Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8345
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/10/2011 12:13:44 AM
mbam-log-2011-12-10 (00-13-44).txt
Scan type: Quick scan
Objects scanned: 187614
Time elapsed: 26 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Setup.Player.2K2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Setup.Player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000185-C745-43D2-44F1-01A1C789C738} (Adware.SmartBrowser) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\SYSINETSVC32.DLL (Adware.EGDAccess) -> Value: SYSINETSVC32.DLL -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
c:\program files\mailskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser (Adware.SmartBrowser) -> Quarantined and deleted successfully.
Files Infected:
c:\temp\180sainstaller.exe (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\miniinst.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\res270.tmp (Adware.ZangoSearchAssistant) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\DelEC.tmp (Adware.180olutions) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eg_auth_srv_1047.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sysinetsvc32.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\instant-access.exe (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\WINDOWS\downloaded program files\EGAUTH.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\downloaded program files\sysinetsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\p2esocks_1047.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internet explorer\1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mailskinner\oeskinner.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\installbho.txt (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\lic.txt (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\licdialog.exe (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\logo.ico (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\system.htm (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\thingies.lish.enctext (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\thingies.lish.enctext.tmp (Adware.SmartBrowser) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-10 14:33:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9100822A rev.3.02
Running: uq8qbkgy.exe; Driver: C:\DOCUME~1\PAULBI~1\LOCALS~1\Temp\agddipoc.sys
---- System - GMER 1.0.15 ----
SSDT sppq.sys ZwCreateKey [0xF8C730E0]
SSDT sppq.sys ZwEnumerateKey [0xF8C8BDA4]
SSDT sppq.sys ZwEnumerateValueKey [0xF8C8C132]
SSDT sppq.sys ZwOpenKey [0xF8C730C0]
SSDT sppq.sys ZwQueryKey [0xF8C8C20A]
SSDT sppq.sys ZwQueryValueKey [0xF8C8C08A]
SSDT sppq.sys ZwSetValueKey [0xF8C8C29C]
INT 0x62 ? 83771BF8
INT 0x73 ? 837E0BF8
INT 0x82 ? 83771BF8
INT 0xB4 ? 83518F00
INT 0xB4 ? 83518F00
INT 0xB4 ? 83518F00
INT 0xB4 ? 83518F00
---- Kernel code sections - GMER 1.0.15 ----
? sppq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F89068AC 5 Bytes JMP 835184E0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF88608BF]
.text aamhgpss.SYS F8566386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aamhgpss.SYS F85663AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aamhgpss.SYS F85663C4 3 Bytes [00, 80, 02]
.text aamhgpss.SYS F85663C9 1 Byte [30]
.text aamhgpss.SYS F85663C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8C74042] sppq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8C7413E] sppq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8C740C0] sppq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8C74800] sppq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8C746D6] sppq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8C83B90] sppq.sys
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 837701F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device \Driver\usbohci \Device\USBPDO-0 835F1500
Device \Driver\usbohci \Device\USBPDO-1 835F1500
Device \Driver\usbehci \Device\USBPDO-2 8350C500
Device \Driver\PCI_PNP1500 \Device\00000049 sppq.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 837DE1F8
Device \Driver\Cdrom \Device\CdRom0 83505500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 83505500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8359F1F8
Device \Driver\NetBT \Device\NetbiosSmb 8359F1F8
Device \Driver\sptd \Device\115099000 sppq.sys
Device \Driver\usbohci \Device\USBFDO-0 835F1500
Device \Driver\usbohci \Device\USBFDO-1 835F1500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 831B01F8
Device \Driver\usbehci \Device\USBFDO-2 8350C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 831B01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{86ACEF12-F475-43C7-8261-03FE207F12A2} 8359F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D37D812A-4C6A-41CB-ACA7-E38E8A088AFF} 8359F1F8
Device \Driver\Ftdisk \Device\FtControl 837DE1F8
Device \Driver\aamhgpss \Device\Scsi\aamhgpss1Port2Path0Target0Lun0 8350B500
Device \Driver\aamhgpss \Device\Scsi\aamhgpss1 8350B500
Device \FileSystem\Cdfs \Cdfs 8319B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0xA9 0x91 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE3 0x66 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xA3 0x33 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x5A 0x77 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE3 0x66 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xA3 0x33 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0xB7 0xD9 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE3 0x66 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xA3 0x33 0xA2 ...
---- EOF - GMER 1.0.15 ----
DDS log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Run by Paul Bigharty at 14:37:59 on 2011-12-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.143 [GMT -5:00]
.
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {7C910732-0013-0000-180A-960000009600}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ultimate-guitar.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [requester] "c:\windows\system32\requester.11.exe"
mRun: [ysFSUrGJU] c:\windows\undcbo.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iknac] "c:\windows\system32\iknac.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - hxxp://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1047_EN_XP.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - hxxp://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D37D812A-4C6A-41CB-ACA7-E38E8A088AFF} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\paul bigharty\application data\mozilla\firefox\profiles\vlk2mkvh.default user\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-9 366152]
R2 pciinfo;HP Pci Information;c:\docume~1\paulbi~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [2006-10-4 1792]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-9 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-10-22 42512]
S3 TASCAM_US1641;TASCAM US-1641 Audio Device driver;c:\windows\system32\drivers\tus1641u.sys --> c:\windows\system32\drivers\tus1641u.sys [?]
S3 TASCAM_US1641_MIDI;TASCAM US-1641 WDM MIDI Device;c:\windows\system32\drivers\tus1641m.sys --> c:\windows\system32\drivers\tus1641m.sys [?]
S3 TASCAM_US1800;TASCAM US-1800 Audio Device driver;c:\windows\system32\drivers\tus1800u.sys [2011-7-27 333376]
S3 TASCAM_US1800_MIDI;TASCAM US-1800 WDM MIDI Device;c:\windows\system32\drivers\tus1800m.sys [2011-7-27 26688]
S3 TASCAM_US1800_WDM;TASCAM US-1800 WDM;c:\windows\system32\drivers\tus1800a.sys [2011-7-27 40512]
.
=============== Created Last 30 ================
.
2011-12-10 04:44:35 -------- d-----w- c:\documents and settings\paul bigharty\application data\Malwarebytes
2011-12-10 04:43:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-10 04:43:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 04:42:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 04:31:15 -------- d-----w- c:\windows\system32\NtmsData
2011-12-10 03:54:57 -------- d-----w- c:\windows\system32\scripting
2011-12-10 03:54:54 -------- d-----w- c:\windows\l2schemas
2011-12-10 03:54:53 -------- d-----w- c:\windows\system32\en
2011-12-10 03:54:53 -------- d-----w- c:\windows\system32\bits
2011-12-10 03:50:02 -------- d-----w- c:\windows\network diagnostic
2011-12-10 03:45:36 -------- d-----w- c:\windows\EHome
2011-12-10 03:35:55 -------- d-s---w- c:\documents and settings\paul bigharty\UserData
2011-11-19 22:34:29 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2011-11-19 22:33:33 65536 ------w- c:\windows\system32\MFC71DEU.DLL
2011-11-19 22:33:33 61440 ------w- c:\windows\system32\MFC71ITA.DLL
2011-11-19 22:33:33 61440 ------w- c:\windows\system32\MFC71FRA.DLL
2011-11-19 22:33:33 61440 ------w- c:\windows\system32\MFC71ESP.DLL
2011-11-19 22:33:33 57344 ------w- c:\windows\system32\MFC71ENU.DLL
2011-11-19 22:33:33 49152 ------w- c:\windows\system32\MFC71KOR.DLL
2011-11-19 22:33:33 49152 ------w- c:\windows\system32\MFC71JPN.DLL
2011-11-19 22:33:33 45056 ------w- c:\windows\system32\MFC71CHT.DLL
2011-11-19 22:33:33 40960 ------w- c:\windows\system32\MFC71CHS.DLL
2011-11-19 22:33:31 98304 ------w- c:\windows\system32\Diomidi.DLL
2011-11-19 22:33:31 5632 ------w- c:\windows\system32\digicoin.dll
2011-11-19 22:33:31 102400 ------w- c:\windows\system32\Digi32.dll
.
==================== Find3M ====================
.
2011-10-25 19:13:41 487424 ----a-w- c:\windows\system32\rvzvilil.exe
.
============= FINISH: 14:39:35.56 ===============
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/18/2005 2:31:00 AM
System Uptime: 12/10/2011 12:20:51 PM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3500+ | U23 | 2188/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 34.402 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP667: 9/12/2011 12:21:42 PM - Installed iTunes
RP668: 9/12/2011 12:26:31 PM - Software Distribution Service 3.0
RP669: 9/16/2011 5:32:30 PM - Software Distribution Service 3.0
RP670: 9/17/2011 9:30:03 PM - System Checkpoint
RP671: 9/19/2011 1:50:11 PM - System Checkpoint
RP672: 9/20/2011 4:06:55 PM - System Checkpoint
RP673: 9/21/2011 3:33:02 PM - Software Distribution Service 3.0
RP674: 10/10/2011 4:17:42 PM - System Checkpoint
RP675: 10/17/2011 3:33:08 PM - System Checkpoint
RP676: 10/24/2011 12:08:12 PM - System Checkpoint
RP677: 10/25/2011 3:40:17 PM - System Checkpoint
RP678: 10/26/2011 4:30:08 PM - Software Distribution Service 3.0
RP679: 10/27/2011 4:53:54 PM - System Checkpoint
RP680: 10/29/2011 10:24:34 PM - System Checkpoint
RP681: 10/31/2011 12:16:38 PM - System Checkpoint
RP682: 11/1/2011 8:01:09 PM - System Checkpoint
RP683: 11/3/2011 1:18:07 PM - System Checkpoint
RP684: 11/7/2011 5:11:46 PM - System Checkpoint
RP685: 11/10/2011 7:43:28 PM - System Checkpoint
RP686: 11/16/2011 10:41:49 AM - System Checkpoint
RP687: 11/17/2011 1:53:45 PM - System Checkpoint
RP688: 11/19/2011 5:33:29 PM - Installed Digidesign Audio Drivers
RP689: 11/21/2011 11:02:47 PM - System Checkpoint
RP690: 11/25/2011 2:31:20 PM - Software Distribution Service 3.0
RP691: 11/26/2011 3:41:04 PM - System Checkpoint
RP692: 11/27/2011 9:51:23 PM - System Checkpoint
RP693: 11/30/2011 11:51:17 AM - System Checkpoint
RP694: 12/1/2011 10:44:50 PM - System Checkpoint
RP695: 12/3/2011 9:45:31 AM - System Checkpoint
RP696: 12/4/2011 11:19:56 AM - System Checkpoint
RP697: 12/5/2011 8:28:33 PM - System Checkpoint
RP698: 12/6/2011 10:00:47 PM - System Checkpoint
RP699: 12/7/2011 10:22:36 PM - System Checkpoint
RP700: 12/8/2011 11:20:27 PM - System Checkpoint
RP701: 12/9/2011 10:37:30 PM - Software Distribution Service 3.0
RP702: 12/9/2011 10:41:24 PM - Software Distribution Service 3.0
RP703: 12/10/2011 10:29:26 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
ACID Pro 7.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Antares Autotune VST v5.09
Antares AVOX Evo VST RTAS v3.0.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Beta Bugs BugPack1 VST
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Compaq Presario r4000 User Guides
Conexant AC-Link Audio
CrunchDude 0.1
Data Fax SoftModem with SmartCP
Desktop
Digidesign Shared Plug-Ins
EphPod
Favorit
FL Studio 7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Software Update
HP Wireless Assistant 1.01 A3
HpSdpAppCoreApp
IL Download Manager
Impulse v. 3.10
InterVideo WinDVD
iTunes
iZotope Ozone 4
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
LS_HSI
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Gateway
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Noise Reduction Plug-in 2.0i
Opera 9.0
Organ One v. 2.10
PACE System Files
Quick Launch Buttons 5.10 B3
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
Sonic Update Manager
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford R3 EQ PowerCore VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Sonnox Oxford TransMod Native VST v1.3.1
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony Noise Reduction Plug-In 2.0h
Sound Forge Pro 10.0
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Tune Tools for iPod
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
US-1800 driver
UserGuides
VideoLAN VLC media player 0.8.6c
Vintage Vocoder 1.03 Build 1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
XCOM-Total Pack
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 8:22:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/10/2011 12:20:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
12/10/2011 12:20:43 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 12:18:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
12/10/2011 10:32:57 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/10/2011 1:03:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
That's it. Any help or guidance provided on this would be much appreciated.
Thanks,
Heckscher
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8345
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/10/2011 12:13:44 AM
mbam-log-2011-12-10 (00-13-44).txt
Scan type: Quick scan
Objects scanned: 187614
Time elapsed: 26 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Setup.Player.2K2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Setup.Player (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000185-C745-43D2-44F1-01A1C789C738} (Adware.SmartBrowser) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM32\SYSINETSVC32.DLL (Adware.EGDAccess) -> Value: SYSINETSVC32.DLL -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
c:\program files\mailskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser (Adware.SmartBrowser) -> Quarantined and deleted successfully.
Files Infected:
c:\temp\180sainstaller.exe (Adware.Zango) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\miniinst.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\res270.tmp (Adware.ZangoSearchAssistant) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\DelEC.tmp (Adware.180olutions) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eg_auth_srv_1047.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sysinetsvc32.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\documents and settings\paul bigharty\local settings\Temp\instant-access.exe (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\WINDOWS\downloaded program files\EGAUTH.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\downloaded program files\sysinetsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\p2esocks_1047.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\internet explorer\1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\internet explorer\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mailskinner\oeskinner.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\installbho.txt (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\lic.txt (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\licdialog.exe (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\logo.ico (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\system.htm (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\thingies.lish.enctext (Adware.SmartBrowser) -> Quarantined and deleted successfully.
c:\program files\SB\smart-browser\thingies.lish.enctext.tmp (Adware.SmartBrowser) -> Quarantined and deleted successfully.
GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-10 14:33:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9100822A rev.3.02
Running: uq8qbkgy.exe; Driver: C:\DOCUME~1\PAULBI~1\LOCALS~1\Temp\agddipoc.sys
---- System - GMER 1.0.15 ----
SSDT sppq.sys ZwCreateKey [0xF8C730E0]
SSDT sppq.sys ZwEnumerateKey [0xF8C8BDA4]
SSDT sppq.sys ZwEnumerateValueKey [0xF8C8C132]
SSDT sppq.sys ZwOpenKey [0xF8C730C0]
SSDT sppq.sys ZwQueryKey [0xF8C8C20A]
SSDT sppq.sys ZwQueryValueKey [0xF8C8C08A]
SSDT sppq.sys ZwSetValueKey [0xF8C8C29C]
INT 0x62 ? 83771BF8
INT 0x73 ? 837E0BF8
INT 0x82 ? 83771BF8
INT 0xB4 ? 83518F00
INT 0xB4 ? 83518F00
INT 0xB4 ? 83518F00
INT 0xB4 ? 83518F00
---- Kernel code sections - GMER 1.0.15 ----
? sppq.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F89068AC 5 Bytes JMP 835184E0
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF88608BF]
.text aamhgpss.SYS F8566386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aamhgpss.SYS F85663AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aamhgpss.SYS F85663C4 3 Bytes [00, 80, 02]
.text aamhgpss.SYS F85663C9 1 Byte [30]
.text aamhgpss.SYS F85663C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8C74042] sppq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8C7413E] sppq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8C740C0] sppq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8C74800] sppq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8C746D6] sppq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8C83B90] sppq.sys
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aamhgpss.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 837701F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device \Driver\usbohci \Device\USBPDO-0 835F1500
Device \Driver\usbohci \Device\USBPDO-1 835F1500
Device \Driver\usbehci \Device\USBPDO-2 8350C500
Device \Driver\PCI_PNP1500 \Device\00000049 sppq.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 837DE1F8
Device \Driver\Cdrom \Device\CdRom0 83505500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F8BCFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 83505500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8359F1F8
Device \Driver\NetBT \Device\NetbiosSmb 8359F1F8
Device \Driver\sptd \Device\115099000 sppq.sys
Device \Driver\usbohci \Device\USBFDO-0 835F1500
Device \Driver\usbohci \Device\USBFDO-1 835F1500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 831B01F8
Device \Driver\usbehci \Device\USBFDO-2 8350C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 831B01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{86ACEF12-F475-43C7-8261-03FE207F12A2} 8359F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D37D812A-4C6A-41CB-ACA7-E38E8A088AFF} 8359F1F8
Device \Driver\Ftdisk \Device\FtControl 837DE1F8
Device \Driver\aamhgpss \Device\Scsi\aamhgpss1Port2Path0Target0Lun0 8350B500
Device \Driver\aamhgpss \Device\Scsi\aamhgpss1 8350B500
Device \FileSystem\Cdfs \Cdfs 8319B1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0xA9 0x91 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE3 0x66 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xA3 0x33 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x5A 0x77 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE3 0x66 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xA3 0x33 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x37 0xB7 0xD9 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0xE3 0x66 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xA3 0x33 0xA2 ...
---- EOF - GMER 1.0.15 ----
DDS log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Run by Paul Bigharty at 14:37:59 on 2011-12-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.143 [GMT -5:00]
.
AV: AntiVir PersonalEdition Classic Virus Protection *Enabled/Updated* {7C910732-0013-0000-180A-960000009600}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ultimate-guitar.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [requester] "c:\windows\system32\requester.11.exe"
mRun: [ysFSUrGJU] c:\windows\undcbo.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iknac] "c:\windows\system32\iknac.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - hxxp://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1047_EN_XP.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - hxxp://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1046_EN_XP.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D37D812A-4C6A-41CB-ACA7-E38E8A088AFF} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\paul bigharty\application data\mozilla\firefox\profiles\vlk2mkvh.default user\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-9 366152]
R2 pciinfo;HP Pci Information;c:\docume~1\paulbi~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [2006-10-4 1792]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-9 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-10-22 42512]
S3 TASCAM_US1641;TASCAM US-1641 Audio Device driver;c:\windows\system32\drivers\tus1641u.sys --> c:\windows\system32\drivers\tus1641u.sys [?]
S3 TASCAM_US1641_MIDI;TASCAM US-1641 WDM MIDI Device;c:\windows\system32\drivers\tus1641m.sys --> c:\windows\system32\drivers\tus1641m.sys [?]
S3 TASCAM_US1800;TASCAM US-1800 Audio Device driver;c:\windows\system32\drivers\tus1800u.sys [2011-7-27 333376]
S3 TASCAM_US1800_MIDI;TASCAM US-1800 WDM MIDI Device;c:\windows\system32\drivers\tus1800m.sys [2011-7-27 26688]
S3 TASCAM_US1800_WDM;TASCAM US-1800 WDM;c:\windows\system32\drivers\tus1800a.sys [2011-7-27 40512]
.
=============== Created Last 30 ================
.
2011-12-10 04:44:35 -------- d-----w- c:\documents and settings\paul bigharty\application data\Malwarebytes
2011-12-10 04:43:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-10 04:43:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 04:42:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-10 04:31:15 -------- d-----w- c:\windows\system32\NtmsData
2011-12-10 03:54:57 -------- d-----w- c:\windows\system32\scripting
2011-12-10 03:54:54 -------- d-----w- c:\windows\l2schemas
2011-12-10 03:54:53 -------- d-----w- c:\windows\system32\en
2011-12-10 03:54:53 -------- d-----w- c:\windows\system32\bits
2011-12-10 03:50:02 -------- d-----w- c:\windows\network diagnostic
2011-12-10 03:45:36 -------- d-----w- c:\windows\EHome
2011-12-10 03:35:55 -------- d-s---w- c:\documents and settings\paul bigharty\UserData
2011-11-19 22:34:29 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2011-11-19 22:33:33 65536 ------w- c:\windows\system32\MFC71DEU.DLL
2011-11-19 22:33:33 61440 ------w- c:\windows\system32\MFC71ITA.DLL
2011-11-19 22:33:33 61440 ------w- c:\windows\system32\MFC71FRA.DLL
2011-11-19 22:33:33 61440 ------w- c:\windows\system32\MFC71ESP.DLL
2011-11-19 22:33:33 57344 ------w- c:\windows\system32\MFC71ENU.DLL
2011-11-19 22:33:33 49152 ------w- c:\windows\system32\MFC71KOR.DLL
2011-11-19 22:33:33 49152 ------w- c:\windows\system32\MFC71JPN.DLL
2011-11-19 22:33:33 45056 ------w- c:\windows\system32\MFC71CHT.DLL
2011-11-19 22:33:33 40960 ------w- c:\windows\system32\MFC71CHS.DLL
2011-11-19 22:33:31 98304 ------w- c:\windows\system32\Diomidi.DLL
2011-11-19 22:33:31 5632 ------w- c:\windows\system32\digicoin.dll
2011-11-19 22:33:31 102400 ------w- c:\windows\system32\Digi32.dll
.
==================== Find3M ====================
.
2011-10-25 19:13:41 487424 ----a-w- c:\windows\system32\rvzvilil.exe
.
============= FINISH: 14:39:35.56 ===============
Attach log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/18/2005 2:31:00 AM
System Uptime: 12/10/2011 12:20:51 PM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 3085
Processor: AMD Athlon(tm) 64 Processor 3500+ | U23 | 2188/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 34.402 GiB free.
D: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP667: 9/12/2011 12:21:42 PM - Installed iTunes
RP668: 9/12/2011 12:26:31 PM - Software Distribution Service 3.0
RP669: 9/16/2011 5:32:30 PM - Software Distribution Service 3.0
RP670: 9/17/2011 9:30:03 PM - System Checkpoint
RP671: 9/19/2011 1:50:11 PM - System Checkpoint
RP672: 9/20/2011 4:06:55 PM - System Checkpoint
RP673: 9/21/2011 3:33:02 PM - Software Distribution Service 3.0
RP674: 10/10/2011 4:17:42 PM - System Checkpoint
RP675: 10/17/2011 3:33:08 PM - System Checkpoint
RP676: 10/24/2011 12:08:12 PM - System Checkpoint
RP677: 10/25/2011 3:40:17 PM - System Checkpoint
RP678: 10/26/2011 4:30:08 PM - Software Distribution Service 3.0
RP679: 10/27/2011 4:53:54 PM - System Checkpoint
RP680: 10/29/2011 10:24:34 PM - System Checkpoint
RP681: 10/31/2011 12:16:38 PM - System Checkpoint
RP682: 11/1/2011 8:01:09 PM - System Checkpoint
RP683: 11/3/2011 1:18:07 PM - System Checkpoint
RP684: 11/7/2011 5:11:46 PM - System Checkpoint
RP685: 11/10/2011 7:43:28 PM - System Checkpoint
RP686: 11/16/2011 10:41:49 AM - System Checkpoint
RP687: 11/17/2011 1:53:45 PM - System Checkpoint
RP688: 11/19/2011 5:33:29 PM - Installed Digidesign Audio Drivers
RP689: 11/21/2011 11:02:47 PM - System Checkpoint
RP690: 11/25/2011 2:31:20 PM - Software Distribution Service 3.0
RP691: 11/26/2011 3:41:04 PM - System Checkpoint
RP692: 11/27/2011 9:51:23 PM - System Checkpoint
RP693: 11/30/2011 11:51:17 AM - System Checkpoint
RP694: 12/1/2011 10:44:50 PM - System Checkpoint
RP695: 12/3/2011 9:45:31 AM - System Checkpoint
RP696: 12/4/2011 11:19:56 AM - System Checkpoint
RP697: 12/5/2011 8:28:33 PM - System Checkpoint
RP698: 12/6/2011 10:00:47 PM - System Checkpoint
RP699: 12/7/2011 10:22:36 PM - System Checkpoint
RP700: 12/8/2011 11:20:27 PM - System Checkpoint
RP701: 12/9/2011 10:37:30 PM - Software Distribution Service 3.0
RP702: 12/9/2011 10:41:24 PM - Software Distribution Service 3.0
RP703: 12/10/2011 10:29:26 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
ACID Pro 7.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Antares Autotune VST v5.09
Antares AVOX Evo VST RTAS v3.0.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Beta Bugs BugPack1 VST
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Compaq Presario r4000 User Guides
Conexant AC-Link Audio
CrunchDude 0.1
Data Fax SoftModem with SmartCP
Desktop
Digidesign Shared Plug-Ins
EphPod
Favorit
FL Studio 7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Software Update
HP Wireless Assistant 1.01 A3
HpSdpAppCoreApp
IL Download Manager
Impulse v. 3.10
InterVideo WinDVD
iTunes
iZotope Ozone 4
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
LS_HSI
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Gateway
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Noise Reduction Plug-in 2.0i
Opera 9.0
Organ One v. 2.10
PACE System Files
Quick Launch Buttons 5.10 B3
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
Sonic Update Manager
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford R3 EQ PowerCore VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Sonnox Oxford TransMod Native VST v1.3.1
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony Noise Reduction Plug-In 2.0h
Sound Forge Pro 10.0
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
Tune Tools for iPod
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
US-1800 driver
UserGuides
VideoLAN VLC media player 0.8.6c
Vintage Vocoder 1.03 Build 1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
XCOM-Total Pack
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 8:22:10 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/10/2011 12:20:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
12/10/2011 12:20:43 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 12:18:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
12/10/2011 10:32:57 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
12/10/2011 1:03:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
That's it. Any help or guidance provided on this would be much appreciated.
Thanks,
Heckscher