Resolved System Check aftermath

[SJGinNJ]

Friends PC had out of date NIS 2009 and got infected with System Check.
Ran Malwarebytes in safe mode and after reboot I was able to get the program list back and un-hide the folders.
Loaded NIS 2012, updated and scanned, removed flagged items.

Problem now is this.
On boot, if you try to run Internet Explorer, it takes about 10-15 minutes for the program to start, the iexplore.exe process starts right away but the program won't appear till 10-15 minutes later. Internet access is fine and I can ping websites from a command line right after boot.
NIS 2012 shows Zeroaccess Rootkit and Tidserv needing manual removal.
Ran their tools, FixTDSS.exe and FixZeroAccess.exe but it still detects them.
Also ran Norton Power Eraser with same results so here I am, any help will be greatly appreciated.

Steve

Here are the requested logs.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joseph Paino :: D6LVFK81 [administrator]

2/19/2012 8:41:30 PM
mbam-log-2012-02-19 (20-41-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257235
Time elapsed: 3 hour(s), 41 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Utilities\Spyware Programs\Start Up Run\strun.exe (PUP.StartUpManager) -> No action taken.
C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\ARCSOFTVIRTUALCAPTURE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\perc2hib.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3combootp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ATSWPDRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\KLOGNT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwbackupsrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulcdrhlp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-20 18:22:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
Running: 9rkrqf05.exe; Driver: C:\DOCUME~1\JOSEPH~1\LOCALS~1\Temp\kfdyapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


DDS.txt and Attach.txt to follow

 

[SJGinNJ]

dds.txt and attach.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Joseph Paino at 18:23:31 on 2012-02-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1435 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1166924966\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1166924966\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" -s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: mswsock.dll
DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128728237312
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1329669218906
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 71.250.0.12 68.237.161.12
TCP: Interfaces\{BBC1C5F4-162C-4F7A-955C-F923243B908E} : DhcpNameServer = 71.250.0.12 68.237.161.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-18 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-18 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-18 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-18 149624]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-18 138248]
R2 veteboot;CVPNDRVA;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-19 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120217.003\IDSXpx86.sys [2012-2-17 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120220.001\NAVENG.SYS [2012-2-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20120220.001\NAVEX15.SYS [2012-2-20 1576312]
S3 38780699;38780699; [x]
S3 LDNYGHWXSO;LDNYGHWXSO;c:\docume~1\joseph~1\locals~1\temp\LDNYGHWXSO.exe [2012-2-19 568192]
S3 MBYADA;MBYADA;c:\docume~1\joseph~1\locals~1\temp\MBYADA.exe [2012-2-19 539520]
.
=============== Created Last 30 ================
.
2012-02-19 23:30:58 -------- d-----w- c:\documents and settings\joseph paino\local settings\application data\NPE
2012-02-19 22:33:02 -------- d-----w- c:\documents and settings\joseph paino\local settings\application data\Temp
2012-02-19 22:28:20 -------- d-----w- c:\documents and settings\joseph paino\local settings\application data\Google
2012-02-19 18:25:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-19 17:33:52 -------- d-----w- c:\documents and settings\joseph paino\application data\ElevatedDiagnostics
2012-02-19 17:27:22 442680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-19 16:02:19 -------- d-----w- c:\program files\Trend Micro
2012-02-18 22:34:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-18 22:34:51 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-18 22:34:51 -------- d-----w- c:\program files\Symantec
2012-02-18 22:34:17 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-18 22:34:17 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-18 22:34:17 388216 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdi.sys
2012-02-18 22:34:17 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
2012-02-18 22:34:17 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-18 22:34:17 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-18 22:34:17 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-18 22:34:17 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-18 22:34:17 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-18 22:33:39 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-18 22:33:39 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-02-18 22:32:58 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-18 22:32:54 -------- d-----w- c:\program files\Norton Internet Security
2012-02-18 21:34:34 22032 ----a-w- c:\windows\DCEBoot.exe
2012-02-18 21:34:34 102400 ----a-w- c:\windows\RegBootClean.exe
2012-02-18 21:17:57 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-13 22:28:06 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-02-13 19:40:50 -------- d-----w- C:\Utilities
2012-02-13 19:26:40 -------- d-----w- c:\documents and settings\joseph paino\application data\Malwarebytes
2012-02-13 19:26:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-13 19:26:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-13 19:26:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 22:32:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-20 01:03:56 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-19 18:26:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-25 21:57:19 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:24:52.73 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/6/2005 9:04:44 PM
System Uptime: 2/20/2012 5:35:45 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 70 GiB total, 51.59 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
AIO_Scan
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
BufferChm
C7200
C7200_doccd
c7200_Help
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DocumentViewer
Download Updater (AOL LLC)
eSupportQFolder
Fast Browser Search (My Web Tattoo)
Fax
Form Magic Deluxe
GdiplusUpgrade
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Image Zone 4.7
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Software Update
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
HPSystemDiagnostics
InstantShare
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 17
Learn2 Player (Uninstall Only)
LP_Flash
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Event Monitor
Modem Helper
Modem On Hold
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Norton Internet Security
PanoStandAlone
Photo Click
PhotoGallery
PowerDVD 5.5
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QFolder
Qualxserve Service Agreement
QuickBooks Simple Start Online Edition
QuickBooks Simple Start Special Edition
QuickTime
RealPlayer Basic
RPS CRT
Scan
ScannerCopy
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SkinsHP1
SolutionCenter
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Status
TomTom HOME
Toolbox
TrayApp
Unload
UnloadSupport
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Broadband Toolbar (IE only)
Verizon Help and Support Tool
Verizon Servicepoint 1.5.22
VideoToolkit01
Viewpoint Media Player
Vz In Home Agent
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
2/20/2012 7:26:47 AM, error: Service Control Manager [7023] - The WmXlCore service terminated with the following error: The specified module could not be found.
2/20/2012 6:05:12 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/19/2012 8:40:51 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR250\0000 disappeared from the system without first being prepared for removal.
2/19/2012 6:56:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt IntelIde
2/19/2012 5:02:13 PM, error: Dhcp [1002] - The IP address lease 10.0.0.4 for the Network Card with network address 0013207C11E5 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/19/2012 12:13:20 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/19/2012 12:13:02 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
2/19/2012 12:10:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LDNYGHWXSO service to connect.
2/19/2012 12:10:24 PM, error: Service Control Manager [7000] - The LDNYGHWXSO service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/19/2012 11:47:51 AM, error: Service Control Manager [7023] - The S7oppilx service terminated with the following error: The specified module could not be found.
2/19/2012 11:47:51 AM, error: Service Control Manager [7023] - The S24trans service terminated with the following error: The specified module could not be found.
2/19/2012 11:47:51 AM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
2/19/2012 11:45:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/19/2012 11:44:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/19/2012 11:39:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/19/2012 11:32:06 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl Fips intelppm SRTSP SRTSPX SymIRON SYMTDI
2/18/2012 5:42:26 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
2/18/2012 5:42:26 PM, error: SRTSP [4] - Error loading virus definitions.
2/18/2012 5:30:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMDS\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SRTSPX\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVEX15\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_NAVENG\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_IDSXPX86\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_CCSET_NIS\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:34 PM, error: PlugPlayManager [11] - The device Root\LEGACY_BHDRVX86\0000 disappeared from the system without first being prepared for removal.
2/18/2012 5:27:31 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMEVENT\0000 disappeared from the system without first being prepared for removal.
2/18/2012 4:57:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl Fips intelppm SRTSPX SymIRON SYMTDI
2/18/2012 4:57:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/18/2012 4:36:51 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/18/2012 11:27:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
2/18/2012 11:06:13 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80563bdc, parameter3 b8e66c74, parameter4 00000000.
.
==== End Of File ===========================

 

[Bobbye]

Steve, I'll be glad to help. But please don't run any more random scan. The one thing I want you to do while I finish checking these logs is to go back and rerun Malwarebytes again and be sure to check the line in the instructions in red:

• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach this log with your reply

If you look at the Mbam log, you will see No Action Taken by all the entries. Leave the new log.
=========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

 

[Bobbye]

There are still noticeable malware entries. I see Norton was installed on 2/28- was there any AV or security running on the system before that?
==============================
We are going to let Combofix remove some of the malware for us:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe
  
  & follow the prompts.
• If prompted for Recovery Console, please allow.
• Once installed, you should see a blue screen prompt that says:
  • The Recovery Console was successfully installed.[/b]
  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• .Close/disable all anti virus and anti malware programs
  (If you need help with this, please see HERE)
• .Close any open browsers.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=============================================
It is important that you do not delete any files from your Temp folder or use any temp file cleaners

• System Check is a fake (Rogue) computer analysis and optimization program.
• The 'alerts' tell you the problems have lead to corrupt and missing data
• It will display false error messages and security warnings.
• It "hides" Icons, desktop, programs and files so that they appear to be missing and some programs can't be run
• This can be installed through hacked sites that exploit vulnerabilities on the system or through fake online scanner pages
• The malware is configured to automatically start when you logon to Windows.
• It can also be started if you click on any of these alerts.

Note: You may not experience all of the above, but it is important to tell me what problems you do have.
============================================
See below. Do this if needed: Press Windows+R key> type cmd> OK

1. If your task manager is disabled,copy and run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr

Press Enter

2. If you're desktop is blank and unable to right click on it ,run this command

Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]

Press Enter
==============================
Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
--------------------------
Note: If you are not 'missing' folders, icons, programs, etc. you can skip #1 and start with #2[/u]
The following can be run first to allow you to 'see' the programs, files,etc. But it is important that you understand that this does not remove the malware, only the attribute to hide these features. So it is important that you continue with the cleaning:
1. Download Unhide.exe and save to the desktop.

• Double-click on Unhide.exe icon to run the program.
• This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
================================
2. Boot into Safe Mode with Networking

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

=======================================
3. To end the processes that belong to the rogue program:
Please click on RKill

• At the download page, click on Download now button for iExplore.exe download link and save to the desktop
• Double click on the iExplore.exe icon
• Please be patient- it may take a bit.
• The black Window will close when through and you can continue.

Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after running RKill as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:

• Select Perform Full Scan on the Scanner tab
• Click on the Scan button.
• When scan has finished, you will see this image:
  
  
• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.

==============================
6.Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:

• Click on Start> Control Panel> Appearance & Personalization
• Select Change Theme or Change Desktop Background

=====================================
7.Some items may not show on the Start menu. To add them back:

• Right click on Start> Properties
• Taskbar and Start Menu Properties screen appears
• choose Start Menu tab> Click on Customize
• For Windows XP> Choose Advanced tab
• Check the items you want back on the Start Menu
• When finished> click on OK> Apply and close.

=====================================
You can now reboot back into Normal Mode.
Please leave logs for Combofix, TDSSKiller and new Malwarebytes full scan in your next reply.

 

[SJGinNJ]

Here's the new Malwarebytes log

Bobeye,
Thanks for the help.
Re-ran Malwarebytes and attached the log below.
Will reboot to finish that task and then will follow your new instructions.
Thanks,
steve



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Joseph Paino :: D6LVFK81 [administrator]

2/20/2012 8:19:12 PM
mbam-log-2012-02-20 (20-19-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187633
Time elapsed: 18 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\WINDOWS\system32\SaiClass.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\SaiClass.dll (RootKit.0Access.H) -> Delete on reboot.
C:\WINDOWS\system32\drivers\cdrom.sys (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

 

[SJGinNJ]

3 new logs

Bobeye,

Finished with your instructions, here are the three new logs.
Combofix took about an hour to complete.
TDSSkiller found nothing and Malwarebytes only found one file and removed it.

On boot into windows normal mode I still get about a 20 minute delay between trying to start internet explorer, AOL, Task Manager etc, and when they finally open. I can however go to a command prompt right away and ping a website OK.

Thanks ,
Steve


ComboFix 12-02-19.02 - Joseph Paino 02/20/2012 22:11:28.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1669 [GMT -5:00]
Running from: c:\documents and settings\Joseph Paino\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~3bQiQODFkq3RWc
c:\documents and settings\All Users\Application Data\~3bQiQODFkq3RWcr
c:\documents and settings\All Users\Application Data\3bQiQODFkq3RWc
c:\documents and settings\Joseph Paino\GoToAssistDownloadHelper.exe
c:\documents and settings\Joseph Paino\WINDOWS
C:\mtwb.dat
c:\windows\$NtUninstallKB16501$
c:\windows\$NtUninstallKB16501$\2384969406
c:\windows\$NtUninstallKB16501$\3905661118\@
c:\windows\$NtUninstallKB16501$\3905661118\cfg.ini
c:\windows\$NtUninstallKB16501$\3905661118\Desktop.ini
c:\windows\$NtUninstallKB16501$\3905661118\L\odetmngk
c:\windows\$NtUninstallKB16501$\3905661118\U\00000001.@
c:\windows\$NtUninstallKB16501$\3905661118\U\00000002.@
c:\windows\$NtUninstallKB16501$\3905661118\U\00000004.@
c:\windows\$NtUninstallKB16501$\3905661118\U\80000000.@
c:\windows\$NtUninstallKB16501$\3905661118\U\80000004.@
c:\windows\$NtUninstallKB16501$\3905661118\U\80000032.@
c:\windows\$NtUninstallKB16501$\3905661118\version
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\bszip.dll
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B5.tmp
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-21 03:21 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-21 03:21 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-19 23:30 . 2012-02-20 01:00 -------- d-----w- c:\documents and settings\Joseph Paino\Local Settings\Application Data\NPE
2012-02-19 22:33 . 2012-02-19 22:33 -------- d-----w- c:\documents and settings\Joseph Paino\Local Settings\Application Data\Temp
2012-02-19 22:28 . 2012-02-19 22:28 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-02-19 22:28 . 2012-02-19 22:33 -------- d-----w- c:\documents and settings\Joseph Paino\Local Settings\Application Data\Google
2012-02-19 22:16 . 2012-02-19 22:29 -------- d-----w- c:\program files\Google
2012-02-19 18:25 . 2012-02-19 18:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-19 17:33 . 2012-02-19 17:33 -------- d-----w- c:\documents and settings\Joseph Paino\Application Data\ElevatedDiagnostics
2012-02-19 17:27 . 2012-02-19 17:29 442680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-19 16:02 . 2012-02-19 16:02 -------- d-----w- c:\program files\Trend Micro
2012-02-18 22:34 . 2012-02-18 22:34 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-02-18 22:34 . 2012-02-18 22:34 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-18 22:34 . 2012-02-18 22:34 -------- d-----w- c:\program files\Symantec
2012-02-18 22:32 . 2012-02-18 22:34 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-18 22:32 . 2012-02-18 22:32 -------- d-----w- c:\program files\Norton Internet Security
2012-02-18 21:34 . 2012-02-18 21:34 102400 ----a-w- c:\windows\RegBootClean.exe
2012-02-18 21:34 . 2012-02-18 21:34 22032 ----a-w- c:\windows\DCEBoot.exe
2012-02-18 21:26 . 2012-02-20 09:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-18 21:17 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-13 22:28 . 2012-02-13 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-02-13 19:40 . 2012-02-20 00:00 -------- d-----w- C:\Utilities
2012-02-13 19:26 . 2012-02-13 19:26 -------- d-----w- c:\documents and settings\Joseph Paino\Application Data\Malwarebytes
2012-02-13 19:26 . 2012-02-13 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-13 19:26 . 2012-02-13 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-13 19:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 22:44 . 2012-02-08 22:44 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-08 22:32 . 2012-02-20 22:36 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 01:03 . 2004-08-04 04:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-19 18:26 . 2004-08-10 17:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-11-25 21:57 . 2004-08-10 17:51 293376 ---ha-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ---ha-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]
"HostManager"="c:\program files\Common Files\AOL\1166924966\ee\AOLSoftware.exe" [2010-03-08 41800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 378784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-09-27 98304]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-09-27 12:59 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-09-27 12:59 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2008-09-17 02:14 2065648 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_dellsupportcenter"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1166924966\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1305000.091\symds.sys [2/18/2012 5:34 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1305000.091\symefa.sys [2/18/2012 5:34 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/18/2012 5:47 PM 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1305000.091\ccsetx86.sys [2/18/2012 5:34 PM 132744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1305000.091\ironx86.sys [2/18/2012 5:34 PM 149624]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2/18/2012 5:34 PM 138248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/19/2012 10:29 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSXpx86.sys [2/17/2012 4:28 PM 356280]
S3 38780699;38780699; [x]
S3 LDNYGHWXSO;LDNYGHWXSO;c:\docume~1\JOSEPH~1\LOCALS~1\Temp\LDNYGHWXSO.exe --> c:\docume~1\JOSEPH~1\LOCALS~1\Temp\LDNYGHWXSO.exe [?]
S3 MBYADA;MBYADA;c:\docume~1\JOSEPH~1\LOCALS~1\Temp\MBYADA.exe --> c:\docume~1\JOSEPH~1\LOCALS~1\Temp\MBYADA.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
imagesrv
WUSB54GCSVC
aeaudio
SRS_SSCFilter
anbmservice
gs30s
se44mgmt
NVENET
CAMCAUD
zpsc
AR5523
Airgo
ha10kx2k
veteboot
nettcpportsharing
Nmea
SNDO763
elotouchscreen
xaudioservice
vrfwsvc
tosrfcom
genregistrar
vmx86
prevxagent
cqcpu
ati2mtaa
se2Cnd5
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 22:28]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
TCP: DhcpNameServer = 71.250.0.12 68.237.161.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-64987791.sys
SafeBoot-89466529.sys
MSConfigStartUp-25914930 - c:\docume~1\ALLUSE~1\APPLIC~1\25914930\25914930.exe
MSConfigStartUp-Spyware Doctor with AntiVirus - c:\documents and settings\Joseph Paino\Desktop\sdasetup_revwire207.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xaudioservice]
"ServiceDll"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\wanmpsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Common Files\AOL\1166924966\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2012-02-20 22:41:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 03:40
.
Pre-Run: 55,245,090,816 bytes free
Post-Run: 56,242,479,104 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A6A248B7982D8124D03225DBFBFBA5F9

 

[SJGinNJ]

TDSSKiller and MalwareBytes Logs

22:52:03.0406 1448 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:52:03.0828 1448 ============================================================
22:52:03.0828 1448 Current date / time: 2012/02/20 22:52:03.0828
22:52:03.0828 1448 SystemInfo:
22:52:03.0828 1448
22:52:03.0828 1448 OS Version: 5.1.2600 ServicePack: 3.0
22:52:03.0828 1448 Product type: Workstation
22:52:03.0828 1448 ComputerName: D6LVFK81
22:52:03.0828 1448 UserName: Joseph Paino
22:52:03.0828 1448 Windows directory: C:\WINDOWS
22:52:03.0828 1448 System windows directory: C:\WINDOWS
22:52:03.0828 1448 Processor architecture: Intel x86
22:52:03.0828 1448 Number of processors: 1
22:52:03.0828 1448 Page size: 0x1000
22:52:03.0828 1448 Boot type: Safe boot with network
22:52:03.0828 1448 ============================================================
22:52:06.0125 1448 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:52:06.0125 1448 \Device\Harddisk0\DR0:
22:52:06.0125 1448 MBR used
22:52:06.0125 1448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8C89995
22:52:06.0625 1448 Initialize success
22:52:06.0625 1448 ============================================================
22:52:08.0875 1548 ============================================================
22:52:08.0875 1548 Scan started
22:52:08.0875 1548 Mode: Manual;
22:52:08.0875 1548 ============================================================
22:52:10.0015 1548 38780699 - ok
22:52:10.0109 1548 Abiosdsk - ok
22:52:10.0281 1548 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:52:10.0281 1548 abp480n5 - ok
22:52:10.0500 1548 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:52:10.0500 1548 ACPI - ok
22:52:10.0703 1548 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:52:10.0703 1548 ACPIEC - ok
22:52:10.0921 1548 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:52:10.0953 1548 adpu160m - ok
22:52:11.0203 1548 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:52:11.0218 1548 aec - ok
22:52:11.0437 1548 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:52:11.0437 1548 AFD - ok
22:52:11.0625 1548 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:52:11.0625 1548 agp440 - ok
22:52:11.0812 1548 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:52:11.0812 1548 agpCPQ - ok
22:52:12.0000 1548 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:52:12.0000 1548 Aha154x - ok
22:52:12.0171 1548 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:52:12.0171 1548 aic78u2 - ok
22:52:12.0390 1548 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:52:12.0390 1548 aic78xx - ok
22:52:12.0640 1548 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:52:12.0640 1548 AliIde - ok
22:52:12.0828 1548 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:52:12.0828 1548 alim1541 - ok
22:52:13.0015 1548 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:52:13.0015 1548 amdagp - ok
22:52:13.0218 1548 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:52:13.0218 1548 amsint - ok
22:52:13.0453 1548 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:52:13.0453 1548 asc - ok
22:52:13.0625 1548 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:52:13.0625 1548 asc3350p - ok
22:52:13.0812 1548 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:52:13.0812 1548 asc3550 - ok
22:52:14.0031 1548 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:52:14.0031 1548 ASCTRM - ok
22:52:14.0296 1548 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:52:14.0296 1548 AsyncMac - ok
22:52:14.0500 1548 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:52:14.0500 1548 atapi - ok
22:52:14.0671 1548 Atdisk - ok
22:52:14.0812 1548 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:52:14.0828 1548 Atmarpc - ok
22:52:15.0031 1548 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:52:15.0031 1548 audstub - ok
22:52:15.0265 1548 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:52:15.0265 1548 Beep - ok
22:52:15.0562 1548 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
22:52:15.0734 1548 BHDrvx86 - ok
22:52:15.0984 1548 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
22:52:15.0984 1548 BVRPMPR5 - ok
22:52:16.0140 1548 bvrp_pci - ok
22:52:16.0281 1548 catchme - ok
22:52:16.0468 1548 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:52:16.0468 1548 cbidf - ok
22:52:16.0687 1548 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:52:16.0687 1548 cbidf2k - ok
22:52:16.0953 1548 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1305000.091\ccSetx86.sys
22:52:16.0953 1548 ccSet_NIS - ok
22:52:17.0156 1548 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:52:17.0156 1548 cd20xrnt - ok
22:52:17.0312 1548 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:52:17.0312 1548 Cdaudio - ok
22:52:17.0531 1548 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:52:17.0531 1548 Cdfs - ok
22:52:17.0734 1548 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:52:17.0734 1548 Cdrom - ok
22:52:17.0890 1548 Changer - ok
22:52:18.0171 1548 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:52:18.0187 1548 CmdIde - ok
22:52:18.0421 1548 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:52:18.0421 1548 Cpqarray - ok
22:52:18.0687 1548 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:52:18.0687 1548 dac2w2k - ok
22:52:18.0859 1548 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:52:18.0875 1548 dac960nt - ok
22:52:19.0109 1548 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:52:19.0109 1548 Disk - ok
22:52:19.0375 1548 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:52:19.0390 1548 dmboot - ok
22:52:19.0625 1548 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:52:19.0625 1548 dmio - ok
22:52:19.0796 1548 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:52:19.0796 1548 dmload - ok
22:52:20.0031 1548 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:52:20.0031 1548 DMusic - ok
22:52:20.0265 1548 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:52:20.0265 1548 dpti2o - ok
22:52:20.0453 1548 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:52:20.0468 1548 drmkaud - ok
22:52:20.0656 1548 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:52:20.0656 1548 drvmcdb - ok
22:52:20.0875 1548 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
22:52:20.0875 1548 drvnddm - ok
22:52:21.0093 1548 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
22:52:21.0093 1548 DSproct - ok
22:52:21.0281 1548 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
22:52:21.0281 1548 dsunidrv - ok
22:52:21.0484 1548 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:52:21.0484 1548 E100B - ok
22:52:21.0656 1548 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:52:21.0687 1548 eeCtrl - ok
22:52:21.0843 1548 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:52:21.0843 1548 EraserUtilRebootDrv - ok
22:52:22.0125 1548 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:52:22.0125 1548 Fastfat - ok
22:52:22.0343 1548 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:52:22.0343 1548 Fdc - ok
22:52:22.0562 1548 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:52:22.0562 1548 Fips - ok
22:52:22.0765 1548 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:52:22.0765 1548 Flpydisk - ok
22:52:22.0984 1548 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:52:22.0984 1548 FltMgr - ok
22:52:23.0109 1548 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:52:23.0109 1548 Fs_Rec - ok
22:52:23.0312 1548 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:52:23.0312 1548 Ftdisk - ok
22:52:23.0515 1548 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:52:23.0515 1548 Gpc - ok
22:52:23.0734 1548 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:52:23.0734 1548 HidUsb - ok
22:52:23.0968 1548 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:52:23.0968 1548 hpn - ok
22:52:24.0187 1548 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:52:24.0187 1548 HPZid412 - ok
22:52:24.0390 1548 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:52:24.0390 1548 HPZipr12 - ok
22:52:24.0578 1548 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:52:24.0578 1548 HPZius12 - ok
22:52:24.0828 1548 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:52:24.0828 1548 HTTP - ok
22:52:25.0031 1548 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:52:25.0031 1548 i2omgmt - ok
22:52:25.0218 1548 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:52:25.0218 1548 i2omp - ok
22:52:25.0406 1548 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:52:25.0406 1548 i8042prt - ok
22:52:25.0718 1548 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:52:25.0765 1548 ialm - ok
22:52:26.0046 1548 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSxpx86.sys
22:52:26.0109 1548 IDSxpx86 - ok
22:52:26.0328 1548 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:52:26.0328 1548 Imapi - ok
22:52:26.0546 1548 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:52:26.0562 1548 ini910u - ok
22:52:26.0765 1548 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
22:52:26.0812 1548 IntelC51 - ok
22:52:27.0031 1548 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
22:52:27.0062 1548 IntelC52 - ok
22:52:27.0250 1548 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
22:52:27.0250 1548 IntelC53 - ok
22:52:27.0468 1548 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:52:27.0468 1548 IntelIde - ok
22:52:27.0671 1548 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:52:27.0671 1548 intelppm - ok
22:52:27.0843 1548 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:52:27.0843 1548 Ip6Fw - ok
22:52:28.0046 1548 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:52:28.0046 1548 IpFilterDriver - ok
22:52:28.0234 1548 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:52:28.0234 1548 IpInIp - ok
22:52:28.0484 1548 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:52:28.0484 1548 IpNat - ok
22:52:28.0656 1548 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:52:28.0656 1548 IPSec - ok
22:52:28.0781 1548 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:52:28.0796 1548 IRENUM - ok
22:52:28.0984 1548 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:52:28.0984 1548 isapnp - ok
22:52:29.0156 1548 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:52:29.0156 1548 Kbdclass - ok
22:52:29.0312 1548 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:52:29.0312 1548 kbdhid - ok
22:52:29.0484 1548 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:52:29.0484 1548 kmixer - ok
22:52:29.0656 1548 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:52:29.0656 1548 KSecDD - ok
22:52:29.0843 1548 lbrtfdc - ok
22:52:30.0031 1548 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:52:30.0046 1548 mnmdd - ok
22:52:30.0218 1548 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:52:30.0218 1548 Modem - ok
22:52:30.0359 1548 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:52:30.0359 1548 MODEMCSA - ok
22:52:30.0515 1548 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
22:52:30.0515 1548 mohfilt - ok
22:52:30.0703 1548 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:52:30.0703 1548 Mouclass - ok
22:52:30.0859 1548 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:52:30.0859 1548 mouhid - ok
22:52:31.0000 1548 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:52:31.0000 1548 MountMgr - ok
22:52:31.0171 1548 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:52:31.0171 1548 mraid35x - ok
22:52:31.0328 1548 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:52:31.0328 1548 MREMP50 - ok
22:52:31.0343 1548 MREMPR5 - ok
22:52:31.0375 1548 MRENDIS5 - ok
22:52:31.0453 1548 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:52:31.0468 1548 MRESP50 - ok
22:52:31.0687 1548 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:52:31.0687 1548 MRxDAV - ok
22:52:31.0906 1548 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:52:31.0921 1548 MRxSmb - ok
22:52:32.0125 1548 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:52:32.0125 1548 Msfs - ok
22:52:32.0296 1548 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:52:32.0296 1548 MSKSSRV - ok
22:52:32.0453 1548 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:52:32.0453 1548 MSPCLOCK - ok
22:52:32.0625 1548 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:52:32.0625 1548 MSPQM - ok
22:52:32.0781 1548 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:52:32.0781 1548 mssmbios - ok
22:52:32.0921 1548 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:52:32.0921 1548 Mup - ok
22:52:33.0281 1548 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120220.019\NAVENG.SYS
22:52:33.0281 1548 NAVENG - ok
22:52:33.0687 1548 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120220.019\NAVEX15.SYS
22:52:33.0734 1548 NAVEX15 - ok
22:52:33.0906 1548 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:52:33.0906 1548 NDIS - ok
22:52:34.0109 1548 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:52:34.0109 1548 NdisTapi - ok
22:52:34.0312 1548 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:52:34.0312 1548 Ndisuio - ok
22:52:34.0531 1548 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:52:34.0531 1548 NdisWan - ok
22:52:34.0703 1548 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:52:34.0703 1548 NDProxy - ok
22:52:34.0906 1548 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:52:34.0906 1548 NetBIOS - ok
22:52:35.0125 1548 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:52:35.0140 1548 NetBT - ok
22:52:35.0468 1548 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:52:35.0468 1548 Npfs - ok
22:52:35.0625 1548 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:52:35.0656 1548 Ntfs - ok
22:52:35.0843 1548 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:52:35.0843 1548 Null - ok
22:52:36.0031 1548 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:52:36.0093 1548 nv - ok
22:52:36.0312 1548 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:52:36.0328 1548 NwlnkFlt - ok
22:52:36.0546 1548 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:52:36.0546 1548 NwlnkFwd - ok
22:52:36.0718 1548 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:52:36.0718 1548 Parport - ok
22:52:36.0875 1548 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:52:36.0875 1548 PartMgr - ok
22:52:37.0046 1548 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:52:37.0046 1548 ParVdm - ok
22:52:37.0203 1548 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:52:37.0203 1548 PCI - ok
22:52:37.0359 1548 PCIDump - ok
22:52:37.0468 1548 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:52:37.0468 1548 PCIIde - ok
22:52:37.0671 1548 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:52:37.0671 1548 Pcmcia - ok
22:52:37.0781 1548 PDCOMP - ok
22:52:37.0843 1548 PDFRAME - ok
22:52:37.0890 1548 PDRELI - ok
22:52:37.0937 1548 PDRFRAME - ok
22:52:38.0046 1548 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:52:38.0046 1548 perc2 - ok
22:52:38.0203 1548 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:52:38.0203 1548 perc2hib - ok
22:52:38.0484 1548 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:52:38.0484 1548 PptpMiniport - ok
22:52:38.0687 1548 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:52:38.0687 1548 PSched - ok
22:52:38.0843 1548 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:52:38.0843 1548 Ptilink - ok
22:52:38.0953 1548 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:52:38.0953 1548 PxHelp20 - ok
22:52:39.0140 1548 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:52:39.0140 1548 ql1080 - ok
22:52:39.0312 1548 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:52:39.0312 1548 Ql10wnt - ok
22:52:39.0500 1548 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:52:39.0500 1548 ql12160 - ok
22:52:39.0687 1548 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:52:39.0687 1548 ql1240 - ok
22:52:39.0875 1548 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:52:39.0875 1548 ql1280 - ok
22:52:40.0062 1548 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:52:40.0062 1548 RasAcd - ok
22:52:40.0281 1548 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:52:40.0281 1548 Rasl2tp - ok
22:52:40.0500 1548 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:52:40.0500 1548 RasPppoe - ok
22:52:40.0625 1548 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:52:40.0625 1548 Raspti - ok
22:52:40.0765 1548 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:52:40.0765 1548 Rdbss - ok
22:52:40.0828 1548 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:52:40.0828 1548 RDPCDD - ok
22:52:40.0937 1548 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:52:40.0937 1548 rdpdr - ok
22:52:41.0093 1548 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:52:41.0093 1548 RDPWD - ok
22:52:41.0234 1548 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:52:41.0234 1548 redbook - ok
22:52:41.0453 1548 RPSKT - ok
22:52:41.0640 1548 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:52:41.0640 1548 Secdrv - ok
22:52:41.0875 1548 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
22:52:41.0890 1548 senfilt - ok
22:52:42.0093 1548 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:52:42.0093 1548 serenum - ok
22:52:42.0296 1548 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:52:42.0296 1548 Serial - ok
22:52:42.0500 1548 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:52:42.0500 1548 Sfloppy - ok
22:52:42.0625 1548 Simbad - ok
22:52:42.0703 1548 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:52:42.0703 1548 sisagp - ok
22:52:42.0937 1548 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
22:52:42.0937 1548 smwdm - ok
22:52:43.0125 1548 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:52:43.0125 1548 Sparrow - ok
22:52:43.0296 1548 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:52:43.0296 1548 splitter - ok
22:52:43.0546 1548 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:52:43.0546 1548 sr - ok
22:52:43.0828 1548 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSP.SYS
22:52:43.0859 1548 SRTSP - ok
22:52:44.0093 1548 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1305000.091\SRTSPX.SYS
22:52:44.0093 1548 SRTSPX - ok
22:52:44.0296 1548 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:52:44.0312 1548 Srv - ok
22:52:44.0500 1548 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:52:44.0500 1548 sscdbhk5 - ok
22:52:44.0734 1548 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
22:52:44.0734 1548 ssrtln - ok
22:52:44.0953 1548 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:52:44.0953 1548 swenum - ok
22:52:45.0156 1548 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:52:45.0156 1548 swmidi - ok
22:52:45.0375 1548 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:52:45.0375 1548 symc810 - ok
22:52:45.0562 1548 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:52:45.0562 1548 symc8xx - ok
22:52:45.0781 1548 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMDS.SYS
22:52:45.0796 1548 SymDS - ok
22:52:46.0062 1548 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMEFA.SYS
22:52:46.0125 1548 SymEFA - ok
22:52:46.0312 1548 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
22:52:46.0312 1548 SymEvent - ok
22:52:46.0531 1548 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1305000.091\Ironx86.SYS
22:52:46.0531 1548 SymIRON - ok
22:52:46.0765 1548 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\system32\drivers\NIS\1305000.091\SYMTDI.SYS
22:52:46.0765 1548 SYMTDI - ok
22:52:46.0984 1548 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:52:46.0984 1548 sym_hi - ok
22:52:47.0140 1548 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:52:47.0140 1548 sym_u3 - ok
22:52:47.0328 1548 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:52:47.0328 1548 sysaudio - ok
22:52:47.0609 1548 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:52:47.0625 1548 Tcpip - ok
22:52:47.0828 1548 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:52:47.0828 1548 TDPIPE - ok
22:52:47.0984 1548 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:52:47.0984 1548 TDTCP - ok
22:52:48.0156 1548 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:52:48.0156 1548 TermDD - ok
22:52:48.0359 1548 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
22:52:48.0359 1548 tfsnboio - ok
22:52:48.0562 1548 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
22:52:48.0562 1548 tfsncofs - ok
22:52:48.0656 1548 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
22:52:48.0656 1548 tfsndrct - ok
22:52:48.0703 1548 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
22:52:48.0703 1548 tfsndres - ok
22:52:48.0812 1548 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
22:52:48.0812 1548 tfsnifs - ok
22:52:48.0968 1548 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
22:52:48.0968 1548 tfsnopio - ok
22:52:49.0156 1548 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
22:52:49.0156 1548 tfsnpool - ok
22:52:49.0343 1548 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
22:52:49.0359 1548 tfsnudf - ok
22:52:49.0546 1548 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
22:52:49.0546 1548 tfsnudfa - ok
22:52:49.0765 1548 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:52:49.0765 1548 TosIde - ok
22:52:49.0953 1548 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:52:49.0953 1548 Udfs - ok
22:52:50.0125 1548 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:52:50.0125 1548 ultra - ok
22:52:50.0312 1548 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:52:50.0328 1548 Update - ok
22:52:50.0546 1548 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:52:50.0546 1548 usbccgp - ok
22:52:50.0750 1548 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:52:50.0750 1548 usbehci - ok
22:52:50.0921 1548 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:52:50.0921 1548 usbhub - ok
22:52:51.0156 1548 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:52:51.0156 1548 usbprint - ok
22:52:51.0343 1548 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:52:51.0343 1548 usbscan - ok
22:52:51.0562 1548 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:52:51.0562 1548 USBSTOR - ok
22:52:51.0750 1548 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:52:51.0765 1548 usbuhci - ok
22:52:51.0968 1548 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:52:51.0968 1548 VgaSave - ok
22:52:52.0140 1548 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:52:52.0140 1548 viaagp - ok
22:52:52.0296 1548 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:52:52.0296 1548 ViaIde - ok
22:52:52.0453 1548 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:52:52.0453 1548 VolSnap - ok
22:52:52.0656 1548 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:52:52.0656 1548 Wanarp - ok
22:52:52.0859 1548 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:52:52.0859 1548 wanatw - ok
22:52:53.0015 1548 WDICA - ok
22:52:53.0109 1548 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:52:53.0109 1548 wdmaud - ok
22:52:53.0500 1548 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:52:53.0500 1548 WS2IFSL - ok
22:52:53.0687 1548 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:52:53.0703 1548 WudfPf - ok
22:52:53.0875 1548 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
22:52:53.0921 1548 \Device\Harddisk0\DR0 - ok
22:52:53.0968 1548 Boot (0x1200) (ed764fa105ba8df6c33cdd36da0f41b2) \Device\Harddisk0\DR0\Partition0
22:52:53.0968 1548 \Device\Harddisk0\DR0\Partition0 - ok
22:52:53.0984 1548 ============================================================
22:52:53.0984 1548 Scan finished
22:52:53.0984 1548 ============================================================
22:52:54.0031 1568 Detected object count: 0
22:52:54.0031 1568 Actual detected object count: 0
22:54:10.0171 1388 Deinitialize success



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Joseph Paino :: D6LVFK81 [administrator]

2/20/2012 10:54:37 PM
mbam-log-2012-02-20 (22-54-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253981
Time elapsed: 36 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Utilities\Spyware Programs\Start Up Run\strun.exe (PUP.StartUpManager) -> Quarantined and deleted successfully.

(end)

 

[SJGinNJ]

Just to let you know

Norton Internet Security 2012 just ran a quick scan and found 22 tracking cookies - fully resolved and it also found Trojan.ADH.2 - fully resolved.

Upon investigation, the Trojan.ADH.2 was actually the ComboFix.exe on the desktop, I guess Norton sees it as a threat.

So far no warnings about Zeroaccess Rootkit and Tidserv like before.

Steve

 

[SJGinNJ]

I think I'm in the clear

Bobeye,

I think you can close this thread as I seem to have fixed the other issues.

The slow start up was due to some startup services left behind by these viruses. The startup entries were still active even though the .exe files had been removed. When I removed them with MSCONFIG and restarted, the slow start up was gone.

The second fix was for Windows Update which was broken. I followed the instructions in a knowledge base article and was able to fix that.

Seeing as how the rootkits seem to be gone this thread is done.

Thanks again for all your help,

Steve

 

[Bobbye]

Thread closed per member's request. Cleaning was not completed.