System Check aftermath

Resolved
By SJGinNJ
Feb 20, 2012
Topic Status:
Not open for further replies.
  1. Friends PC had out of date NIS 2009 and got infected with System Check.
    Ran Malwarebytes in safe mode and after reboot I was able to get the program list back and un-hide the folders.
    Loaded NIS 2012, updated and scanned, removed flagged items.

    Problem now is this.
    On boot, if you try to run Internet Explorer, it takes about 10-15 minutes for the program to start, the iexplore.exe process starts right away but the program won't appear till 10-15 minutes later. Internet access is fine and I can ping websites from a command line right after boot.
    NIS 2012 shows Zeroaccess Rootkit and Tidserv needing manual removal.
    Ran their tools, FixTDSS.exe and FixZeroAccess.exe but it still detects them.
    Also ran Norton Power Eraser with same results so here I am, any help will be greatly appreciated.

    Steve

    Here are the requested logs.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.19.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Joseph Paino :: D6LVFK81 [administrator]

    2/19/2012 8:41:30 PM
    mbam-log-2012-02-19 (20-41-30).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 257235
    Time elapsed: 3 hour(s), 41 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 9
    C:\Utilities\Spyware Programs\Start Up Run\strun.exe (PUP.StartUpManager) -> No action taken.
    C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Delete on reboot.
    C:\WINDOWS\system32\ARCSOFTVIRTUALCAPTURE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\perc2hib.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\3combootp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ATSWPDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\KLOGNT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rwbackupsrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ulcdrhlp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-20 18:22:57
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
    Running: 9rkrqf05.exe; Driver: C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\kfdyapob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----


    DDS.txt and Attach.txt to follow
  2. SJGinNJ

    SJGinNJ Newcomer, in training Topic Starter

    dds.txt and attach.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Joseph Paino at 18:23:31 on 2012-02-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1435 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\AOL\1166924966\ee\AOLSoftware.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\ping.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
    BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
    BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [HostManager] c:\program files\common files\aol\1166924966\ee\AOLSoftware.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: mswsock.dll
    DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
    DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128728237312
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1329669218906
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 71.250.0.12 68.237.161.12
    TCP: Interfaces\{BBC1C5F4-162C-4F7A-955C-F923243B908E} : DhcpNameServer = 71.250.0.12 68.237.161.12
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-18 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-18 905336]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-18 820344]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-18 132744]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-18 149624]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-18 138248]
    R2 veteboot;CVPNDRVA;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-19 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120217.003\IDSXpx86.sys [2012-2-17 356280]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120220.001\NAVENG.SYS [2012-2-20 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120220.001\NAVEX15.SYS [2012-2-20 1576312]
    S3 38780699;38780699; [x]
    S3 LDNYGHWXSO;LDNYGHWXSO;c:\docume~1\joseph~1\locals~1\temp\LDNYGHWXSO.exe [2012-2-19 568192]
    S3 MBYADA;MBYADA;c:\docume~1\joseph~1\locals~1\temp\MBYADA.exe [2012-2-19 539520]
    .
    =============== Created Last 30 ================
    .
    2012-02-19 23:30:58 -------- d-----w- c:\documents and settings\joseph paino\local settings\application data\NPE
    2012-02-19 22:33:02 -------- d-----w- c:\documents and settings\joseph paino\local settings\application data\Temp
    2012-02-19 22:28:20 -------- d-----w- c:\documents and settings\joseph paino\local settings\application data\Google
    2012-02-19 18:25:30 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-19 17:33:52 -------- d-----w- c:\documents and settings\joseph paino\application data\ElevatedDiagnostics
    2012-02-19 17:27:22 442680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-19 16:02:19 -------- d-----w- c:\program files\Trend Micro
    2012-02-18 22:34:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2012-02-18 22:34:51 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-18 22:34:51 -------- d-----w- c:\program files\Symantec
    2012-02-18 22:34:17 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
    2012-02-18 22:34:17 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
    2012-02-18 22:34:17 388216 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdi.sys
    2012-02-18 22:34:17 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
    2012-02-18 22:34:17 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
    2012-02-18 22:34:17 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
    2012-02-18 22:34:17 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
    2012-02-18 22:34:17 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
    2012-02-18 22:34:17 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
    2012-02-18 22:33:39 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
    2012-02-18 22:33:39 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
    2012-02-18 22:32:58 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-02-18 22:32:54 -------- d-----w- c:\program files\Norton Internet Security
    2012-02-18 21:34:34 22032 ----a-w- c:\windows\DCEBoot.exe
    2012-02-18 21:34:34 102400 ----a-w- c:\windows\RegBootClean.exe
    2012-02-18 21:17:57 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-02-13 22:28:06 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-02-13 19:40:50 -------- d-----w- C:\Utilities
    2012-02-13 19:26:40 -------- d-----w- c:\documents and settings\joseph paino\application data\Malwarebytes
    2012-02-13 19:26:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-02-13 19:26:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 19:26:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-08 22:32:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    .
    ==================== Find3M ====================
    .
    2012-02-20 01:03:56 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-02-19 18:26:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 18:24:52.73 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/6/2005 9:04:44 PM
    System Uptime: 2/20/2012 5:35:45 PM (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0TC667
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 70 GiB total, 51.59 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3
    AIO_Scan
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    AOLIcon
    BufferChm
    C7200
    C7200_doccd
    c7200_Help
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Picture Studio v3.0
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    DocumentViewer
    Download Updater (AOL LLC)
    eSupportQFolder
    Fast Browser Search (My Web Tattoo)
    Fax
    Form Magic Deluxe
    GdiplusUpgrade
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP Image Zone 4.7
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Smart Web Printing
    HP Software Update
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    HPSystemDiagnostics
    InstantShare
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro Studio, Dell Editon
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 17
    Learn2 Player (Uninstall Only)
    LP_Flash
    Macromedia Flash Player
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Encarta Encyclopedia Standard 2005
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Streets and Trips 2005
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Musicmatch® Jukebox
    Norton Internet Security
    PanoStandAlone
    Photo Click
    PhotoGallery
    PowerDVD 5.5
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    QFolder
    Qualxserve Service Agreement
    QuickBooks Simple Start Online Edition
    QuickBooks Simple Start Special Edition
    QuickTime
    RealPlayer Basic
    RPS CRT
    Scan
    ScannerCopy
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shockwave
    SkinsHP1
    SolutionCenter
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Spelling Dictionaries Support For Adobe Reader 9
    Status
    TomTom HOME
    Toolbox
    TrayApp
    Unload
    UnloadSupport
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Broadband Toolbar (IE only)
    Verizon Help and Support Tool
    Verizon Servicepoint 1.5.22
    VideoToolkit01
    Viewpoint Media Player
    Vz In Home Agent
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    Works Upgrade
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/20/2012 7:26:47 AM, error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: The specified module could not be found.
    2/20/2012 6:05:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    2/19/2012 8:40:51 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR250\0000 disappeared from the system without first being prepared for removal.
    2/19/2012 6:56:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt IntelIde
    2/19/2012 5:02:13 PM, error: Dhcp [1002] - The IP address lease 10.0.0.4 for the Network Card with network address 0013207C11E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/19/2012 12:13:20 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    2/19/2012 12:13:02 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    2/19/2012 12:10:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LDNYGHWXSO service to connect.
    2/19/2012 12:10:24 PM, error: Service Control Manager [7000] - The LDNYGHWXSO service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/19/2012 11:47:51 AM, error: Service Control Manager [7023] - The S7oppilx service terminated with the following error: The specified module could not be found.
    2/19/2012 11:47:51 AM, error: Service Control Manager [7023] - The S24trans service terminated with the following error: The specified module could not be found.
    2/19/2012 11:47:51 AM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
    2/19/2012 11:45:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/19/2012 11:44:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/19/2012 11:39:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/19/2012 11:32:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl Fips intelppm SRTSP SRTSPX SymIRON SYMTDI
    2/18/2012 5:42:26 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    2/18/2012 5:42:26 PM, error: SRTSP [4] - Error loading virus definitions.
    2/18/2012 5:30:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMDS\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SRTSPX\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVEX15\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVENG\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_IDSXPX86\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_CCSET_NIS\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_BHDRVX86\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 5:27:31 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
    2/18/2012 4:57:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
    2/18/2012 4:57:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/18/2012 4:36:51 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    2/18/2012 11:27:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    2/18/2012 11:06:13 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80563bdc, parameter3 b8e66c74, parameter4 00000000.
    .
    ==== End Of File ===========================
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Steve, I'll be glad to help. But please don't run any more random scan. The one thing I want you to do while I finish checking these logs is to go back and rerun Malwarebytes again and be sure to check the line in the instructions in red:
    If you look at the Mbam log, you will see No Action Taken by all the entries. Leave the new log.
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    There are still noticeable malware entries. I see Norton was installed on 2/28- was there any AV or security running on the system before that?
    ==============================
    We are going to let Combofix remove some of the malware for us:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =============================================
    It is important that you do not delete any files from your Temp folder or use any temp file cleaners
    • System Check is a fake (Rogue) computer analysis and optimization program.
    • The 'alerts' tell you the problems have lead to corrupt and missing data
    • It will display false error messages and security warnings.
    • It "hides" Icons, desktop, programs and files so that they appear to be missing and some programs can't be run
    • This can be installed through hacked sites that exploit vulnerabilities on the system or through fake online scanner pages
    • The malware is configured to automatically start when you logon to Windows.
    • It can also be started if you click on any of these alerts.
    Note: You may not experience all of the above, but it is important to tell me what problems you do have.
    ============================================
    See below. Do this if needed: Press Windows+R key> type cmd> OK

    1. If your task manager is disabled,copy and run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
    Press Enter

    2. If you're desktop is blank and unable to right click on it ,run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
    Press Enter
    ==============================
    Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
    --------------------------
    Note: If you are not 'missing' folders, icons, programs, etc. you can skip #1 and start with #2[/u]
    The following can be run first to allow you to 'see' the programs, files,etc. But it is important that you understand that this does not remove the malware, only the attribute to hide these features. So it is important that you continue with the cleaning:
    1. Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
    ================================
    2. Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
    =======================================
    3. To end the processes that belong to the rogue program:
    Please click on RKill
    • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
    • Double click on the iExplore.exe icon
    • Please be patient- it may take a bit.
    • The black Window will close when through and you can continue.
    Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
    =======================================
    Do not reboot your computer after running RKill as the malware programs will start again.
    ================================
    4. This malware frequently comes with the TDSSrootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    5. Update and rescan with Malwarebytes:
    • Select Perform Full Scan on the Scanner tab
    • Click on the Scan button.
    • When scan has finished, you will see this image:
      [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.
    ==============================
    6.Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    • Click on Start> Control Panel> Appearance & Personalization
    • Select Change Theme or Change Desktop Background
    =====================================
    7.Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    =====================================
    You can now reboot back into Normal Mode.
    Please leave logs for Combofix, TDSSKiller and new Malwarebytes full scan in your next reply.
  5. SJGinNJ

    SJGinNJ Newcomer, in training Topic Starter

    Here's the new Malwarebytes log

    Bobeye,
    Thanks for the help.
    Re-ran Malwarebytes and attached the log below.
    Will reboot to finish that task and then will follow your new instructions.
    Thanks,
    steve



    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.21.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Joseph Paino :: D6LVFK81 [administrator]

    2/20/2012 8:19:12 PM
    mbam-log-2012-02-20 (20-19-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 187633
    Time elapsed: 18 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\WINDOWS\system32\SaiClass.dll (RootKit.0Access.H) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\WINDOWS\system32\SaiClass.dll (RootKit.0Access.H) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\cdrom.sys (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
  6. SJGinNJ

    SJGinNJ Newcomer, in training Topic Starter

    3 new logs

    Bobeye,

    Finished with your instructions, here are the three new logs.
    Combofix took about an hour to complete.
    TDSSkiller found nothing and Malwarebytes only found one file and removed it.

    On boot into windows normal mode I still get about a 20 minute delay between trying to start internet explorer, AOL, Task Manager etc, and when they finally open. I can however go to a command prompt right away and ping a website OK.

    Thanks ,
    Steve


    ComboFix 12-02-19.02 - Joseph Paino 02/20/2012 22:11:28.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1669 [GMT -5:00]
    Running from: c:\documents and settings\Joseph Paino\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\~3bQiQODFkq3RWc
    c:\documents and settings\All Users\Application Data\~3bQiQODFkq3RWcr
    c:\documents and settings\All Users\Application Data\3bQiQODFkq3RWc
    c:\documents and settings\Joseph Paino\GoToAssistDownloadHelper.exe
    c:\documents and settings\Joseph Paino\WINDOWS
    C:\mtwb.dat
    c:\windows\$NtUninstallKB16501$
    c:\windows\$NtUninstallKB16501$\2384969406
    c:\windows\$NtUninstallKB16501$\3905661118\@
    c:\windows\$NtUninstallKB16501$\3905661118\cfg.ini
    c:\windows\$NtUninstallKB16501$\3905661118\Desktop.ini
    c:\windows\$NtUninstallKB16501$\3905661118\L\odetmngk
    c:\windows\$NtUninstallKB16501$\3905661118\U\00000001.@
    c:\windows\$NtUninstallKB16501$\3905661118\U\00000002.@
    c:\windows\$NtUninstallKB16501$\3905661118\U\00000004.@
    c:\windows\$NtUninstallKB16501$\3905661118\U\80000000.@
    c:\windows\$NtUninstallKB16501$\3905661118\U\80000004.@
    c:\windows\$NtUninstallKB16501$\3905661118\U\80000032.@
    c:\windows\$NtUninstallKB16501$\3905661118\version
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\bszip.dll
    c:\windows\system32\linkinfo(2).dll
    c:\windows\system32\SET3B0.tmp
    c:\windows\system32\SET3B5.tmp
    .
    c:\windows\system32\drivers\cdrom.sys was missing
    Restored copy from - c:\windows\system32\dllcache\cdrom.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MYWEBSEARCHSERVICE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-21 03:21 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-02-21 03:21 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
    2012-02-19 23:30 . 2012-02-20 01:00 -------- d-----w- c:\documents and settings\Joseph Paino\Local Settings\Application Data\NPE
    2012-02-19 22:33 . 2012-02-19 22:33 -------- d-----w- c:\documents and settings\Joseph Paino\Local Settings\Application Data\Temp
    2012-02-19 22:28 . 2012-02-19 22:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2012-02-19 22:28 . 2012-02-19 22:33 -------- d-----w- c:\documents and settings\Joseph Paino\Local Settings\Application Data\Google
    2012-02-19 22:16 . 2012-02-19 22:29 -------- d-----w- c:\program files\Google
    2012-02-19 18:25 . 2012-02-19 18:25 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-19 17:33 . 2012-02-19 17:33 -------- d-----w- c:\documents and settings\Joseph Paino\Application Data\ElevatedDiagnostics
    2012-02-19 17:27 . 2012-02-19 17:29 442680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-19 16:02 . 2012-02-19 16:02 -------- d-----w- c:\program files\Trend Micro
    2012-02-18 22:34 . 2012-02-18 22:34 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2012-02-18 22:34 . 2012-02-18 22:34 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-18 22:34 . 2012-02-18 22:34 -------- d-----w- c:\program files\Symantec
    2012-02-18 22:32 . 2012-02-18 22:34 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-02-18 22:32 . 2012-02-18 22:32 -------- d-----w- c:\program files\Norton Internet Security
    2012-02-18 21:34 . 2012-02-18 21:34 102400 ----a-w- c:\windows\RegBootClean.exe
    2012-02-18 21:34 . 2012-02-18 21:34 22032 ----a-w- c:\windows\DCEBoot.exe
    2012-02-18 21:26 . 2012-02-20 09:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2012-02-18 21:17 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-02-13 22:28 . 2012-02-13 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-02-13 19:40 . 2012-02-20 00:00 -------- d-----w- C:\Utilities
    2012-02-13 19:26 . 2012-02-13 19:26 -------- d-----w- c:\documents and settings\Joseph Paino\Application Data\Malwarebytes
    2012-02-13 19:26 . 2012-02-13 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-13 19:26 . 2012-02-13 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-13 19:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-08 22:44 . 2012-02-08 22:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2012-02-08 22:32 . 2012-02-20 22:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-20 01:03 . 2004-08-04 04:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2012-02-19 18:26 . 2004-08-10 17:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2011-11-25 21:57 . 2004-08-10 17:51 293376 ---ha-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-10 17:51 1859584 ---ha-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]
    "HostManager"="c:\program files\Common Files\AOL\1166924966\ee\AOLSoftware.exe" [2010-03-08 41800]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 378784]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-27 98304]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-02-23 21:19 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
    2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-09-27 12:59 98304 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2005-09-27 12:59 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    2008-09-17 02:14 2065648 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "sprtsvc_dellsupportcenter"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1166924966\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1305000.091\symds.sys [2/18/2012 5:34 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1305000.091\symefa.sys [2/18/2012 5:34 PM 905336]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/18/2012 5:47 PM 820344]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1305000.091\ccsetx86.sys [2/18/2012 5:34 PM 132744]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1305000.091\ironx86.sys [2/18/2012 5:34 PM 149624]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2/18/2012 5:34 PM 138248]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/19/2012 10:29 PM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSXpx86.sys [2/17/2012 4:28 PM 356280]
    S3 38780699;38780699; [x]
    S3 LDNYGHWXSO;LDNYGHWXSO;c:\docume~1\JOSEPH~1\LOCALS~1\Temp\LDNYGHWXSO.exe --> c:\docume~1\JOSEPH~1\LOCALS~1\Temp\LDNYGHWXSO.exe [?]
    S3 MBYADA;MBYADA;c:\docume~1\JOSEPH~1\LOCALS~1\Temp\MBYADA.exe --> c:\docume~1\JOSEPH~1\LOCALS~1\Temp\MBYADA.exe [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    imagesrv
    WUSB54GCSVC
    aeaudio
    SRS_SSCFilter
    anbmservice
    gs30s
    se44mgmt
    NVENET
    CAMCAUD
    zpsc
    AR5523
    Airgo
    ha10kx2k
    veteboot
    nettcpportsharing
    Nmea
    SNDO763
    elotouchscreen
    xaudioservice
    vrfwsvc
    tosrfcom
    genregistrar
    vmx86
    prevxagent
    cqcpu
    ati2mtaa
    se2Cnd5
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 22:28]
    .
    2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 22:28]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/
    TCP: DhcpNameServer = 71.250.0.12 68.237.161.12
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-64987791.sys
    SafeBoot-89466529.sys
    MSConfigStartUp-25914930 - c:\docume~1\ALLUSE~1\APPLIC~1\25914930\25914930.exe
    MSConfigStartUp-Spyware Doctor with AntiVirus - c:\documents and settings\Joseph Paino\Desktop\sdasetup_revwire207.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-20 22:38
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xaudioservice]
    "ServiceDll"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1504)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\wanmpsvc.exe
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\Common Files\AOL\1166924966\ee\aolupdates.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-20 22:41:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-21 03:40
    .
    Pre-Run: 55,245,090,816 bytes free
    Post-Run: 56,242,479,104 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - A6A248B7982D8124D03225DBFBFBA5F9
  7. SJGinNJ

    SJGinNJ Newcomer, in training Topic Starter

    TDSSKiller and MalwareBytes Logs

    22:52:03.0406 1448 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    22:52:03.0828 1448 ============================================================
    22:52:03.0828 1448 Current date / time: 2012/02/20 22:52:03.0828
    22:52:03.0828 1448 SystemInfo:
    22:52:03.0828 1448
    22:52:03.0828 1448 OS Version: 5.1.2600 ServicePack: 3.0
    22:52:03.0828 1448 Product type: Workstation
    22:52:03.0828 1448 ComputerName: D6LVFK81
    22:52:03.0828 1448 UserName: Joseph Paino
    22:52:03.0828 1448 Windows directory: C:\WINDOWS
    22:52:03.0828 1448 System windows directory: C:\WINDOWS
    22:52:03.0828 1448 Processor architecture: Intel x86
    22:52:03.0828 1448 Number of processors: 1
    22:52:03.0828 1448 Page size: 0x1000
    22:52:03.0828 1448 Boot type: Safe boot with network
    22:52:03.0828 1448 ============================================================
    22:52:06.0125 1448 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    22:52:06.0125 1448 \Device\Harddisk0\DR0:
    22:52:06.0125 1448 MBR used
    22:52:06.0125 1448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8C89995
    22:52:06.0625 1448 Initialize success
    22:52:06.0625 1448 ============================================================
    22:52:08.0875 1548 ============================================================
    22:52:08.0875 1548 Scan started
    22:52:08.0875 1548 Mode: Manual;
    22:52:08.0875 1548 ============================================================
    22:52:10.0015 1548 38780699 - ok
    22:52:10.0109 1548 Abiosdsk - ok
    22:52:10.0281 1548 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    22:52:10.0281 1548 abp480n5 - ok
    22:52:10.0500 1548 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    22:52:10.0500 1548 ACPI - ok
    22:52:10.0703 1548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    22:52:10.0703 1548 ACPIEC - ok
    22:52:10.0921 1548 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    22:52:10.0953 1548 adpu160m - ok
    22:52:11.0203 1548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    22:52:11.0218 1548 aec - ok
    22:52:11.0437 1548 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    22:52:11.0437 1548 AFD - ok
    22:52:11.0625 1548 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    22:52:11.0625 1548 agp440 - ok
    22:52:11.0812 1548 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    22:52:11.0812 1548 agpCPQ - ok
    22:52:12.0000 1548 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    22:52:12.0000 1548 Aha154x - ok
    22:52:12.0171 1548 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    22:52:12.0171 1548 aic78u2 - ok
    22:52:12.0390 1548 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    22:52:12.0390 1548 aic78xx - ok
    22:52:12.0640 1548 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    22:52:12.0640 1548 AliIde - ok
    22:52:12.0828 1548 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    22:52:12.0828 1548 alim1541 - ok
    22:52:13.0015 1548 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    22:52:13.0015 1548 amdagp - ok
    22:52:13.0218 1548 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    22:52:13.0218 1548 amsint - ok
    22:52:13.0453 1548 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    22:52:13.0453 1548 asc - ok
    22:52:13.0625 1548 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    22:52:13.0625 1548 asc3350p - ok
    22:52:13.0812 1548 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    22:52:13.0812 1548 asc3550 - ok
    22:52:14.0031 1548 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    22:52:14.0031 1548 ASCTRM - ok
    22:52:14.0296 1548 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    22:52:14.0296 1548 AsyncMac - ok
    22:52:14.0500 1548 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    22:52:14.0500 1548 atapi - ok
    22:52:14.0671 1548 Atdisk - ok
    22:52:14.0812 1548 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    22:52:14.0828 1548 Atmarpc - ok
    22:52:15.0031 1548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    22:52:15.0031 1548 audstub - ok
    22:52:15.0265 1548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    22:52:15.0265 1548 Beep - ok
    22:52:15.0562 1548 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
    22:52:15.0734 1548 BHDrvx86 - ok
    22:52:15.0984 1548 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    22:52:15.0984 1548 BVRPMPR5 - ok
    22:52:16.0140 1548 bvrp_pci - ok
    22:52:16.0281 1548 catchme - ok
    22:52:16.0468 1548 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    22:52:16.0468 1548 cbidf - ok
    22:52:16.0687 1548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    22:52:16.0687 1548 cbidf2k - ok
    22:52:16.0953 1548 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys
    22:52:16.0953 1548 ccSet_NIS - ok
    22:52:17.0156 1548 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    22:52:17.0156 1548 cd20xrnt - ok
    22:52:17.0312 1548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    22:52:17.0312 1548 Cdaudio - ok
    22:52:17.0531 1548 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    22:52:17.0531 1548 Cdfs - ok
    22:52:17.0734 1548 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    22:52:17.0734 1548 Cdrom - ok
    22:52:17.0890 1548 Changer - ok
    22:52:18.0171 1548 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    22:52:18.0187 1548 CmdIde - ok
    22:52:18.0421 1548 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    22:52:18.0421 1548 Cpqarray - ok
    22:52:18.0687 1548 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    22:52:18.0687 1548 dac2w2k - ok
    22:52:18.0859 1548 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    22:52:18.0875 1548 dac960nt - ok
    22:52:19.0109 1548 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    22:52:19.0109 1548 Disk - ok
    22:52:19.0375 1548 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    22:52:19.0390 1548 dmboot - ok
    22:52:19.0625 1548 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    22:52:19.0625 1548 dmio - ok
    22:52:19.0796 1548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    22:52:19.0796 1548 dmload - ok
    22:52:20.0031 1548 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    22:52:20.0031 1548 DMusic - ok
    22:52:20.0265 1548 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    22:52:20.0265 1548 dpti2o - ok
    22:52:20.0453 1548 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    22:52:20.0468 1548 drmkaud - ok
    22:52:20.0656 1548 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
    22:52:20.0656 1548 drvmcdb - ok
    22:52:20.0875 1548 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
    22:52:20.0875 1548 drvnddm - ok
    22:52:21.0093 1548 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    22:52:21.0093 1548 DSproct - ok
    22:52:21.0281 1548 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
    22:52:21.0281 1548 dsunidrv - ok
    22:52:21.0484 1548 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    22:52:21.0484 1548 E100B - ok
    22:52:21.0656 1548 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    22:52:21.0687 1548 eeCtrl - ok
    22:52:21.0843 1548 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:52:21.0843 1548 EraserUtilRebootDrv - ok
    22:52:22.0125 1548 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    22:52:22.0125 1548 Fastfat - ok
    22:52:22.0343 1548 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    22:52:22.0343 1548 Fdc - ok
    22:52:22.0562 1548 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    22:52:22.0562 1548 Fips - ok
    22:52:22.0765 1548 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    22:52:22.0765 1548 Flpydisk - ok
    22:52:22.0984 1548 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    22:52:22.0984 1548 FltMgr - ok
    22:52:23.0109 1548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    22:52:23.0109 1548 Fs_Rec - ok
    22:52:23.0312 1548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    22:52:23.0312 1548 Ftdisk - ok
    22:52:23.0515 1548 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    22:52:23.0515 1548 Gpc - ok
    22:52:23.0734 1548 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    22:52:23.0734 1548 HidUsb - ok
    22:52:23.0968 1548 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    22:52:23.0968 1548 hpn - ok
    22:52:24.0187 1548 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    22:52:24.0187 1548 HPZid412 - ok
    22:52:24.0390 1548 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    22:52:24.0390 1548 HPZipr12 - ok
    22:52:24.0578 1548 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    22:52:24.0578 1548 HPZius12 - ok
    22:52:24.0828 1548 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    22:52:24.0828 1548 HTTP - ok
    22:52:25.0031 1548 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    22:52:25.0031 1548 i2omgmt - ok
    22:52:25.0218 1548 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    22:52:25.0218 1548 i2omp - ok
    22:52:25.0406 1548 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    22:52:25.0406 1548 i8042prt - ok
    22:52:25.0718 1548 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    22:52:25.0765 1548 ialm - ok
    22:52:26.0046 1548 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSxpx86.sys
    22:52:26.0109 1548 IDSxpx86 - ok
    22:52:26.0328 1548 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    22:52:26.0328 1548 Imapi - ok
    22:52:26.0546 1548 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    22:52:26.0562 1548 ini910u - ok
    22:52:26.0765 1548 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    22:52:26.0812 1548 IntelC51 - ok
    22:52:27.0031 1548 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    22:52:27.0062 1548 IntelC52 - ok
    22:52:27.0250 1548 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    22:52:27.0250 1548 IntelC53 - ok
    22:52:27.0468 1548 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    22:52:27.0468 1548 IntelIde - ok
    22:52:27.0671 1548 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    22:52:27.0671 1548 intelppm - ok
    22:52:27.0843 1548 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    22:52:27.0843 1548 Ip6Fw - ok
    22:52:28.0046 1548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    22:52:28.0046 1548 IpFilterDriver - ok
    22:52:28.0234 1548 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    22:52:28.0234 1548 IpInIp - ok
    22:52:28.0484 1548 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    22:52:28.0484 1548 IpNat - ok
    22:52:28.0656 1548 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    22:52:28.0656 1548 IPSec - ok
    22:52:28.0781 1548 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    22:52:28.0796 1548 IRENUM - ok
    22:52:28.0984 1548 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    22:52:28.0984 1548 isapnp - ok
    22:52:29.0156 1548 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    22:52:29.0156 1548 Kbdclass - ok
    22:52:29.0312 1548 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    22:52:29.0312 1548 kbdhid - ok
    22:52:29.0484 1548 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    22:52:29.0484 1548 kmixer - ok
    22:52:29.0656 1548 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    22:52:29.0656 1548 KSecDD - ok
    22:52:29.0843 1548 lbrtfdc - ok
    22:52:30.0031 1548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    22:52:30.0046 1548 mnmdd - ok
    22:52:30.0218 1548 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    22:52:30.0218 1548 Modem - ok
    22:52:30.0359 1548 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    22:52:30.0359 1548 MODEMCSA - ok
    22:52:30.0515 1548 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    22:52:30.0515 1548 mohfilt - ok
    22:52:30.0703 1548 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    22:52:30.0703 1548 Mouclass - ok
    22:52:30.0859 1548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    22:52:30.0859 1548 mouhid - ok
    22:52:31.0000 1548 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    22:52:31.0000 1548 MountMgr - ok
    22:52:31.0171 1548 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    22:52:31.0171 1548 mraid35x - ok
    22:52:31.0328 1548 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    22:52:31.0328 1548 MREMP50 - ok
    22:52:31.0343 1548 MREMPR5 - ok
    22:52:31.0375 1548 MRENDIS5 - ok
    22:52:31.0453 1548 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    22:52:31.0468 1548 MRESP50 - ok
    22:52:31.0687 1548 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    22:52:31.0687 1548 MRxDAV - ok
    22:52:31.0906 1548 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    22:52:31.0921 1548 MRxSmb - ok
    22:52:32.0125 1548 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    22:52:32.0125 1548 Msfs - ok
    22:52:32.0296 1548 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    22:52:32.0296 1548 MSKSSRV - ok
    22:52:32.0453 1548 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    22:52:32.0453 1548 MSPCLOCK - ok
    22:52:32.0625 1548 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    22:52:32.0625 1548 MSPQM - ok
    22:52:32.0781 1548 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    22:52:32.0781 1548 mssmbios - ok
    22:52:32.0921 1548 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    22:52:32.0921 1548 Mup - ok
    22:52:33.0281 1548 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120220.019\NAVENG.SYS
    22:52:33.0281 1548 NAVENG - ok
    22:52:33.0687 1548 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120220.019\NAVEX15.SYS
    22:52:33.0734 1548 NAVEX15 - ok
    22:52:33.0906 1548 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    22:52:33.0906 1548 NDIS - ok
    22:52:34.0109 1548 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    22:52:34.0109 1548 NdisTapi - ok
    22:52:34.0312 1548 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    22:52:34.0312 1548 Ndisuio - ok
    22:52:34.0531 1548 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    22:52:34.0531 1548 NdisWan - ok
    22:52:34.0703 1548 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    22:52:34.0703 1548 NDProxy - ok
    22:52:34.0906 1548 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    22:52:34.0906 1548 NetBIOS - ok
    22:52:35.0125 1548 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    22:52:35.0140 1548 NetBT - ok
    22:52:35.0468 1548 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    22:52:35.0468 1548 Npfs - ok
    22:52:35.0625 1548 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    22:52:35.0656 1548 Ntfs - ok
    22:52:35.0843 1548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    22:52:35.0843 1548 Null - ok
    22:52:36.0031 1548 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    22:52:36.0093 1548 nv - ok
    22:52:36.0312 1548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    22:52:36.0328 1548 NwlnkFlt - ok
    22:52:36.0546 1548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    22:52:36.0546 1548 NwlnkFwd - ok
    22:52:36.0718 1548 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    22:52:36.0718 1548 Parport - ok
    22:52:36.0875 1548 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    22:52:36.0875 1548 PartMgr - ok
    22:52:37.0046 1548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    22:52:37.0046 1548 ParVdm - ok
    22:52:37.0203 1548 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    22:52:37.0203 1548 PCI - ok
    22:52:37.0359 1548 PCIDump - ok
    22:52:37.0468 1548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    22:52:37.0468 1548 PCIIde - ok
    22:52:37.0671 1548 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    22:52:37.0671 1548 Pcmcia - ok
    22:52:37.0781 1548 PDCOMP - ok
    22:52:37.0843 1548 PDFRAME - ok
    22:52:37.0890 1548 PDRELI - ok
    22:52:37.0937 1548 PDRFRAME - ok
    22:52:38.0046 1548 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    22:52:38.0046 1548 perc2 - ok
    22:52:38.0203 1548 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    22:52:38.0203 1548 perc2hib - ok
    22:52:38.0484 1548 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    22:52:38.0484 1548 PptpMiniport - ok
    22:52:38.0687 1548 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    22:52:38.0687 1548 PSched - ok
    22:52:38.0843 1548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    22:52:38.0843 1548 Ptilink - ok
    22:52:38.0953 1548 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    22:52:38.0953 1548 PxHelp20 - ok
    22:52:39.0140 1548 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    22:52:39.0140 1548 ql1080 - ok
    22:52:39.0312 1548 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    22:52:39.0312 1548 Ql10wnt - ok
    22:52:39.0500 1548 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    22:52:39.0500 1548 ql12160 - ok
    22:52:39.0687 1548 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    22:52:39.0687 1548 ql1240 - ok
    22:52:39.0875 1548 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    22:52:39.0875 1548 ql1280 - ok
    22:52:40.0062 1548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    22:52:40.0062 1548 RasAcd - ok
    22:52:40.0281 1548 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    22:52:40.0281 1548 Rasl2tp - ok
    22:52:40.0500 1548 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    22:52:40.0500 1548 RasPppoe - ok
    22:52:40.0625 1548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    22:52:40.0625 1548 Raspti - ok
    22:52:40.0765 1548 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    22:52:40.0765 1548 Rdbss - ok
    22:52:40.0828 1548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    22:52:40.0828 1548 RDPCDD - ok
    22:52:40.0937 1548 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    22:52:40.0937 1548 rdpdr - ok
    22:52:41.0093 1548 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    22:52:41.0093 1548 RDPWD - ok
    22:52:41.0234 1548 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    22:52:41.0234 1548 redbook - ok
    22:52:41.0453 1548 RPSKT - ok
    22:52:41.0640 1548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    22:52:41.0640 1548 Secdrv - ok
    22:52:41.0875 1548 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    22:52:41.0890 1548 senfilt - ok
    22:52:42.0093 1548 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    22:52:42.0093 1548 serenum - ok
    22:52:42.0296 1548 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    22:52:42.0296 1548 Serial - ok
    22:52:42.0500 1548 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    22:52:42.0500 1548 Sfloppy - ok
    22:52:42.0625 1548 Simbad - ok
    22:52:42.0703 1548 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    22:52:42.0703 1548 sisagp - ok
    22:52:42.0937 1548 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    22:52:42.0937 1548 smwdm - ok
    22:52:43.0125 1548 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    22:52:43.0125 1548 Sparrow - ok
    22:52:43.0296 1548 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    22:52:43.0296 1548 splitter - ok
    22:52:43.0546 1548 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    22:52:43.0546 1548 sr - ok
    22:52:43.0828 1548 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSP.SYS
    22:52:43.0859 1548 SRTSP - ok
    22:52:44.0093 1548 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS
    22:52:44.0093 1548 SRTSPX - ok
    22:52:44.0296 1548 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    22:52:44.0312 1548 Srv - ok
    22:52:44.0500 1548 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    22:52:44.0500 1548 sscdbhk5 - ok
    22:52:44.0734 1548 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
    22:52:44.0734 1548 ssrtln - ok
    22:52:44.0953 1548 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    22:52:44.0953 1548 swenum - ok
    22:52:45.0156 1548 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    22:52:45.0156 1548 swmidi - ok
    22:52:45.0375 1548 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    22:52:45.0375 1548 symc810 - ok
    22:52:45.0562 1548 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    22:52:45.0562 1548 symc8xx - ok
    22:52:45.0781 1548 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS
    22:52:45.0796 1548 SymDS - ok
    22:52:46.0062 1548 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS
    22:52:46.0125 1548 SymEFA - ok
    22:52:46.0312 1548 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    22:52:46.0312 1548 SymEvent - ok
    22:52:46.0531 1548 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS
    22:52:46.0531 1548 SymIRON - ok
    22:52:46.0765 1548 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMTDI.SYS
    22:52:46.0765 1548 SYMTDI - ok
    22:52:46.0984 1548 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    22:52:46.0984 1548 sym_hi - ok
    22:52:47.0140 1548 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    22:52:47.0140 1548 sym_u3 - ok
    22:52:47.0328 1548 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    22:52:47.0328 1548 sysaudio - ok
    22:52:47.0609 1548 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    22:52:47.0625 1548 Tcpip - ok
    22:52:47.0828 1548 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    22:52:47.0828 1548 TDPIPE - ok
    22:52:47.0984 1548 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    22:52:47.0984 1548 TDTCP - ok
    22:52:48.0156 1548 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    22:52:48.0156 1548 TermDD - ok
    22:52:48.0359 1548 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
    22:52:48.0359 1548 tfsnboio - ok
    22:52:48.0562 1548 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
    22:52:48.0562 1548 tfsncofs - ok
    22:52:48.0656 1548 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
    22:52:48.0656 1548 tfsndrct - ok
    22:52:48.0703 1548 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
    22:52:48.0703 1548 tfsndres - ok
    22:52:48.0812 1548 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
    22:52:48.0812 1548 tfsnifs - ok
    22:52:48.0968 1548 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
    22:52:48.0968 1548 tfsnopio - ok
    22:52:49.0156 1548 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
    22:52:49.0156 1548 tfsnpool - ok
    22:52:49.0343 1548 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
    22:52:49.0359 1548 tfsnudf - ok
    22:52:49.0546 1548 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
    22:52:49.0546 1548 tfsnudfa - ok
    22:52:49.0765 1548 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    22:52:49.0765 1548 TosIde - ok
    22:52:49.0953 1548 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    22:52:49.0953 1548 Udfs - ok
    22:52:50.0125 1548 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    22:52:50.0125 1548 ultra - ok
    22:52:50.0312 1548 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    22:52:50.0328 1548 Update - ok
    22:52:50.0546 1548 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    22:52:50.0546 1548 usbccgp - ok
    22:52:50.0750 1548 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    22:52:50.0750 1548 usbehci - ok
    22:52:50.0921 1548 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    22:52:50.0921 1548 usbhub - ok
    22:52:51.0156 1548 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    22:52:51.0156 1548 usbprint - ok
    22:52:51.0343 1548 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    22:52:51.0343 1548 usbscan - ok
    22:52:51.0562 1548 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    22:52:51.0562 1548 USBSTOR - ok
    22:52:51.0750 1548 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    22:52:51.0765 1548 usbuhci - ok
    22:52:51.0968 1548 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    22:52:51.0968 1548 VgaSave - ok
    22:52:52.0140 1548 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    22:52:52.0140 1548 viaagp - ok
    22:52:52.0296 1548 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    22:52:52.0296 1548 ViaIde - ok
    22:52:52.0453 1548 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    22:52:52.0453 1548 VolSnap - ok
    22:52:52.0656 1548 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    22:52:52.0656 1548 Wanarp - ok
    22:52:52.0859 1548 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    22:52:52.0859 1548 wanatw - ok
    22:52:53.0015 1548 WDICA - ok
    22:52:53.0109 1548 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    22:52:53.0109 1548 wdmaud - ok
    22:52:53.0500 1548 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    22:52:53.0500 1548 WS2IFSL - ok
    22:52:53.0687 1548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    22:52:53.0703 1548 WudfPf - ok
    22:52:53.0875 1548 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
    22:52:53.0921 1548 \Device\Harddisk0\DR0 - ok
    22:52:53.0968 1548 Boot (0x1200) (ed764fa105ba8df6c33cdd36da0f41b2) \Device\Harddisk0\DR0\Partition0
    22:52:53.0968 1548 \Device\Harddisk0\DR0\Partition0 - ok
    22:52:53.0984 1548 ============================================================
    22:52:53.0984 1548 Scan finished
    22:52:53.0984 1548 ============================================================
    22:52:54.0031 1568 Detected object count: 0
    22:52:54.0031 1568 Actual detected object count: 0
    22:54:10.0171 1388 Deinitialize success



    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.21.01

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Joseph Paino :: D6LVFK81 [administrator]

    2/20/2012 10:54:37 PM
    mbam-log-2012-02-20 (22-54-37).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 253981
    Time elapsed: 36 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Utilities\Spyware Programs\Start Up Run\strun.exe (PUP.StartUpManager) -> Quarantined and deleted successfully.

    (end)
  8. SJGinNJ

    SJGinNJ Newcomer, in training Topic Starter

    Just to let you know

    Norton Internet Security 2012 just ran a quick scan and found 22 tracking cookies - fully resolved and it also found Trojan.ADH.2 - fully resolved.

    Upon investigation, the Trojan.ADH.2 was actually the ComboFix.exe on the desktop, I guess Norton sees it as a threat.

    So far no warnings about Zeroaccess Rootkit and Tidserv like before.

    Steve
  9. SJGinNJ

    SJGinNJ Newcomer, in training Topic Starter

    I think I'm in the clear

    Bobeye,

    I think you can close this thread as I seem to have fixed the other issues.

    The slow start up was due to some startup services left behind by these viruses. The startup entries were still active even though the .exe files had been removed. When I removed them with MSCONFIG and restarted, the slow start up was gone.

    The second fix was for Windows Update which was broken. I followed the instructions in a knowledge base article and was able to fix that.

    Seeing as how the rootkits seem to be gone this thread is done.

    Thanks again for all your help,

    Steve
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thread closed per member's request. Cleaning was not completed.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.