Inactive Google search ads

[Dan Skrlin]

Need help on this one. Logs below.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.16.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PMC :: PMC-MAIN [administrator]
Protection: Enabled
8/16/2012 9:56:12 AM
mbam-log-2012-08-16 (09-56-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 263845
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\MSyoKnyMgyss.exe (Backdoor.Agent.RC2Gen) -> 3992 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSyoKnyMgyss.exe (Backdoor.Agent.RC2Gen) -> Data: C:\Documents and Settings\All Users\Application Data\MSyoKnyMgyss.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\PMC\Local Settings\Application Data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\n. -> Quarantined and deleted successfully.
Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\All Users\Application Data\MSyoKnyMgyss.exe (Backdoor.Agent.RC2Gen) -> Delete on reboot.
C:\Documents and Settings\PMC\Local Settings\Application Data\cxudadiutb.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
(end)

 

[Dan Skrlin]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-16 10:15:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1500HLFS-01G6U1 rev.04.04V02
Running: oe7yh8f0.exe; Driver: C:\DOCUME~1\PMC\LOCALS~1\Temp\awtyapow.sys

---- Processes - GMER 1.0.15 ----
Process C:\WINDOWS\system32\svchost.exe (*** hidden *** ) 3448
---- EOF - GMER 1.0.15 ----

 

[Dan Skrlin]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by PMC at 10:22:50 on 2012-08-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1898 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
svchost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\WinMsgBalloonServer.exe
C:\WINDOWS\system32\WinMsgBalloonClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: LeapFTP Internet Explorer Hook: {a5479da1-7843-43a7-b5c0-be342c77b629} - c:\progra~1\leapft~1.0\lftpie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.de/partserver/viewer/cnsweb3d/cnsweb3d.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\pmc\application data\mozilla\firefox\profiles\z3p28s2o.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\autodesk\autodesk player plugin\npAdPlayerPlugin_FF.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [2011-11-2 80416]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2011-11-2 126880]
R0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\drivers\vsflt67.sys [2012-5-19 86496]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-5-21 3459024]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2008-8-31 122880]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-16 655944]
R2 MSSQL$ECC;SQL Server (ECC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files\common files\acronis\syncagent\syncagentsrv.exe [2012-4-27 5914912]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-5-21 234752]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-16 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-5 1684736]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys --> c:\windows\system32\drivers\bcmwlhigh5.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-3 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 113120]
S3 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\sqlservr.exe [2010-4-3 42884448]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -I upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -I UPSWSDBSERVER [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\microsoft sql server\mssql10_50.shipworks\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2012-08-16 14:39:40 -------- d--h--w- c:\documents and settings\pmc\application data\Malwarebytes
2012-08-16 14:39:33 -------- d--h--w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-16 14:39:32 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 14:39:32 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 21:30:04 9826504 ---ha-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2012-08-14 21:30:05 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 21:30:05 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-26 17:57:48 60304 ---ha-w- c:\documents and settings\pmc\g2mdlhlpx.exe
2012-06-13 13:19:59 1866112 ---ha-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ---ha-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ---ha-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ---ha-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ---ha-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ---ha-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ---ha-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ---ha-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ---ha-w- c:\windows\system32\crypt32.dll
2012-05-19 20:40:11 234752 ---ha-w- c:\windows\system32\drivers\afcdp.sys
2012-05-19 20:40:07 775232 ---ha-w- c:\windows\system32\drivers\tdrpman.sys
2012-05-19 20:40:06 614592 ---ha-w- c:\windows\system32\drivers\timntr.sys
2012-05-19 20:40:04 126880 ---ha-w- c:\windows\system32\drivers\vididr.sys
2012-05-19 20:40:03 86496 ---ha-w- c:\windows\system32\drivers\vsflt67.sys
2012-05-19 20:40:01 177600 ---ha-w- c:\windows\system32\drivers\snapman.sys
2012-05-19 20:39:59 80416 ---ha-w- c:\windows\system32\drivers\fltsrv.sys
.
============= FINISH: 10:23:17.18 ===============

 

[Dan Skrlin]

Let me know

 

[Dan Skrlin]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2010 7:52:33 PM
System Uptime: 8/16/2012 10:04:53 AM (0 hours ago)
.
Motherboard: Shuttle Inc | | FA76
Processor: AMD Phenom(tm) II X4 945 Processor | Socket AM2 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 84.111 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 466 GiB total, 270.184 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX850 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX850 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP620: 5/18/2012 3:05:26 PM - System Checkpoint
RP621: 5/19/2012 4:13:06 PM - System Checkpoint
RP622: 5/21/2012 8:27:59 AM - System Checkpoint
RP623: 5/22/2012 8:31:45 AM - System Checkpoint
RP624: 5/23/2012 8:51:59 AM - System Checkpoint
RP625: 5/24/2012 9:49:29 AM - System Checkpoint
RP626: 5/25/2012 11:33:13 AM - System Checkpoint
RP627: 5/26/2012 11:49:29 AM - System Checkpoint
RP628: 5/27/2012 12:49:29 PM - System Checkpoint
RP629: 5/28/2012 1:49:29 PM - System Checkpoint
RP630: 5/29/2012 3:20:34 PM - System Checkpoint
RP631: 5/30/2012 4:11:45 PM - System Checkpoint
RP632: 5/31/2012 4:21:11 PM - System Checkpoint
RP633: 6/1/2012 4:59:00 PM - System Checkpoint
RP634: 6/2/2012 5:27:17 PM - System Checkpoint
RP635: 6/4/2012 8:10:00 AM - System Checkpoint
RP636: 6/5/2012 7:57:31 AM - Software Distribution Service 3.0
RP637: 6/6/2012 8:15:04 AM - System Checkpoint
RP638: 6/7/2012 8:50:32 AM - System Checkpoint
RP639: 6/8/2012 9:27:17 AM - System Checkpoint
RP640: 6/9/2012 10:23:06 AM - System Checkpoint
RP641: 6/10/2012 11:44:04 AM - System Checkpoint
RP642: 6/11/2012 12:00:06 PM - System Checkpoint
RP643: 6/12/2012 12:00:35 PM - System Checkpoint
RP644: 6/13/2012 1:33:22 PM - System Checkpoint
RP645: 6/14/2012 7:13:39 AM - Software Distribution Service 3.0
RP646: 6/15/2012 8:12:21 AM - System Checkpoint
RP647: 6/16/2012 9:27:05 AM - System Checkpoint
RP648: 6/18/2012 8:51:12 AM - System Checkpoint
RP649: 6/19/2012 11:45:57 AM - System Checkpoint
RP650: 6/20/2012 12:01:32 PM - System Checkpoint
RP651: 6/21/2012 12:15:16 PM - System Checkpoint
RP652: 6/22/2012 12:22:26 PM - System Checkpoint
RP653: 6/25/2012 3:12:55 PM - System Checkpoint
RP654: 6/26/2012 5:05:15 PM - System Checkpoint
RP655: 6/27/2012 5:35:43 PM - System Checkpoint
RP656: 6/28/2012 12:03:24 PM - Installed Citrix online plug-in (Web)
RP657: 6/29/2012 1:15:54 PM - System Checkpoint
RP658: 6/30/2012 3:05:46 PM - System Checkpoint
RP659: 7/1/2012 4:53:59 PM - System Checkpoint
RP660: 7/2/2012 7:05:06 PM - System Checkpoint
RP661: 7/3/2012 8:03:24 PM - System Checkpoint
RP662: 7/5/2012 9:15:55 AM - System Checkpoint
RP663: 7/5/2012 1:48:17 PM - Installed DraftSight.
RP664: 7/5/2012 1:52:32 PM - Removed DraftSight.
RP665: 7/5/2012 1:55:12 PM - Installed SolidWorks viewer.
RP666: 7/5/2012 2:02:23 PM - Removed SolidWorks viewer.
RP667: 7/5/2012 2:02:48 PM - Installed SolidWorks eDrawings 2012.
RP668: 7/6/2012 2:59:16 PM - System Checkpoint
RP669: 7/8/2012 8:07:59 AM - System Checkpoint
RP670: 7/9/2012 8:37:13 AM - System Checkpoint
RP671: 7/10/2012 10:20:19 AM - System Checkpoint
RP672: 7/11/2012 10:29:58 AM - Software Distribution Service 3.0
RP673: 7/12/2012 3:37:56 PM - System Checkpoint
RP674: 7/13/2012 4:33:57 PM - System Checkpoint
RP675: 7/14/2012 5:21:23 PM - System Checkpoint
RP676: 7/16/2012 8:36:01 AM - System Checkpoint
RP677: 7/17/2012 9:24:16 AM - System Checkpoint
RP678: 7/18/2012 10:10:46 AM - System Checkpoint
RP679: 7/19/2012 10:52:05 AM - System Checkpoint
RP680: 7/20/2012 11:51:27 AM - System Checkpoint
RP681: 7/21/2012 12:32:33 PM - System Checkpoint
RP682: 7/23/2012 8:10:00 AM - System Checkpoint
RP683: 7/24/2012 8:47:26 AM - System Checkpoint
RP684: 7/25/2012 9:31:45 AM - System Checkpoint
RP685: 7/26/2012 10:14:49 AM - System Checkpoint
RP686: 7/27/2012 12:36:47 PM - System Checkpoint
RP687: 7/28/2012 1:30:31 PM - System Checkpoint
RP688: 7/29/2012 2:18:51 PM - System Checkpoint
RP689: 7/30/2012 2:46:55 PM - System Checkpoint
RP690: 7/31/2012 2:48:56 PM - System Checkpoint
RP691: 8/1/2012 5:09:53 PM - System Checkpoint
RP692: 8/2/2012 5:26:08 PM - System Checkpoint
RP693: 8/3/2012 7:18:37 PM - System Checkpoint
RP694: 8/6/2012 8:19:31 AM - System Checkpoint
RP695: 8/7/2012 9:39:15 AM - System Checkpoint
RP696: 8/8/2012 9:53:37 AM - System Checkpoint
RP697: 8/9/2012 9:56:19 AM - System Checkpoint
RP698: 8/10/2012 10:34:33 AM - System Checkpoint
RP699: 8/11/2012 11:15:17 AM - System Checkpoint
RP700: 8/12/2012 11:59:06 AM - System Checkpoint
RP701: 8/13/2012 12:44:05 PM - System Checkpoint
RP702: 8/14/2012 1:21:10 PM - System Checkpoint
RP703: 8/15/2012 2:04:34 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acronis True Image Home 2012
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advertising Center
AlignmentUtility
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoCAD LT Online Trial
Autodesk Player Plugin
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 1.1
Canon MX850 series
Canon MX850 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
CCC
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Citrix online plug-in (Web)
DolbyFiles
Dolphin Futures XPS Viewer version 1.1.0
Dragon NaturallySpeaking 10
eCC
eCC Merge Module
FastStone Capture 6.9
FileZilla Client 3.5.3
FlipShare
FlukeView ScopeMeter 4
FormsComponent
FOSS
FTDI USB Serial Converter Drivers
FW LiveUpdate
Google Update Helper
GoToMeeting 5.1.0.880
GTWorks Demo
High Definition Audio Driver Package - KB888111
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
ICam
ICCHelp
ImagXpress
InCD Help
INTERMAC - StoneCam 3.3
Java Auto Updater
Java(TM) 6 Update 31
LeapFTP 3.0
LightScribe System Software
LogoTag Free
Malwarebytes Anti-Malware version 1.62.0.1300
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ECC)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSIChecker
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
NA1Messenger
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NRF
OGA Notifier 2.0.0048.0
PARTcommunity 3D Web Viewer
PIXMA Extended Survey Program
PolicyManager
Presto! PageManager 7.15.20
QBWebConnector
QuickBooks
QuickBooks Pro 2011
RAIDXpert
Realtek High Definition Audio Driver
Reconciler
ReportServer
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver
Skins
Skype Click to Call
Skype™ 5.10
SolidWorks eDrawings 2012
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
SupportUtility
System
UnifiedPrinting
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPS WorldShip
UPSDB
UPSICC
UPSlinkHTTP
UPSVC2008MM
UPSVCMM
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 2.0.0
VNC Enterprise Edition E4.6.3
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.7.0
VPlus User Interface
WebFldrs XP
WebHelp
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
WorldShip
WSShared
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 11:01:23 AM, error: Print [6161] - The document PICKUP SUMMARY BARCODE owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 17996. Number of bytes printed: 17908. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 0 (0x0).
8/16/2012 9:50:39 AM, error: Service Control Manager [7024] - The FlipShare Server service terminated with service-specific error 1 (0x1).
8/16/2012 9:23:14 AM, error: Print [6161] - The document AP Technology Ltd - USD Bank Details.pdf owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 262144. Number of bytes printed: 201008. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
8/16/2012 9:22:01 AM, error: Print [6161] - The document Precision Metalcraft Sales Order.pdf owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 655360. Number of bytes printed: 351684. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
8/14/2012 9:34:12 AM, error: Print [6161] - The document PICKUP SUMMARY BARCODE owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 17908. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
8/14/2012 11:51:53 AM, error: Print [6161] - The document Microsoft Word - PMC Spindle Rebuild Warranty Info - 6 Month DOP.doc owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3801088. Number of bytes printed: 3706048. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
8/14/2012 11:49:28 AM, error: Print [6161] - The document owned by PMC failed to print on printer Canon MX850 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 1703936. Number of bytes printed: 1477264. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\PMC-MAIN. Win32 error code returned by the print processor: 259 (0x103).
8/10/2012 8:30:43 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/10/2012 8:08:29 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Dan Skrlin]

You got it boss, lets get this ball rolling......

 

[Dan Skrlin]

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: PMC [Admin rights]
Mode: Scan -- Date: 08/16/2012 10:55:27
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 13 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7} : NameServer (10.0.0.1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\n --> FOUND
[ZeroAccess][FILE] @ : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\documents and settings\pmc\local settings\application data\{8a5e7e71-39a9-f684-5f8a-fe2c00fff7ac}\L --> FOUND
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1500HLFS-01G6U1 +++++
--- User ---
[MBR] 678fb36e4caf6a8fa71efc20a237f614
[BSP] ca219ac05ebb09a1bc0a122ff425176a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
--- User ---
[MBR] a061607f1b9696b147b1345a19e5e04e
[BSP] 492874cf5d5456c56773ee0158b5126f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[Dan Skrlin]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 11:28:41
-----------------------------
11:28:41.778 OS Version: Windows 5.1.2600 Service Pack 3
11:28:41.778 Number of processors: 4 586 0x403
11:28:41.778 ComputerName: PMC-MAIN UserName: PMC
11:28:43.247 Initialize success
11:28:53.794 AVAST engine defs: 12081600
11:28:58.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:28:58.903 Disk 0 Vendor: WDC_WD1500HLFS-01G6U1 04.04V02 Size: 143089MB BusType: 3
11:28:58.950 Disk 0 MBR read successfully
11:28:58.950 Disk 0 MBR scan
11:28:58.981 Disk 0 Windows XP default MBR code
11:28:58.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143078 MB offset 63
11:28:59.012 Disk 0 scanning sectors +293025600
11:28:59.090 Disk 0 scanning C:\WINDOWS\system32\drivers
11:29:07.919 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
11:29:22.012 Disk 0 trace - called modules:
11:29:22.028 ntkrnlpa.exe fltsrv.sys hal.dll tdrpman.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0xba12b698]<<
11:29:22.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a714ab8]
11:29:22.028 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a5178f0]
11:29:22.044 \Driver\00000504[0x8a570958] -> IRP_MJ_CREATE -> 0xba12b698
11:29:22.481 AVAST engine scan C:\WINDOWS
11:29:49.106 AVAST engine scan C:\WINDOWS\system32
11:36:36.950 AVAST engine scan C:\WINDOWS\system32\drivers
11:36:45.559 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
11:37:16.575 AVAST engine scan C:\Documents and Settings\PMC
12:19:28.184 AVAST engine scan C:\Documents and Settings\All Users
12:25:48.793 Scan finished successfully
12:26:19.575 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PMC\Desktop\MBR.dat"
12:26:19.621 The log file has been saved successfully to "C:\Documents and Settings\PMC\Desktop\aswMBR.txt"

 

[Dan Skrlin]

Let me know. Thanks!

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Dan Skrlin]

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/16/2012 02:20:50 PM in x86 mode.
Windows Version: Windows XP
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/16/2012 02:21:39 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)

 

[Dan Skrlin]

ComboFix 12-08-16.01 - PMC 08/16/2012 14:50:00.2.4 - x86
Running from: c:\documents and settings\PMC\Desktop\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 19:37 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-08-16 19:37 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-08-16 19:30 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-08-16 19:30 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-08-16 19:15 . 2012-08-16 19:15 -------- d-----w- c:\documents and settings\Administrator
2012-08-16 15:28 . 2012-07-16 07:41 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5BFD23A-9AF3-4409-990E-FC9BF9D281E3}\mpengine.dll
2012-08-16 15:28 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-16 15:27 . 2012-08-16 15:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-16 14:39 . 2012-08-16 14:39 -------- d-----w- c:\documents and settings\PMC\Application Data\Malwarebytes
2012-08-16 14:39 . 2012-08-16 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-16 14:39 . 2012-08-16 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-16 14:39 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 21:30 . 2012-08-14 21:30 9826504 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 21:30 . 2012-04-12 13:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 21:30 . 2011-05-21 14:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 20:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2010-09-06 00:49 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2010-09-06 00:49 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2010-09-06 00:49 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2010-09-06 00:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2010-09-06 00:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2010-09-06 00:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2010-09-06 00:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2010-09-21 16:15 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18 . 2010-09-21 16:15 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2010-09-21 16:15 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-19 20:40 . 2011-05-21 18:34 234752 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-05-19 20:40 . 2011-11-02 22:56 775232 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-05-19 20:40 . 2010-10-18 22:30 614592 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-05-19 20:40 . 2011-11-02 22:56 126880 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-05-19 20:40 . 2012-05-19 20:40 86496 ----a-w- c:\windows\system32\drivers\vsflt67.sys
2012-05-19 20:40 . 2011-05-21 18:34 177600 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-05-19 20:39 . 2011-11-02 22:56 80416 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2010-03-11 05:01 . 2010-03-11 05:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 05:40 . 2010-03-11 05:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 05:02 . 2010-03-11 05:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 05:01 . 2010-03-11 05:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 05:01 . 2010-03-11 05:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 05:00 . 2010-03-11 05:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 05:01 . 2010-03-11 05:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 05:01 . 2010-03-11 05:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 18:49 . 2009-10-05 18:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 05:02 . 2010-03-11 05:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-07-25 23:21 . 2011-08-26 14:06 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2011-11-23 692307]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-06-13 73728]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"NA1Messenger"="c:\ups\WSTD\UPSNA1Msgr.exe" [2012-03-03 24576]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-28 5955000]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-28 403112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-28 1171304]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-06-04 2301816]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
UPS WorldShip Messaging Utility.lnk - [N/A]
UPS WorldShip PLD Reminder Utility.lnk - [N/A]
Windows Search.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2012-06-04 16:48 2301816 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 22:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh5.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSSQL$SHIPWORKS;SQL Server (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\sqlservr.exe [x]
R3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [x]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
R4 SQLAgent$SHIPWORKS;SQL Server Agent (SHIPWORKS);c:\program files\Microsoft SQL Server\MSSQL10_50.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSSQL$ECC;SQL Server (ECC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [x]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:30]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 14:55]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 14:55]
.
2012-08-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-16 c:\windows\Tasks\User_Feed_Synchronization-{25379939-1042-4793-A89C-D5024206BA8D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EE16A2FA-EBB6-421A-85FB-45950A421AB7}: NameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\PMC\Application Data\Mozilla\Firefox\Profiles\z3p28s2o.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 14:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-16 14:53:23
ComboFix-quarantined-files.txt 2012-08-16 19:53
ComboFix2.txt 2012-08-16 19:46
.
Pre-Run: 94,829,580,288 bytes free
Post-Run: 94,810,656,768 bytes free
.
- - End Of File - - 0B546F5084FCF2FFE2F3EAA34032F1AE

 

[Broni]

What are the current issues?

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download following file: http://download.cnet.com/Windows-XP...Floppy-Boot-Install/3000-2383_4-10727796.html to your Desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag downloaded file onto ComboFix.exe and drop it.
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt.

 

[Dan Skrlin]

Im getting that the post is too long, I had to reinstall windows in the meantime, the computer kept hanging on the welcome screen. Here is the recent log.

 

[Broni]

I had to reinstall windows in the meantime

What???

 

[Dan Skrlin]

When running combo fix, the system hung up for more than an hr, restarted and welcome screen did not load, sorry if I jumped the gun, let me know how to proceed, hopefully I did not eff it too bad

 

[Broni]

It's still not clear.
You reinstalled Windows or you just restarted computer manually?

 

[Dan Skrlin]

If this will be an issue, I can do a restore from my Acronis back up. Let me know

 

[Dan Skrlin]

I reinstalled Windows XP PRO

 

[Broni]

We posted at the same time so please answer my question from my previous reply.

 

[Broni]

If you reinstalled Windows we have nothing to do here.

 

[Dan Skrlin]

Do not give up on me, I will recover the backup state, I will restart the process again, will this work? Sorry

 

[Broni]

I'm not sure what you're saying.
If you reinstalled Windows then all infection is gone.
There is nothing to clean.