Inactive [A] Microsoft Security Essentials found a virus but had trouble removing it

Status
Not open for further replies.

shivmister

Posts: 55   +0
As the title states i was unable to remove the virus/trojan. Though after running through these steps i do not see a pop up from microsoft security essentials telling me i have a trojan. can you look at the logs and tell me if i am still at risk?

Thank you!
------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: MANOJ_R_SHAH [administrator]

Protection: Enabled

3/21/2012 11:17:05 PM
mbam-log-2012-03-21 (23-43-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233856
Time elapsed: 24 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\NEUSBw32.dll (Trojan.Dropper) -> No action taken.

Registry Keys Detected: 1
HKCU\SOFTWARE\MFJJEC0A1L (Trojan.FakeAlert) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\NEUSBw32.dll (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\HP_Administrator\0.02356483905905471.exe (Trojan.Agent.Gen) -> No action taken.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-22 00:10:52
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 SAMSUNG_ rev.VT10
Running: 8ji4lkv4.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\agdoykob.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xB9ED684C]
SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC]

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 8B14B1D8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 8B14B1D8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 8B14B1D8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 8B14B1D8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 8B14B1D8
Device \Driver\akptod50 \Device\Scsi\akptod501Port2Path0Target0Lun0 8A615980
Device \Driver\akptod50 \Device\Scsi\akptod501 8A615980
Device \FileSystem\Ntfs \Ntfs 8B0D61D8
Device \FileSystem\Fastfat \Fat 88BC6980

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
-------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by HP_Administrator at 0:18:20 on 2012-03-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1144 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Citrix\Secure Access Client\nsload.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: IDXHlprObj Class: {31816979-f864-4acf-919f-d0b3b56432e6} - c:\windows\downloaded program files\IDXIEController.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DictateBHO: {e12a882b-f14f-4440-9bc0-84a5eb766605} - c:\windows\downloaded program files\DictateBar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: TouchWorks Dictate: {6f60c5c5-61b3-4378-8902-ed9497663ac9} - c:\windows\downloaded program files\DictateBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [NetMeter] c:\documents and settings\hp_administrator\my documents\netmeter\NetMeter114beta_4.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\citrix~1.lnk - c:\program files\citrix\secure access client\nsload.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - hxxp://tworks.amg.advocatehealth.com/TouchWorks/DocWorks/CHWorks/Unstructured/aicviewer3.cab
DPF: {501D93F5-74BE-4306-A90C-9FFD1574A6A6} - hxxp://centricityweb-luth.advocatehealth.com/ami/install/amiviewer.cab
DPF: {56B46BBB-F6C4-4B6B-8EDF-BEE6C9661E4E}
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1174963884478
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {8613571C-30D2-4BD4-9710-3DFDBADE8190} - hxxp://localhost/ami/install/amiviewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} - hxxp://localhost/ami/install/amiviewer.cab
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {AECD14A8-F662-11D1-A395-00805F535788} - hxxp://www.investors.com/member/ocx/plotwon.ocx
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - /Touchworks/DictateBar.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - hxxp://tworks.amg.advocatehealth.com/TouchWorks/DocWorks/CHWorks/Unstructured/aic_viewer2.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\7gbqr2lq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 208.43.135.133
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 208.43.135.133
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 208.43.135.133
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 208.43.135.133
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 208.43.135.133
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\7gbqr2lq.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\secure access client\npagee.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npaxctrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-6-17 20744]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R1 MpKsl402eaab5;MpKsl402eaab5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7d1a2c-3084-4cd7-981c-818738597d25}\MpKsl402eaab5.sys [2012-3-22 29904]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2007-1-11 3744]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2009-10-22 80920]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2007-1-11 3904]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-14 652360]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2010-1-19 154264]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [2010-1-19 41624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-14 20464]
RUnknown MpKsl7422ca67;MpKsl7422ca67; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CWMonitor;Symantec Crimeware Protection Driver;\??\c:\program files\common files\symantec shared\coshared\cw\1.0\monitor.sys --> c:\program files\common files\symantec shared\coshared\cw\1.0\Monitor.sys [?]
S2 LMIRfsDriver;Vpctcom;c:\windows\system32\svchost.exe -k netsvcs [2004-8-9 14336]
S2 NecUsb3;USB3 Service;c:\windows\system32\svchost.exe -k NecUsb3Sevic [2004-8-9 14336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-6-17 29192]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-8-24 82048]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-8-5 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-6-17 25480]
S3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys --> c:\windows\system32\drivers\net6im51.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-8-24 468768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
2012-03-22 05:09:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7d1a2c-3084-4cd7-981c-818738597d25}\MpKsl402eaab5.sys
2012-03-22 04:47:48 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7d1a2c-3084-4cd7-981c-818738597d25}\MpKsl7422ca67.sys
2012-03-22 04:02:23 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df7d1a2c-3084-4cd7-981c-818738597d25}\mpengine.dll
2012-03-21 01:09:14 38400 ----a-w- c:\windows\system32\USB3Sw32.dll
2012-03-21 00:59:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-19 16:49:39 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 16:49:39 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-02-25 20:39:32 -------- d-----w- c:\documents and settings\hp_administrator\application data\Windows Search
.
==================== Find3M ====================
.
2012-03-19 13:57:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 03:42:58 208896 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2012-01-23 03:42:38 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2012-01-23 03:42:37 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2012-01-23 03:42:36 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2012-01-23 03:42:36 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2012-01-23 03:42:36 341048 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2012-01-23 03:42:36 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2012-01-23 03:42:36 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2012-01-23 03:42:36 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 0:19:13.40 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2007 10:35:00 PM
System Uptime: 3/22/2012 12:05:18 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Basswood
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Socket 775 | 2133/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 37.76 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 211.752 GiB free.
E: is FIXED (FAT32) - 9 GiB total, 0.418 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM (UDF)
J: is Removable
K: is Removable
L: is Removable
M: is Removable
N: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82562V 10/100 Network Connection
Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_2A36103C&REV_02\3&2411E6FE&0&C8
Manufacturer: Intel
Name: Intel(R) 82562V 10/100 Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_2A36103C&REV_02\3&2411E6FE&0&C8
Service: e1express
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\FFA6C911D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\FFA6C911D800
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Wireless LAN PCI 802.11 b/g adapter WN5301A
Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&11B6166B&0&18F0
Manufacturer: Liteon
Name: Wireless LAN PCI 802.11 b/g adapter WN5301A
PNP Device ID: PCI\VEN_168C&DEV_001B&SUBSYS_500111AD&REV_01\4&11B6166B&0&18F0
Service: WN5301
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT
.
==== System Restore Points ===================
.
RP1472: 12/21/2011 9:43:31 AM - System Checkpoint
RP1473: 12/21/2011 1:16:36 PM - Software Distribution Service 3.0
RP1474: 12/22/2011 5:07:30 PM - Software Distribution Service 3.0
RP1475: 12/23/2011 8:21:19 PM - Software Distribution Service 3.0
RP1476: 12/24/2011 10:00:03 PM - Software Distribution Service 3.0
RP1477: 12/26/2011 12:35:30 AM - Software Distribution Service 3.0
RP1478: 12/26/2011 3:13:17 PM - Revo Uninstaller's restore point - dBpoweramp Music Converter
RP1479: 12/26/2011 3:19:14 PM - Revo Uninstaller's restore point - dBpoweramp DSP Effects
RP1480: 12/26/2011 3:21:32 PM - Revo Uninstaller's restore point - dBpoweramp Ogg Vorbis Codec
RP1481: 12/26/2011 3:22:23 PM - Revo Uninstaller's restore point - Microsoft Halo
RP1482: 12/26/2011 3:23:33 PM - Revo Uninstaller's restore point - dBpoweramp FLAC Codec
RP1483: 12/26/2011 3:24:38 PM - Revo Uninstaller's restore point - Adobe Reader 9.4.6
RP1484: 12/26/2011 3:25:18 PM - Removed Adobe Reader 9.4.6.
RP1485: 12/26/2011 3:26:59 PM - Revo Uninstaller's restore point - dBpoweramp [Calculate Audio CRC] Codec
RP1486: 12/26/2011 3:27:30 PM - Revo Uninstaller's restore point - dBpoweramp Dalet Codec
RP1487: 12/26/2011 3:28:00 PM - Revo Uninstaller's restore point - dBpoweramp Monkeys Audio Codec
RP1488: 12/26/2011 3:28:29 PM - Revo Uninstaller's restore point - dBpoweramp Mp2 and BwfMp2 codec
RP1489: 12/27/2011 7:55:23 AM - Software Distribution Service 3.0
RP1490: 12/28/2011 8:19:20 AM - Software Distribution Service 3.0
RP1491: 12/29/2011 8:20:53 AM - System Checkpoint
RP1492: 12/30/2011 1:10:43 AM - Software Distribution Service 3.0
RP1493: 12/31/2011 3:28:15 AM - Software Distribution Service 3.0
RP1494: 1/1/2012 8:28:53 AM - Software Distribution Service 3.0
RP1495: 1/2/2012 9:30:36 AM - System Checkpoint
RP1496: 1/3/2012 8:10:48 AM - Software Distribution Service 3.0
RP1497: 1/4/2012 10:13:05 AM - Software Distribution Service 3.0
RP1498: 1/5/2012 10:16:06 AM - System Checkpoint
RP1499: 1/5/2012 6:03:12 PM - Software Distribution Service 3.0
RP1500: 1/6/2012 6:07:16 PM - Software Distribution Service 3.0
RP1501: 1/7/2012 7:02:41 PM - System Checkpoint
RP1502: 1/7/2012 8:54:06 PM - Software Distribution Service 3.0
RP1503: 1/8/2012 10:01:26 PM - Software Distribution Service 3.0
RP1504: 1/10/2012 1:51:03 PM - Software Distribution Service 3.0
RP1505: 1/11/2012 2:45:39 PM - System Checkpoint
RP1506: 1/11/2012 11:11:28 PM - Software Distribution Service 3.0
RP1507: 1/12/2012 8:29:51 AM - Software Distribution Service 3.0
RP1508: 1/13/2012 8:33:12 AM - Software Distribution Service 3.0
RP1509: 1/14/2012 10:12:23 AM - System Checkpoint
RP1510: 1/14/2012 11:48:29 AM - Software Distribution Service 3.0
RP1511: 1/15/2012 1:38:11 PM - System Checkpoint
RP1512: 1/15/2012 4:58:40 PM - Software Distribution Service 3.0
RP1513: 1/16/2012 7:31:49 PM - Software Distribution Service 3.0
RP1514: 1/17/2012 7:39:25 PM - Software Distribution Service 3.0
RP1515: 1/18/2012 8:06:43 PM - System Checkpoint
RP1516: 1/19/2012 8:52:28 AM - Software Distribution Service 3.0
RP1517: 1/20/2012 9:25:43 AM - Software Distribution Service 3.0
RP1518: 1/21/2012 10:14:26 AM - System Checkpoint
RP1519: 1/21/2012 11:04:18 AM - Software Distribution Service 3.0
RP1520: 1/22/2012 10:49:42 AM - pre service pack 3, for windows xp
RP1521: 1/22/2012 9:28:10 PM - Software Distribution Service 3.0
RP1522: 1/22/2012 9:58:51 PM - Software Distribution Service 3.0
RP1523: 1/22/2012 10:26:30 PM - Software Distribution Service 3.0
RP1524: 1/22/2012 11:28:07 PM - Software Distribution Service 3.0
RP1525: 1/23/2012 12:44:00 AM - Software Distribution Service 3.0
RP1526: 1/24/2012 9:07:14 AM - Software Distribution Service 3.0
RP1527: 1/24/2012 10:46:50 PM - Installed TurboTax 2011 wrapper
RP1528: 1/25/2012 6:53:35 PM - Software Distribution Service 3.0
RP1529: 1/26/2012 4:03:30 PM - Software Distribution Service 3.0
RP1530: 1/27/2012 4:21:22 PM - System Checkpoint
RP1531: 1/28/2012 8:41:30 AM - Software Distribution Service 3.0
RP1532: 1/29/2012 10:27:51 AM - System Checkpoint
RP1533: 1/29/2012 2:59:57 PM - Software Distribution Service 3.0
RP1534: 1/30/2012 3:59:34 PM - System Checkpoint
RP1535: 1/31/2012 9:31:02 AM - Software Distribution Service 3.0
RP1536: 2/1/2012 10:00:38 AM - System Checkpoint
RP1537: 2/1/2012 9:25:35 PM - Software Distribution Service 3.0
RP1538: 2/2/2012 9:47:55 PM - Software Distribution Service 3.0
RP1539: 2/4/2012 6:45:00 AM - Software Distribution Service 3.0
RP1540: 2/5/2012 8:14:11 AM - Software Distribution Service 3.0
RP1541: 2/6/2012 9:48:07 AM - Software Distribution Service 3.0
RP1542: 2/7/2012 11:18:07 AM - System Checkpoint
RP1543: 2/7/2012 3:06:29 PM - Software Distribution Service 3.0
RP1544: 2/8/2012 3:37:55 PM - System Checkpoint
RP1545: 2/8/2012 7:13:10 PM - Software Distribution Service 3.0
RP1546: 2/9/2012 8:28:49 PM - Software Distribution Service 3.0
RP1547: 2/10/2012 9:23:17 PM - System Checkpoint
RP1548: 2/11/2012 12:38:04 AM - Software Distribution Service 3.0
RP1549: 2/12/2012 7:50:31 AM - Software Distribution Service 3.0
RP1550: 2/12/2012 7:42:26 PM - Installed TurboTax 2011 wiliper
RP1551: 2/13/2012 8:18:46 AM - Software Distribution Service 3.0
RP1552: 2/14/2012 1:22:07 PM - Software Distribution Service 3.0
RP1553: 2/15/2012 2:25:24 PM - System Checkpoint
RP1554: 2/16/2012 8:28:23 AM - Software Distribution Service 3.0
RP1555: 2/16/2012 10:53:56 PM - Software Distribution Service 3.0
RP1556: 2/17/2012 8:17:51 PM - Software Distribution Service 3.0
RP1557: 2/18/2012 8:25:09 PM - System Checkpoint
RP1558: 2/19/2012 12:04:46 AM - Software Distribution Service 3.0
RP1559: 2/20/2012 8:34:38 AM - Software Distribution Service 3.0
RP1560: 2/21/2012 8:57:50 AM - System Checkpoint
RP1561: 2/21/2012 5:36:27 PM - Software Distribution Service 3.0
RP1562: 2/22/2012 7:03:36 PM - System Checkpoint
RP1563: 2/22/2012 9:39:08 PM - Software Distribution Service 3.0
RP1564: 2/24/2012 8:26:58 AM - Software Distribution Service 3.0
RP1565: 2/25/2012 8:44:42 AM - Software Distribution Service 3.0
RP1566: 2/26/2012 10:40:40 AM - System Checkpoint
RP1567: 2/26/2012 2:49:28 PM - Software Distribution Service 3.0
RP1568: 2/27/2012 3:28:11 PM - System Checkpoint
RP1569: 2/27/2012 5:44:04 PM - Software Distribution Service 3.0
RP1570: 2/28/2012 6:14:56 PM - Software Distribution Service 3.0
RP1571: 2/29/2012 9:51:24 PM - System Checkpoint
RP1572: 3/1/2012 7:51:37 AM - Software Distribution Service 3.0
RP1573: 3/2/2012 8:13:34 AM - Software Distribution Service 3.0
RP1574: 3/3/2012 8:14:10 AM - Software Distribution Service 3.0
RP1575: 3/4/2012 10:30:50 AM - Software Distribution Service 3.0
RP1576: 3/5/2012 10:42:51 AM - System Checkpoint
RP1577: 3/5/2012 5:49:26 PM - Software Distribution Service 3.0
RP1578: 3/6/2012 8:54:12 PM - Software Distribution Service 3.0
RP1579: 3/7/2012 8:59:26 PM - Software Distribution Service 3.0
RP1580: 3/8/2012 10:46:58 PM - Software Distribution Service 3.0
RP1581: 3/10/2012 9:29:26 AM - Software Distribution Service 3.0
RP1582: 3/11/2012 1:20:30 PM - Software Distribution Service 3.0
RP1583: 3/12/2012 1:50:04 PM - System Checkpoint
RP1584: 3/12/2012 8:18:12 PM - Software Distribution Service 3.0
RP1585: 3/13/2012 8:52:07 PM - System Checkpoint
RP1586: 3/14/2012 8:20:49 AM - Software Distribution Service 3.0
RP1587: 3/14/2012 7:21:38 PM - Software Distribution Service 3.0
RP1588: 3/15/2012 10:52:37 PM - Software Distribution Service 3.0
RP1589: 3/16/2012 11:37:39 PM - Software Distribution Service 3.0
RP1590: 3/18/2012 10:00:36 AM - Software Distribution Service 3.0
RP1591: 3/19/2012 10:51:31 AM - System Checkpoint
RP1592: 3/19/2012 9:12:22 PM - Software Distribution Service 3.0
RP1593: 3/20/2012 9:30:58 PM - Software Distribution Service 3.0
RP1594: 3/21/2012 11:02:20 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
µTorrent
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Auto Gordian Knot 2.55
AutoUpdate
AviSynth 2.5
BlueSoleil
Bonjour
BSPlayer
BufferChm
CCleaner
CheckIt Diagnostics
Citrix Access Gateway Plug-in
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Combined Community Codec Pack 2008-09-21 16:18
Comical 0.8
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
Destinations
DeviceManagementQFolder
Digsby
DirectVobSub (remove only)
DivX Codec
DivX Player
DivX Web Player
DivXLand Media Subtitler
Drive Manager
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.4.0 (11/11/2010)
Enhanced Multimedia Keyboard Solution
EVEREST Home Edition v2.20
Exact Audio Copy 0.99pb5
FileZilla Client 3.3.0.1
FLAC 1.2.1b (remove only)
foobar2000 v0.9.6.3
Forces in 1D
Foxit PDF Editor
Foxit Reader
Foxit Toolbar
FullDPAppQFolder
GameSpy Arcade
GemMaster Mystic
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Haali Media Splitter
HandBrake 0.9.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Precisionscan Pro 3.1
HP Share-to-Web
HP Update
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
IDM Flash 4.4.0.468
Image to PDF Converter Free 4.0
ImTOO iPod Computer Transfer
InstantShareAlert
InstantShareDevices
Intel(R) Matrix Storage Manager
Intel(R) Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Investor's Toolkit
iPad/iPhone/iPod to Computer Transfer 7.5.7
iSEEK AnswerWorks English Runtime
ItsDeductible Express
iTunes
Java(TM) 6 Update 14
K-Lite Codec Pack 5.5.1 (Basic)
LightScribe 1.4.105.1
LiveUpdate 3.1 (Symantec Corporation)
Magic ISO Maker v5.5 (build 0273)
MagicDisc 2.7.105
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mIRC
mkv2vob
MKVtoolnix 3.4.0
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 en-US)
Mp3tag v2.46a
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MusicBrainz Picard
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NAIC Investor's Toolkit
NAIC Stock Analyst
NAIC Take $tock
Nero 7 Ultra Edition
NNScript
Nokia Connectivity Cable Driver
Notepad++
NVIDIA Drivers
Office Password Recovery v2.0 (remove only)
OptionalContentQFolder
Orbit Downloader
Otto
OverDrive Media Console
Paint.NET v3.36
Pando Media Booster
PC-Doctor 5 for Windows
PC Connectivity Solution
Pepsky Free CD Maker 5.0.1
PhotoGallery
Python 2.6
Quicken 2011
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Rehan Pan Zoom Effects
Revo Uninstaller 1.89
Rhapsody
Rhapsody Player Engine
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2647518)
SESAP 12
SkinsHP1
Skype Toolbars
Skype™ 5.0
SlideShow
SlideShowMusic
smARTupdate
Sonic_PrimoSDK
Sony Digital Voice Editor 3
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
starwars_screensaver_pc
Stock Investor Professional
System Requirements Lab
System Requirements Lab CYRI
Take $tock 4
Take $tock Companion
Total Video Converter 3.10
TouchWorks Web Controls
Tunebite
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wiliper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2003
TurboTax Premier 2004
TurboTax Premier 2005
TurboTax Premier 2007
TurboTax Premier Investments 2006
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Updates from HP (remove only)
VeryPDF PDF Split-Merge v3.0
Vidomi (remove only)
VLC media player 1.1.9
VobSub v2.23 (Remove Only)
WashMan (PocketPC and Smartphone) v 10.0.5 by Skyscape
WebFldrs XP
WexTech AnswerWorks
WinAVI All in One Converter
WinAVI MP4 Converter
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format 11 SDK
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/21/2012 9:48:53 AM, error: Service Control Manager [7023] - The UlSata service terminated with the following error: Access is denied.
3/21/2012 9:33:53 AM, error: Service Control Manager [7023] - The VNUSB service terminated with the following error: Access is denied.
3/21/2012 9:18:53 AM, error: Service Control Manager [7023] - The Avsvcmonitor service terminated with the following error: Access is denied.
3/21/2012 9:03:54 AM, error: Service Control Manager [7023] - The Acrsch2svc service terminated with the following error: Access is denied.
3/21/2012 8:48:56 PM, error: Service Control Manager [7023] - The Defrag32 service terminated with the following error: The specified procedure could not be found.
3/21/2012 8:48:53 AM, error: Service Control Manager [7023] - The FA312 service terminated with the following error: Access is denied.
3/21/2012 8:33:53 AM, error: Service Control Manager [7023] - The Co_mon service terminated with the following error: Access is denied.
3/21/2012 8:19:53 AM, error: Service Control Manager [7023] - The Knobserv service terminated with the following error: Access is denied.
3/21/2012 8:19:28 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
3/21/2012 8:19:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
3/21/2012 7:03:57 PM, error: Service Control Manager [7023] - The Atierecord service terminated with the following error: Access is denied.
3/21/2012 6:48:57 PM, error: Service Control Manager [7023] - The Avgcoresvc service terminated with the following error: Access is denied.
3/21/2012 6:33:58 PM, error: Service Control Manager [7023] - The Epsonbidirectionalagent service terminated with the following error: Access is denied.
3/21/2012 6:18:57 PM, error: Service Control Manager [7023] - The Zebrceb service terminated with the following error: Access is denied.
3/21/2012 6:03:57 PM, error: Service Control Manager [7023] - The Elotouchscreen service terminated with the following error: Access is denied.
3/21/2012 5:48:57 PM, error: Service Control Manager [7023] - The Issimon service terminated with the following error: Access is denied.
3/21/2012 5:33:57 PM, error: Service Control Manager [7023] - The DfwWebAgent service terminated with the following error: Access is denied.
3/21/2012 5:18:58 PM, error: Service Control Manager [7023] - The Vrservice service terminated with the following error: Access is denied.
3/21/2012 5:03:57 PM, error: Service Control Manager [7023] - The Lxcj_device service terminated with the following error: Access is denied.
3/21/2012 4:48:57 PM, error: Service Control Manager [7023] - The Stllssvr service terminated with the following error: Access is denied.
3/21/2012 4:33:57 PM, error: Service Control Manager [7023] - The Vtserver service terminated with the following error: Access is denied.
3/21/2012 4:18:57 PM, error: Service Control Manager [7023] - The Cics.region2 service terminated with the following error: Access is denied.
3/21/2012 4:03:56 PM, error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6i service terminated with the following error: Access is denied.
3/21/2012 3:48:56 PM, error: Service Control Manager [7023] - The Usbbus service terminated with the following error: Access is denied.
3/21/2012 3:33:56 PM, error: Service Control Manager [7023] - The XTrapD12 service terminated with the following error: Access is denied.
3/21/2012 3:18:57 PM, error: Service Control Manager [7023] - The Scramby service terminated with the following error: Access is denied.
3/21/2012 3:13:36 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/21/2012 3:03:56 PM, error: Service Control Manager [7023] - The WINUSB service terminated with the following error: Access is denied.
3/21/2012 2:48:56 PM, error: Service Control Manager [7023] - The Defrag32 service terminated with the following error: Access is denied.
3/21/2012 2:33:56 PM, error: Service Control Manager [7023] - The Hpqwmi service terminated with the following error: Access is denied.
3/21/2012 2:18:56 PM, error: Service Control Manager [7023] - The USB28xxBGA service terminated with the following error: Access is denied.
3/21/2012 2:03:56 PM, error: Service Control Manager [7023] - The S616unic service terminated with the following error: Access is denied.
3/21/2012 12:48:55 PM, error: Service Control Manager [7023] - The Fsssvc service terminated with the following error: Access is denied.
3/21/2012 12:33:55 PM, error: Service Control Manager [7023] - The Digisptiservice service terminated with the following error: Access is denied.
3/21/2012 12:18:55 PM, error: Service Control Manager [7023] - The Tfsnifs service terminated with the following error: Access is denied.
3/21/2012 12:03:55 PM, error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: Access is denied.
3/21/2012 11:48:55 AM, error: Service Control Manager [7023] - The ZD1211BU(ZyDAS) service terminated with the following error: Access is denied.
3/21/2012 11:33:53 AM, error: Service Control Manager [7023] - The Nicconfigsvc service terminated with the following error: Access is denied.
3/21/2012 11:18:53 AM, error: Service Control Manager [7023] - The CTEDSPSY.DLL service terminated with the following error: Access is denied.
3/21/2012 11:03:53 AM, error: Service Control Manager [7023] - The Entertainment service terminated with the following error: Access is denied.
3/21/2012 11:01:32 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
3/21/2012 10:48:53 AM, error: Service Control Manager [7023] - The Uclauncherservice service terminated with the following error: Access is denied.
3/21/2012 10:33:53 AM, error: Service Control Manager [7023] - The N3900 service terminated with the following error: Access is denied.
3/21/2012 10:18:53 AM, error: Service Control Manager [7023] - The PSDNServ service terminated with the following error: Access is denied.
3/21/2012 10:03:53 AM, error: Service Control Manager [7023] - The Mfesmfk service terminated with the following error: Access is denied.
3/21/2012 1:48:56 PM, error: Service Control Manager [7023] - The Imap4d32 service terminated with the following error: Access is denied.
3/21/2012 1:33:55 PM, error: Service Control Manager [7023] - The UsbDiag service terminated with the following error: Access is denied.
3/21/2012 1:18:55 PM, error: Service Control Manager [7023] - The Pdlnepkt service terminated with the following error: Access is denied.
3/21/2012 1:03:55 PM, error: Service Control Manager [7023] - The Irbus service terminated with the following error: Access is denied.
3/20/2012 9:18:51 PM, error: PSched [14103] - QoS [Adapter {6257C9F0-FE5C-4174-9E33-3F3DB0FA4F35}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
3/20/2012 8:04:09 PM, error: Service Control Manager [7023] - The SNP2UVC service terminated with the following error: Access is denied.
3/20/2012 8:03:09 PM, error: Service Control Manager [7023] - The Maplom service terminated with the following error: Access is denied.
3/20/2012 7:59:09 PM, error: Service Control Manager [7023] - The SWNC8U51 service terminated with the following error: Access is denied.
3/20/2012 6:30:02 PM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 00C0A8B96795 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/20/2012 10:32:13 PM, error: Service Control Manager [7023] - The CAMFLT service terminated with the following error: Access is denied.
3/15/2012 9:03:41 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1489.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80072ee2 Error description: The operation timed out
.
==== End Of File ===========================
 
Your previous topic was somehow marked as "Active" but nobody really replied to it.
I apologize for that.
I'll close your previous topic and we'll continue here.

====================================================================

Your MBAM log says " No action taken"
Re-run it, FIX all issues and post new log.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
I marked it Active and was preparing the reply- the internet went down for 20 mins. Go ahead- I'll delete what I had.
 
Guess you missed what the OP posted:

I accidentally set the thread as active. I am not sure if i should have or not.

However, it was 'this' thread I had just marked Active.
 
Thank you for your answer. And I am sorry for the confusion. I will follow your instructions Broni, though I do not think I will have the time to perform these actions for a couple days. I should have the logs post by Thursday evening CST at the latest. Thank you again for your help in this matter.
 
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.31.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: MANOJ_R_SHAH [administrator]

Protection: Disabled

3/31/2012 6:02:50 PM
mbam-log-2012-03-31 (18-02-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240092
Time elapsed: 24 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-31 08:40:08
-----------------------------
08:40:08.375 OS Version: Windows 5.1.2600 Service Pack 3
08:40:08.375 Number of processors: 2 586 0xF06
08:40:08.375 ComputerName: MANOJ_R_SHAH UserName:
08:40:12.734 Initialize success
08:42:48.812 AVAST engine defs: 12033100
08:43:48.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
08:43:48.140 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 3
08:43:48.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
08:43:48.140 Disk 1 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 3
08:43:48.156 Disk 0 MBR read successfully
08:43:48.156 Disk 0 MBR scan
08:43:48.203 Disk 0 unknown MBR code
08:43:48.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 63
08:43:48.234 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8879 MB offset 470206485
08:43:49.265 Disk 0 scanning sectors +488392065
08:43:49.343 Disk 0 scanning C:\WINDOWS\system32\drivers
08:44:10.750 Service scanning
08:44:27.437 Service MpKsl4024d574 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29761225-5F12-42E6-95BF-C847515CD135}\MpKsl4024d574.sys **LOCKED** 32
08:44:35.531 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
08:44:41.625 Modules scanning
08:44:49.609 Disk 0 trace - called modules:
08:44:49.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8b14b1d8]<<
08:44:49.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0715b8]
08:44:49.625 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8ab1f030]
08:44:49.625 \Driver\iaStor[0x8b01c6c0] -> IRP_MJ_CREATE -> 0x8b14b1d8
08:44:50.234 AVAST engine scan C:\WINDOWS
08:45:02.203 AVAST engine scan C:\WINDOWS\system32
08:50:09.031 AVAST engine scan C:\WINDOWS\system32\drivers
08:50:34.765 AVAST engine scan C:\Documents and Settings\HP_Administrator
09:30:55.000 AVAST engine scan C:\Documents and Settings\All Users
09:36:51.781 Scan finished successfully
10:15:02.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
10:15:02.593 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 74c9b8a519aa05c22f46e134715d1f6f

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
==================================================================

There was a bootkit log that was created as well. Do you want me paste that as well? The output above is what the black screen box showed.
 
No, I don't need that log.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Getting ComboFix to run was very difficult. Kept telling me that Microsoft Security Essentials was running even after I ended the process tree from the task manager. I went one step further and uninstalled the antivirus all together. Now i have got Combofix to run. Only problem is after it restarted my computer and ran through its stages, it shows a blue dos box saying "making log. Do not start any programs till combo fix is done" This message has been up for a couple hours now. Computer seems to be doing something because every time i go back to the computer i hear the fans running. Is there a problem?
 
Scan Finished. Re-installed Microsoft Security Essentials. (tell me if I should not have done this. I can quickly remove it). Log posted below:
EDIT: Log seems to have a few emoticon...I do not know why.
=========================================================
ComboFix 12-04-01.01 - HP_Administrator 04/01/2012 22:05:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1577 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL0001.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL0004.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL0057.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL0140.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL1143.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL1976.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL2043.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL2170.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL2594.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL2648.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL3292.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL3519.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL3786.tmp
c:\documents and settings\HP_Administrator\My Documents\~WRL4062.tmp
c:\documents and settings\HP_Administrator\WINDOWS
C:\kmd.exe
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\1410525442
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\oemid
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\$NtUninstallKB62280$\485945278\version
c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
c:\windows\iun6002.exe
c:\windows\kb913800.exe
c:\windows\system32\akygfpkx.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dgaxkexk.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\ggjlm.bak1
c:\windows\system32\ggjlm.bak2
c:\windows\system32\ggjlm.ini
c:\windows\system32\ggjlm.ini2
c:\windows\system32\ggjlm.tmp
c:\windows\system32\gjvxwnqo.ini
c:\windows\system32\hfetawgm.ini
c:\windows\system32\jasqfijo.ini
c:\windows\system32\mqdsanra.ini
c:\windows\system32\pvqpgikc.ini
c:\windows\system32\RegClean.exe
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\tjhlhxed.ini
c:\windows\system32\tmp.reg
c:\windows\system32\uadhpkyc.ini
c:\windows\system32\uatuewts.ini
c:\windows\system32\vrfbcpij.ini
c:\windows\system32\whibqbhr.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-29 14:15 . 2001-08-18 03:36 99328 ----a-w- c:\windows\system32\srusd.dll
2012-03-29 14:15 . 2001-08-18 03:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2012-03-29 14:15 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-03-29 14:15 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2012-03-29 14:15 . 2001-08-18 03:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2012-03-29 14:15 . 2001-08-18 03:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2012-03-19 16:49 . 2012-03-19 16:49 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 16:49 . 2012-03-19 16:49 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 13:57 . 2011-08-08 13:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2007-04-04 03:14 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-06-05 15:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 03:42 . 2012-01-23 03:42 208896 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2012-01-23 03:42 . 2012-01-23 03:42 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2012-01-23 03:42 . 2012-01-23 03:42 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2012-01-23 03:42 . 2012-01-23 03:42 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2012-01-23 03:42 . 2012-01-23 03:42 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2012-01-23 03:42 . 2012-01-23 03:42 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2012-01-23 03:42 . 2012-01-23 03:42 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2012-01-23 03:42 . 2012-01-23 03:42 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2012-01-23 03:42 . 2012-01-23 03:42 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2012-01-13 21:59 . 2012-01-13 21:59 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-01-11 19:06 . 2012-02-16 16:04 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2004-08-09 21:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-04-25 07:58 . 2011-04-25 07:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 08:48 . 2011-04-25 08:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 08:00 . 2011-04-25 08:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 07:59 . 2011-04-25 07:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 07:58 . 2011-04-25 07:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 07:57 . 2011-04-25 07:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 07:58 . 2011-04-25 07:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 07:58 . 2011-04-25 07:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 07:51 . 2011-04-25 07:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 08:00 . 2011-04-25 08:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-03-19 16:49 . 2011-04-02 22:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 18:58 333192 ------w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetMeter"="c:\documents and settings\HP_Administrator\My Documents\Netmeter\NetMeter114beta_4.exe" [2009-12-02 296960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-28 8466432]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2010-1-19 1483928]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 06:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-08 17:06 94208 ------w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 09:05 90112 ------w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-22 20:31 136176 -----tw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 19:39 1289000 ------w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 14:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"MBAMService"=2 (0x2)
"LiveUpdate"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Digsby\\lib\\digsby-app.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsepa.exe"=
"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"c:\\Program Files\\Intelore\\Office Password Recovery\\OfficePasswordRecovery.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56115:TCP"= 56115:TCP:pando Media Booster
"56115:UDP"= 56115:UDP:pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/17/2009 2:01 PM 20744]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/26/2007 11:07 PM 639224]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 2:49 AM 65584]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [1/11/2007 12:57 AM 3744]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [10/22/2009 4:34 PM 80920]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [1/11/2007 12:57 AM 3904]
R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [1/19/2010 6:56 AM 154264]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [1/19/2010 6:58 AM 41624]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/13/2010 8:49 PM 47360]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [8/24/2006 7:43 PM 468768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 CWMonitor;Symantec Crimeware Protection Driver;\??\c:\program files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys --> c:\program files\Common Files\Symantec Shared\coShared\CW\1.0\Monitor.sys [?]
S2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe -k NecUsb3Sevic [8/9/2004 4:00 PM 14336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/17/2009 2:02 PM 29192]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [8/24/2006 7:43 PM 82048]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [8/5/2008 9:15 PM 39048]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/17/2009 2:01 PM 25480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/14/2011 9:19 PM 20464]
S3 Net6IM;Net6;c:\windows\system32\DRIVERS\net6im51.sys --> c:\windows\system32\DRIVERS\net6im51.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/9/2004 4:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/14/2011 9:19 PM 652360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
truecrypt
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208169220-740877916-2677079891-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-22 20:31]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2208169220-740877916-2677079891-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-22 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - hxxp://tworks.amg.advocatehealth.com/TouchWorks/DocWorks/CHWorks/Unstructured/aicviewer3.cab
DPF: {501D93F5-74BE-4306-A90C-9FFD1574A6A6} - hxxp://centricityweb-luth.advocatehealth.com/ami/install/amiviewer.cab
DPF: {56B46BBB-F6C4-4B6B-8EDF-BEE6C9661E4E}
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - /Touchworks/DictateBar.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - hxxp://tworks.amg.advocatehealth.com/TouchWorks/DocWorks/CHWorks/Unstructured/aic_viewer2.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7gbqr2lq.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 208.43.135.133
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 208.43.135.133
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 208.43.135.133
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 208.43.135.133
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 208.43.135.133
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
AddRemove-smARTupdate - c:\windows\iun6002.exe
AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\{F9ABF6FF-B068-4877-9373-3B5353A65A36}\NBCDirectInstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 22:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\drivers\etc\hosts.ics 374 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3656)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-04-02 03:12:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 08:12
ComboFix2.txt 2008-02-27 06:39
.
Pre-Run: 39,710,420,992 bytes free
Post-Run: 41,069,850,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=3
.
- - End Of File - - 37E9394FB2B2FE0373C52ABDE5842932
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.
Back