 . 2008-04-13 17:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16 . 2008-04-13 17:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15 . 2008-04-13 23:12 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15 . 2008-04-13 23:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14 . 2008-04-13 17:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14 . 2008-04-13 17:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14 . 2008-04-13 23:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14 . 2008-04-13 23:12 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13 . 2008-04-13 17:41 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13 . 2008-04-13 17:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13 . 2008-04-13 23:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13 . 2008-04-13 17:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13 . 2008-04-13 23:10 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13 . 2008-04-13 17:44 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12 . 2008-04-13 17:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11 . 2008-04-13 17:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10 . 2008-04-13 17:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10 . 2008-04-13 17:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10 . 2008-04-13 17:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10 . 2008-04-13 17:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09 . 2008-04-13 17:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09 . 2008-04-13 17:40 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08 . 2008-04-13 23:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08 . 2008-04-13 23:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08 . 2008-04-13 23:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07 . 2008-04-13 23:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:07 . 2008-04-13 17:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-07-31 00:06 . 2008-04-13 23:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05 . 2008-04-13 17:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05 . 2008-04-13 17:40 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05 . 2008-04-13 17:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05 . 2008-04-13 17:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02 . 2008-04-13 17:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02 . 2008-04-13 17:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01 . 2008-04-13 23:11 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01 . 2008-04-13 17:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01 . 2008-04-13 17:36 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00 . 2008-04-13 23:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59 . 2008-04-13 17:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59 . 2008-04-13 17:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59 . 2008-04-13 17:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59 . 2008-04-13 17:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20 . 2011-07-29 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 13:20 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 00:37 . 2011-07-28 00:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-28 00:12 . 2011-07-28 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 22:12 . 2011-07-26 22:12 -------- d-----w- c:\windows\system32\syncdb
2011-07-26 18:11 . 2011-08-01 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-25 23:39 . 2011-07-27 20:48 -------- d-----w- c:\program files\Panda Security
2011-07-25 23:30 . 2011-07-25 23:30 -------- d--h--w- c:\windows\PIF
2011-07-12 06:42 . 2011-07-13 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-07-12 06:42 . 2011-07-12 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2011-07-12 06:38 . 2011-07-12 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-12 06:34 . 2011-07-12 06:42 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 14:19 . 2010-05-23 01:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-27 20:38 . 2011-01-07 23:56 150016 ----a-w- c:\windows\system32\nvsvc32.exe
2011-07-12 06:42 . 2011-05-23 16:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2007-11-20 06:04 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-23 03:43 . 2011-05-06 09:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\Digital Media Reader\readericon45G .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Electronic Arts\EADM\Core .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MP4 Player\mp4Player .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\windows\creator\Remind_XP .exe
c:\windows\SMINST\RECGUARD .exe
c:\windows\system32\rundll32 .exe
</pre>.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"UnlockerAssistant"="c:\my backup -- 10-02-28 0905pm\Program Files\Unlocker\UnlockerAssistant .exe" [2009-10-26 15872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2010-3-1 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{68550918-63B5-4762-85CB-3C160AA4B213}\\setup\\hpznui01.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/1/2011 12:26 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/1/2011 12:26 AM 309848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/20/2007 2:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/1/2011 12:26 AM 19544]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/29/2011 9:20 AM 366640]
R3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [3/30/2005 12:22 PM 173824]
R3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [3/30/2005 12:22 PM 29184]
R3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [3/30/2005 12:22 PM 9088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/29/2011 9:20 AM 22712]
S1 cjvirmuu;cjvirmuu;\??\c:\windows\system32\drivers\cjvirmuu.sys --> c:\windows\system32\drivers\cjvirmuu.sys [?]
S1 mithjvxk;mithjvxk;\??\c:\windows\system32\drivers\mithjvxk.sys --> c:\windows\system32\drivers\mithjvxk.sys [?]
S1 onkjlnqh;onkjlnqh;\??\c:\windows\system32\drivers\onkjlnqh.sys --> c:\windows\system32\drivers\onkjlnqh.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [3/6/2011 7:36 PM 16968]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/29/2011 9:20 AM 41272]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\196.tmp --> c:\windows\system32\196.tmp [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 2:15 PM 12872]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-31 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-433A10CD72-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-15 21:42]
.
2011-08-01 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-06 20:50]
.
2011-07-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
.
2011-07-12 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
.
2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 19:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\196.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
.
[HKEY_USERS\S-1-5-21-872174263-1915020261-335545884-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40EE53F9-6CF3-2C1F-76C7-4BDAC050D978}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-01 19:55:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-01 23:55
.
Pre-Run: 103,372,881,920 bytes free
Post-Run: 103,753,900,032 bytes free
.
- - End Of File - - 1F1719F5E70F74DDBB7A8A69F134DAB0
-
Oh forgot to say idk if you can tell from the log but Combofix said it found a rootkit in the TCP/IP thing so now I guess I know that a virus has not only deleted a file but still kept me from using the internet
idk why it still doesn't work though, I would have thought it would get rid of it.
-
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
RenV::
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\Digital Media Reader\readericon45G .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\Electronic Arts\EADM\Core .exe
c:\program files\Messenger\msmsgs .exe
c:\program files\MP4 Player\mp4Player .exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware .exe
c:\windows\creator\Remind_XP .exe
c:\windows\SMINST\RECGUARD .exe
c:\windows\system32\rundll32 .exe
File::
c:\windows\system32\drivers\cjvirmuu.sys
c:\windows\system32\drivers\mithjvxk.sys
c:\windows\system32\drivers\onkjlnqh.sys
Folder::
Registry::
Driver::
cjvirmuu
mithjvxk
onkjlnqh
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://i424.photobucket.com/albums/pp322/digistar/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
******************************************************
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
ComboFix 11-08-01.05 - Owner 08/02/2011 19:32:52.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1502.1044 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFscript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\drivers\cjvirmuu.sys"
"c:\windows\system32\drivers\mithjvxk.sys"
"c:\windows\system32\drivers\onkjlnqh.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cjvirmuu
-------\Service_mithjvxk
-------\Service_onkjlnqh
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-01 04:26 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-01 04:26 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-01 04:26 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-01 04:26 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-01 04:26 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-01 04:26 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-01 04:26 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-01 04:26 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-01 04:26 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-01 04:26 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-01 04:26 . 2011-08-01 04:26 -------- d-----w- c:\program files\AVAST Software
2011-07-31 21:25 . 2011-08-01 04:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-31 21:25 . 2011-08-01 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-07-31 19:08 . 2008-08-14 09:51 138368 -c--a-w- c:\windows\system32\dllcache\afd.sys
2011-07-31 19:08 . 2008-08-14 09:51 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-31 14:29 . 2011-07-31 14:29 -------- d-----w- c:\program files\Trend Micro
2011-07-31 14:19 . 2011-07-31 14:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-31 00:24 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-31 00:24 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-31 00:23 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-31 00:23 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-07-31 00:22 . 2008-04-13 17:45 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2011-07-31 00:21 . 2008-04-13 17:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-07-31 00:21 . 2008-04-13 17:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-07-31 00:20 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-07-31 00:19 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-07-31 00:18 . 2008-04-13 17:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-07-31 00:17 . 2008-04-13 17:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-07-31 00:17 . 2008-04-13 17:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-07-31 00:16 . 2008-04-13 17:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-07-31 00:16 . 2008-04-13 17:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-07-31 00:15 . 2008-04-13 23:12 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-07-31 00:15 . 2008-04-13 23:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-07-31 00:14 . 2008-04-13 17:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-07-31 00:14 . 2008-04-13 17:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-07-31 00:14 . 2008-04-13 23:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-07-31 00:14 . 2008-04-13 23:12 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-07-31 00:13 . 2008-04-13 17:41 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-07-31 00:13 . 2008-04-13 17:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-07-31 00:13 . 2008-04-13 23:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-07-31 00:13 . 2008-04-13 17:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2011-07-31 00:13 . 2008-04-13 23:10 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2011-07-31 00:13 . 2008-04-13 17:44 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2011-07-31 00:12 . 2008-04-13 17:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-07-31 00:11 . 2008-04-13 17:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-31 00:10 . 2008-04-13 17:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-07-31 00:10 . 2008-04-13 17:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-07-31 00:10 . 2008-04-13 17:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-07-31 00:10 . 2008-04-13 17:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-07-31 00:09 . 2008-04-13 17:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-07-31 00:09 . 2008-04-13 17:40 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2011-07-31 00:08 . 2008-04-13 17:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-07-31 00:08 . 2008-04-13 23:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-07-31 00:08 . 2008-04-13 23:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-07-31 00:08 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-07-31 00:08 . 2008-04-13 23:11 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-07-31 00:07 . 2008-04-13 23:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-07-31 00:07 . 2008-04-13 17:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-07-31 00:06 . 2008-04-13 23:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2011-07-31 00:05 . 2008-04-13 17:36 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys
2011-07-31 00:05 . 2008-04-13 17:40 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2011-07-31 00:05 . 2008-04-13 17:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-07-31 00:05 . 2008-04-13 17:45 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2011-07-31 00:02 . 2008-04-13 17:39 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2011-07-31 00:02 . 2008-04-13 17:40 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-07-31 00:01 . 2008-04-13 23:11 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll
2011-07-31 00:01 . 2008-04-13 17:36 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-07-31 00:01 . 2008-04-13 17:36 13952 -c--a-w- c:\windows\system32\dllcache\cmbatt.sys
2011-07-31 00:00 . 2008-04-13 17:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-07-31 00:00 . 2008-04-13 23:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-07-30 23:59 . 2008-04-13 17:46 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2011-07-30 23:59 . 2008-04-13 17:36 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2011-07-30 23:59 . 2008-04-13 17:46 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys
2011-07-30 23:59 . 2008-04-13 17:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-29 13:20 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 13:20 . 2011-07-29 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 13:20 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 00:37 . 2011-07-28 00:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-28 00:12 . 2011-07-28 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-07-26 22:12 . 2011-07-26 22:12 -------- d-----w- c:\windows\system32\syncdb
2011-07-26 18:11 . 2011-08-01 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-07-25 23:39 . 2011-07-27 20:48 -------- d-----w- c:\program files\Panda Security
2011-07-25 23:30 . 2011-07-25 23:30 -------- d--h--w- c:\windows\PIF
2011-07-12 06:42 . 2011-07-13 04:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-07-12 06:42 . 2011-07-12 06:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2011-07-12 06:38 . 2011-07-12 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2011-07-12 06:34 . 2011-07-12 06:42 -------- d-----w- c:\program files\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-31 14:19 . 2010-05-23 01:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-27 20:38 . 2011-01-07 23:56 150016 ----a-w- c:\windows\system32\nvsvc32.exe
2011-07-12 06:42 . 2011-05-23 16:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2007-11-20 06:04 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-23 03:43 . 2011-05-06 09:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2011-08-01_23.50.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-14 06:42 . 2002-09-14 06:42 212992 c:\windows\SMINST\RECGUARD.exe
+ 2005-02-26 01:24 . 2005-02-26 01:24 966656 c:\windows\creator\Remind_XP.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"UnlockerAssistant"="c:\my backup -- 10-02-28 0905pm\Program Files\Unlocker\UnlockerAssistant .exe" [2009-10-26 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2010-3-1 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{68550918-63B5-4762-85CB-3C160AA4B213}\\setup\\hpznui01.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1076:TCP"= 1076:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 SASKUTIL;SASKUTIL;c:\docume~1\Owner\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-03-06 16968]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\196.tmp
R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 aswFsBlk;aswFsBlk;
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-03-30 173824]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-03-30 29184]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-03-30 9088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AdobeAAMUpdater-1.0-YOUR-433A10CD72-Owner.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-06-15 21:42]
.
2011-08-02 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-05-06 20:50]
.
2011-08-02 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]
.
2011-08-02 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 17:25]
.
2011-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-07-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-872174263-1915020261-335545884-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3418
uInternet Connection Wizard,ShellNext = hxxp://imhome.myspace.com/Modules/IM/Pages/UrlRedirector.aspx?challenge=21023506-38742561-4029044&response=FvILp8uvzBOwoXubT7lPMd3RhOSXcN4Xjv4GphFCqpE&target=editpics&targetid=38742561&IMLang=English&LangID=1033
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{3B54DEAB-C6D4-48a8-8C32-A70558643400} - c:\program files\FinalVideoDownloader\fvdRunner.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7gnm4l4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://pimpmyhomepage.com/homepages/colorfulhearts/?text=Love%20is%20a%20powerful%20thing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 19:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\196.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,79,8a,75,f7,86,0f,8f,41,95,d1,40,\
.
[HKEY_USERS\S-1-5-21-872174263-1915020261-335545884-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{40EE53F9-6CF3-2C1F-76C7-4BDAC050D978}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(712)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-02 19:53:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-02 23:53
ComboFix2.txt 2011-08-01 23:55
.
Pre-Run: 103,768,625,152 bytes free
Post-Run: 103,632,039,936 bytes free
.
- - End Of File - - A532A8BC750223324F4FAAABA5C6D56F
2011/08/02 19:54:24.0531 3816 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/02 19:54:24.0578 3816 ================================================================================
2011/08/02 19:54:24.0578 3816 SystemInfo:
2011/08/02 19:54:24.0578 3816
2011/08/02 19:54:24.0578 3816 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/02 19:54:24.0578 3816 Product type: Workstation
2011/08/02 19:54:24.0578 3816 ComputerName: YOUR-433A10CD72
2011/08/02 19:54:24.0578 3816 UserName: Owner
2011/08/02 19:54:24.0578 3816 Windows directory: C:\WINDOWS
2011/08/02 19:54:24.0578 3816 System windows directory: C:\WINDOWS
2011/08/02 19:54:24.0578 3816 Processor architecture: Intel x86
2011/08/02 19:54:24.0578 3816 Number of processors: 1
2011/08/02 19:54:24.0578 3816 Page size: 0x1000
2011/08/02 19:54:24.0578 3816 Boot type: Normal boot
2011/08/02 19:54:24.0578 3816 ================================================================================
2011/08/02 19:54:25.0765 3816 Initialize success
2011/08/02 19:54:28.0484 3404 ================================================================================
2011/08/02 19:54:28.0484 3404 Scan started
2011/08/02 19:54:28.0484 3404 Mode: Manual;
2011/08/02 19:54:28.0484 3404 ================================================================================
2011/08/02 19:54:29.0296 3404 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/02 19:54:29.0390 3404 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/02 19:54:29.0437 3404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 19:54:29.0468 3404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 19:54:29.0531 3404 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/02 19:54:29.0609 3404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 19:54:29.0734 3404 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/02 19:54:29.0765 3404 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/02 19:54:29.0796 3404 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/02 19:54:29.0812 3404 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/02 19:54:29.0843 3404 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/02 19:54:30.0031 3404 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/02 19:54:30.0234 3404 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/02 19:54:30.0281 3404 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/02 19:54:30.0312 3404 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/02 19:54:30.0343 3404 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/02 19:54:30.0453 3404 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/02 19:54:30.0609 3404 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/02 19:54:30.0640 3404 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/02 19:54:30.0687 3404 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/02 19:54:30.0750 3404 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/02 19:54:30.0765 3404 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/02 19:54:30.0812 3404 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/02 19:54:30.0859 3404 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/02 19:54:30.0921 3404 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/02 19:54:31.0062 3404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 19:54:31.0093 3404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 19:54:31.0187 3404 ATICXCAP (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys
2011/08/02 19:54:31.0218 3404 ATICXTUN (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys
2011/08/02 19:54:31.0250 3404 ATICXXBR (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys
2011/08/02 19:54:31.0296 3404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 19:54:31.0468 3404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 19:54:31.0500 3404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 19:54:31.0578 3404 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/02 19:54:31.0640 3404 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/02 19:54:31.0671 3404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 19:54:31.0718 3404 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 19:54:31.0750 3404 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/02 19:54:31.0796 3404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 19:54:31.0921 3404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 19:54:31.0968 3404 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 19:54:32.0078 3404 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/02 19:54:32.0125 3404 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/02 19:54:32.0156 3404 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/02 19:54:32.0187 3404 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/08/02 19:54:32.0218 3404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/02 19:54:32.0296 3404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/02 19:54:32.0453 3404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/02 19:54:32.0500 3404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/02 19:54:32.0546 3404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/02 19:54:32.0593 3404 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/08/02 19:54:32.0625 3404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/02 19:54:32.0671 3404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/02 19:54:32.0718 3404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/02 19:54:32.0859 3404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/02 19:54:32.0890 3404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/02 19:54:32.0953 3404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/02 19:54:33.0015 3404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/02 19:54:33.0062 3404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/02 19:54:33.0203 3404 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/02 19:54:33.0265 3404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/02 19:54:33.0343 3404 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/02 19:54:33.0406 3404 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/08/02 19:54:33.0484 3404 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/08/02 19:54:33.0640 3404 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/02 19:54:33.0671 3404 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/02 19:54:33.0718 3404 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/02 19:54:33.0765 3404 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/08/02 19:54:33.0828 3404 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/08/02 19:54:34.0000 3404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/02 19:54:34.0062 3404 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/08/02 19:54:34.0093 3404 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/08/02 19:54:34.0140 3404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/02 19:54:34.0171 3404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/02 19:54:34.0234 3404 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/08/02 19:54:34.0265 3404 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/02 19:54:34.0312 3404 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/02 19:54:34.0421 3404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/02 19:54:34.0500 3404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/02 19:54:34.0546 3404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/02 19:54:34.0578 3404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/02 19:54:34.0718 3404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/02 19:54:34.0765 3404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/02 19:54:34.0812 3404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/02 19:54:34.0859 3404 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/02 19:54:34.0921 3404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/02 19:54:35.0078 3404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/02 19:54:35.0156 3404 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/02 19:54:35.0203 3404 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/02 19:54:35.0265 3404 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/08/02 19:54:35.0437 3404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/02 19:54:35.0500 3404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/02 19:54:35.0562 3404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/02 19:54:35.0625 3404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/02 19:54:35.0734 3404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/02 19:54:35.0781 3404 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/08/02 19:54:35.0812 3404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/02 19:54:35.0875 3404 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/02 19:54:35.0953 3404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/02 19:54:36.0000 3404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/02 19:54:36.0109 3404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/02 19:54:36.0140 3404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/02 19:54:36.0187 3404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/02 19:54:36.0250 3404 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/02 19:54:36.0312 3404 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/02 19:54:36.0468 3404 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/08/02 19:54:36.0515 3404 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/02 19:54:36.0578 3404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/02 19:54:36.0734 3404 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/02 19:54:36.0781 3404 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/02 19:54:36.0812 3404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/02 19:54:36.0843 3404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/02 19:54:36.0890 3404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/02 19:54:36.0968 3404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/02 19:54:37.0078 3404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/02 19:54:37.0156 3404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/02 19:54:37.0203 3404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/02 19:54:37.0265 3404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/02 19:54:37.0703 3404 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/02 19:54:38.0203 3404 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/08/02 19:54:38.0250 3404 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/08/02 19:54:38.0296 3404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/02 19:54:38.0343 3404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/02 19:54:38.0406 3404 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/08/02 19:54:38.0531 3404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/02 19:54:38.0562 3404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/02 19:54:38.0609 3404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/02 19:54:38.0640 3404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/02 19:54:38.0703 3404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/02 19:54:38.0750 3404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/02 19:54:38.0937 3404 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/08/02 19:54:38.0968 3404 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/08/02 19:54:39.0046 3404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/02 19:54:39.0078 3404 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/02 19:54:39.0109 3404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/02 19:54:39.0156 3404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/02 19:54:39.0203 3404 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/02 19:54:39.0234 3404 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/08/02 19:54:39.0265 3404 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/08/02 19:54:39.0296 3404 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/08/02 19:54:39.0328 3404 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/08/02 19:54:39.0375 3404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/02 19:54:39.0546 3404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/02 19:54:39.0593 3404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/02 19:54:39.0625 3404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/02 19:54:39.0671 3404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/02 19:54:39.0734 3404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/02 19:54:39.0765 3404 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/02 19:54:39.0812 3404 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/02 19:54:39.0968 3404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/02 19:54:40.0171 3404 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/02 19:54:40.0234 3404 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/08/02 19:54:40.0531 3404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/02 19:54:40.0578 3404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/02 19:54:40.0609 3404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/02 19:54:40.0687 3404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/02 19:54:40.0781 3404 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/08/02 19:54:40.0890 3404 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/02 19:54:40.0937 3404 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/08/02 19:54:41.0000 3404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/02 19:54:41.0031 3404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/02 19:54:41.0109 3404 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/02 19:54:41.0265 3404 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/08/02 19:54:41.0328 3404 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/02 19:54:41.0375 3404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/02 19:54:41.0437 3404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/02 19:54:41.0593 3404 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/08/02 19:54:41.0625 3404 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/08/02 19:54:41.0656 3404 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/08/02 19:54:41.0687 3404 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/08/02 19:54:41.0718 3404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/02 19:54:41.0781 3404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/02 19:54:41.0843 3404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/02 19:54:41.0953 3404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/02 19:54:42.0015 3404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/02 19:54:42.0093 3404 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/08/02 19:54:42.0156 3404 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/08/02 19:54:42.0218 3404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/02 19:54:42.0328 3404 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/08/02 19:54:42.0375 3404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/02 19:54:42.0453 3404 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/02 19:54:42.0515 3404 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/02 19:54:42.0640 3404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/02 19:54:42.0671 3404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/02 19:54:42.0703 3404 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/02 19:54:42.0750 3404 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/02 19:54:42.0796 3404 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/02 19:54:42.0937 3404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/02 19:54:43.0000 3404 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/02 19:54:43.0062 3404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/02 19:54:43.0125 3404 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/08/02 19:54:43.0218 3404 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/02 19:54:43.0250 3404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/02 19:54:43.0312 3404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/02 19:54:43.0375 3404 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/02 19:54:43.0453 3404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/02 19:54:43.0546 3404 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/08/02 19:54:43.0781 3404 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/08/02 19:54:43.0859 3404 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/02 19:54:43.0906 3404 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/02 19:54:44.0031 3404 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/02 19:54:44.0093 3404 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
2011/08/02 19:54:44.0125 3404 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR7
2011/08/02 19:54:44.0156 3404 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR8
2011/08/02 19:54:44.0218 3404 Boot (0x1200) (72e71e11114771e97bff5b79dd29d908) \Device\Harddisk0\DR0\Partition0
2011/08/02 19:54:44.0218 3404 Boot (0x1200) (2eabbcc2ac034cd289ef98fe530a743e) \Device\Harddisk0\DR0\Partition1
2011/08/02 19:54:44.0250 3404 Boot (0x1200) (769c1c5f67e55b50d29b7ed4673e6415) \Device\Harddisk5\DR7\Partition0
2011/08/02 19:54:44.0250 3404 Boot (0x1200) (829340a8de2b1140bb17755c1c723f5b) \Device\Harddisk6\DR8\Partition0
2011/08/02 19:54:44.0265 3404 ================================================================================
2011/08/02 19:54:44.0265 3404 Scan finished
2011/08/02 19:54:44.0265 3404 ================================================================================
2011/08/02 19:54:44.0281 0172 Detected object count: 0
2011/08/02 19:54:44.0281 0172 Actual detected object count: 0
2011/08/02 19:55:20.0406 2916 ================================================================================
2011/08/02 19:55:20.0406 2916 Scan started
2011/08/02 19:55:20.0406 2916 Mode: Manual;
2011/08/02 19:55:20.0406 2916 ================================================================================
2011/08/02 19:55:20.0703 2916 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/02 19:55:20.0796 2916 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/08/02 19:55:20.0828 2916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/02 19:55:20.0875 2916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/02 19:55:20.0937 2916 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/08/02 19:55:21.0015 2916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/02 19:55:21.0062 2916 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/02 19:55:21.0156 2916 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/08/02 19:55:21.0187 2916 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/08/02 19:55:21.0203 2916 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/08/02 19:55:21.0234 2916 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/08/02 19:55:21.0437 2916 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/02 19:55:21.0625 2916 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/08/02 19:55:21.0671 2916 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/08/02 19:55:21.0703 2916 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/08/02 19:55:21.0734 2916 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/08/02 19:55:21.0765 2916 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/08/02 19:55:21.0796 2916 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/08/02 19:55:21.0812 2916 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/08/02 19:55:21.0859 2916 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/02 19:55:21.0921 2916 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/02 19:55:21.0953 2916 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/02 19:55:21.0984 2916 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/02 19:55:22.0031 2916 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/02 19:55:22.0093 2916 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/02 19:55:22.0140 2916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/02 19:55:22.0296 2916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/02 19:55:22.0406 2916 ATICXCAP (b27b6cc25e81165bb946ded4ec8eea0b) C:\WINDOWS\system32\drivers\aticxcap.sys
2011/08/02 19:55:22.0437 2916 ATICXTUN (2fd0cdfee26d490b6f8de9a035d522b6) C:\WINDOWS\system32\drivers\aticxtun.sys
2011/08/02 19:55:22.0468 2916 ATICXXBR (ba877c4698f4477d6a69f9e071337c4b) C:\WINDOWS\system32\drivers\aticxxbr.sys
2011/08/02 19:55:22.0515 2916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/02 19:55:22.0703 2916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/02 19:55:22.0734 2916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/02 19:55:22.0796 2916 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/08/02 19:55:22.0859 2916 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/08/02 19:55:22.0890 2916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/02 19:55:22.0937 2916 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/02 19:55:22.0968 2916 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/08/02 19:55:23.0015 2916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/02 19:55:23.0171 2916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/02 19:55:23.0234 2916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/02 19:55:23.0312 2916 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/08/02 19:55:23.0359 2916 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/08/02 19:55:23.0390 2916 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/08/02 19:55:23.0421 2916 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\D
-
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: B8178000
Module End: B8187000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B2AC2000
Module End: B2ADA000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B862A000
Module End: B862C000
Hidden: Yes
Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: B83E8000
Module End: B83F0000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: B8668000
Module End: B866A000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: B2B39202
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwAllocateVirtualMemory
Address: B2B9FD8C
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwClose
Address: B2B5D6C1
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateEvent
Address: B2B3B7F0
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateEventPair
Address: B2B3B848
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateIoCompletion
Address: B2B3B95E
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateKey
Address: B2B5D075
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateMutant
Address: B2B3B746
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateSection
Address: B2B3B898
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateSemaphore
Address: B2B3B79A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwCreateTimer
Address: B2B3B90C
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDeleteBootEntry
Address: B2B39226
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDeleteKey
Address: B2B5DD87
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDeleteValueKey
Address: B2B5E03D
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwDuplicateObject
Address: B2B3BBE2
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwEnumerateKey
Address: B2B5DBF2
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwEnumerateValueKey
Address: B2B5DA5D
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwFreeVirtualMemory
Address: B2B9FE3C
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwLoadDriver
Address: B2B38FF0
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwModifyBootEntry
Address: B2B3924A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwNotifyChangeKey
Address: B2B3BD56
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwNotifyChangeMultipleKeys
Address: B2B39CDA
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenEvent
Address: B2B3B820
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenEventPair
Address: B2B3B870
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenIoCompletion
Address: B2B3B988
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenKey
Address: B2B5D3D1
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenMutant
Address: B2B3B772
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenProcess
Address: B2B3BA1A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenSection
Address: B2B3B8D8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenSemaphore
Address: B2B3B7C8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenThread
Address: B2B3BAFE
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwOpenTimer
Address: B2B3B936
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwProtectVirtualMemory
Address: B2B9FED4
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwQueryKey
Address: B2B5D8D8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwQueryObject
Address: B2B39BA0
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwQueryValueKey
Address: B2B5D72A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwRenameKey
Address: B2BA810E
Driver Base: B2B96000
Driver End: B2BE0000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwRestoreKey
Address: B2B5C6E8
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetBootEntryOrder
Address: B2B3926E
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetBootOptions
Address: B2B39292
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetSystemInformation
Address: B2B3904A
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetSystemPowerState
Address: B2B39186
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSetValueKey
Address: B2B5DE8E
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwShutdownSystem
Address: B2B39162
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwSystemDebugControl
Address: B2B391AA
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
Function Name: ZwVdmControl
Address: B2B392B6
Driver Base: B2B26000
Driver End: B2B96000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\System Recovery\I386
Status: Access denied
Object: C:\System Recovery\SYSRST
Status: Access denied
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Uh how do I do that without the internet?
-
Uh how do I do that without the internet?
Sorry. I didn't realize that you still can't connect.
Please run Notepad (start > All Programs > Accessories >
Notepad) and copy and paste the text in the code box into a new file:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
•Go to the File menu at the top of the Notepad and select Save as.
•Select save in: desktop
•Fill in File name: test.bat
•Save as type: All file types (*.*)
•Click save.
•Close the Notepad.
•Locate and double-click test.bat on the desktop.
•A notepad opens, copy and paste the content it (log1.txt) to your reply.
-
Windows IP Configuration
Host Name . . . . . . . . . . . . : YOUR-433A10CD72
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-40-CA-93-6F-F1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.1
Server: UnKnown
Address: 127.0.0.1
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 93 6f f1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post. .
-
MiniToolBox by Farbar
Ran by Owner (administrator) on 04-08-2011 at 20:12:09
Microsoft Windows XP Service Pack 3 (X86)
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection 7"
set address name="Local Area Connection 7" source=dhcp
set dns name="Local Area Connection 7" source=dhcp register=PRIMARY
set wins name="Local Area Connection 7" source=dhcp
popd
# End of interface IP configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : YOUR-433A10CD72
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-40-CA-93-6F-F1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.1
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host yahoo.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 93 6f f1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (08/04/2011 01:38:13 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.2.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]
Error: (08/03/2011 09:59:44 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.
Error: (08/03/2011 09:59:41 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.
Error: (08/03/2011 09:53:42 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
Error: (08/02/2011 09:38:19 PM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.2.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]
Error: (08/02/2011 07:52:44 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.
Error: (08/02/2011 07:52:38 PM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.
Error: (08/02/2011 07:51:38 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
Error: (08/02/2011 11:38:01 AM) (Source: Application Error) (User: )
Description: Faulting application jusched.exe, version 2.0.5.1, faulting module user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
Processing media-specific event for [jusched.exe!ws!]
Error: (08/02/2011 11:02:04 AM) (Source: MsiInstaller) (User: Owner)Owner
Description: Product: GPBaseService2 -- Error 1706. An installation package for the product GPBaseService2 cannot be found. Try the installation again using a valid copy of the installation package 'GPBaseService2.msi'.
System errors:
=============
Error: (08/04/2011 11:24:53 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
Error: (08/03/2011 10:44:50 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
Error: (08/03/2011 10:44:49 PM) (Source: DCOM) (User: Owner)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
Error: (08/03/2011 10:44:20 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952450 (0x80072742).
Error: (08/03/2011 09:59:44 PM) (Source: DCOM) (User: Owner)
Description: Unable to start a DCOM Server: {66C99B38-BC12-4134-90A2-C5D6ABFC5FFE}.
The error:
"%%2"
Happened while starting this command:
C:\PROGRA~1\HP\DIGITA~1\bin\hpqgpc01.exe -Embedding
Error: (08/03/2011 09:54:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
Error: (08/03/2011 09:54:04 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
Error: (08/03/2011 09:53:53 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
Error: (08/03/2011 09:53:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the following nonexistent service: Afd
Error: (08/03/2011 09:53:52 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
========================= Memory info: ===================================
Percentage of memory in use: 83%
Total physical RAM: 1502.42 MB
Available physical RAM: 244.28 MB
Total Pagefile: 2696.08 MB
Available Pagefile: 1491.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.89 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:148.93 GB) (Free:96.43 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:4.43 GB) (Free:2.23 GB) FAT32
4 Drive f: () (Removable) (Total:3.72 GB) (Free:3.62 GB) FAT32
5 Drive g: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:134.14 GB) NTFS
========================= Users: ========================================
User accounts for \\YOUR-433A10CD72
Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0
UpdatusUser
== End of log ==
-
The ping test shows 2 sent and 2 received. Can you connect to the net now? What browser do you use?
-
No it still has the same error. I use Firefox.
-
No it still has the same error.
What was that error again?
AVENGER
- Download The Avenger by Swandog46 from here (http://swandog46.geekstogo.com/avenger2/download.php).
- Unzip/extract it to a folder on your desktop.
- Double click on avenger.exe to run The Avenger.
- Click OK.
- Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
- Click the Execute button.
- You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
- Click Yes.
- You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
- Click Yes.
- Your PC will now be rebooted.
- After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
- Please post this log in your next reply.
-
"Error 1075: The dependency does not exist or has been marked for deletion"
when I try to start the DHCP client or TCP/IP netbios helper
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Completed script processing.
*******************
Finished! Terminate.
-
Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.
-
both things were already checked in that tab.
-
Ok. Can you please run the ping test in Reply # 16 and post the log again?
-
Windows IP Configuration
Host Name . . . . . . . . . . . . : YOUR-433A10CD72
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-40-CA-93-6F-F1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.1
Server: UnKnown
Address: 127.0.0.1
Server: UnKnown
Address: 127.0.0.1
Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 40 ca 93 6f f1 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
-
I can't remember if I asked you what browser do you use? Could you please try another browser?
•Please download Dial-A-Fix from one of the following mirrors:
Primary mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
•Extract the zip file to your desktop.
•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
(http://i424.photobucket.com/albums/pp322/digistar/OK.jpg) to continue.
•Press the green double checkmark box (Looks like this:
(http://i424.photobucket.com/albums/pp322/digistar/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
(http://i424.photobucket.com/albums/pp322/digistar/ncheck.png)
(http://i424.photobucket.com/albums/pp322/digistar/Window.png)
•Click on Go
•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
•Close Dial-A-Fix
**********************************************
If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.
If that doesn't work, bypass router, and connect computer straight to the modem.
-
none of those worked and I figured that the other two wouldn't work because the internet works fine just not on that computer.
-
The default gateway is missing on that computer. That's what I'm trying to repair. Please try this:
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).
At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.
Restart computer.
-
That didn't work either :(
-
Edited.
-
should I post about this in the networking section???
-
should I post about this in the networking section???
You may just as well post it there. I've reached the bottom of my bag of tricks.
If you can succeed in getting connected to the net, please run the ESET scan.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
**************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.