Solved Malwarebytes anti malware continuously blocks access to multiple ip web address

janajd

janajd

Posts: 69   +0
I am working on my sons laptop, trying to solve the following issues:
here is overview of occurances
on 7-14, dowloaded malwarebytes found "Trojan.happili , removed it, rescan 2 more times , came back clean , scans a few days later were also clean , runing great, until
he got a message lastnight (I did not see this myself) something about updating Itunes (he says)
in the middle of the update, pc slowed & pop up from taskbar about Live Platinum Security detecting virus (I know this sounds like a rogue) could not connect to internet or run scans, he shut off pc.

This after noon I ran 4 scans to start, those scans found:
rogue live security platinum (one folder, one file)
trojan.lamshield (one registry value, one file)
rootkit.0access (3 files)
trojan.fakems.iedw (1file)
these were found over the course of the 4 scans , deleted all , restarted as instructed , rescan a full system scan 3 times, can back clean.
however when I try to connect to the internet, via my home network , wifi, the network icon in taskbar continues to say "acquiring network address) (however I'm on the internet on the network wifi that it says it still trying to connect to) still shows to be aquiring ip even as I am on your site now.
when it does finally sometimes show a connection, I get multiple alerts from malwarebytes every few seconds that it is blocking access to potentially malicious websites and shows ip address. There is atleast 2 dozen random ip that it list.
last symptom, when on the net I occasionally get another tab pop up automatically redireting the page to different site (yellow pages and other search engines) like a browser hijack..
I have never posted on here before, I am hopin someone can help
I have viewed your page: 5 steps virus /spyware malware, preliminary removal instructions. And followed instructions:
what log should I post first????
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.21.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: E1705 [administrator]
Protection: Enabled
7/22/2012 7:46:47 PM
mbam-log-2012-07-22 (19-46-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174310
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-22 20:24:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H
Running: d0n73ns1.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapog.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 20:29:48 on 2012-07-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1297 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxedcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Lexmark S600 Series\lxedmon.exe
C:\Program Files\Lexmark S600 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Conduit] rundll32.exe "c:\documents and settings\administrator\local settings\application data\deployment\conduit\nvuojx.dll",CreateInstance
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [lxedmon.exe] "c:\program files\lexmark s600 series\lxedmon.exe"
mRun: [EzPrint] "c:\program files\lexmark s600 series\ezprint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [Conduit] rundll32.exe "c:\documents and settings\administrator\local settings\application data\deployment\conduit\nvuojx.dll",CreateInstance
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318466456626
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\06jkd509.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-10-12 188272]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 655944]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-10-12 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 22344]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [2011-10-17 193192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-5-16 191752]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-20 113120]
.
=============== Created Last 30 ================
.
2012-07-22 03:36:57 -------- d-----w- c:\documents and settings\all users\application data\036DFF592B17D9790007873A7B07D287
2012-07-14 17:26:58 -------- d-----w- C:\Malwarebytes
2012-07-14 14:55:53 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-07-14 14:55:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-14 14:55:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 14:55:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-07-11 22:23:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-11 22:23:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 20:30:13.17 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/12/2011 8:07:40 PM
System Uptime: 7/22/2012 6:17:26 PM (2 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 1997/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 88 GiB total, 68.823 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_00091028&REV_01\4&360A6DE&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1500 Draft 802.11n WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4328&SUBSYS_00091028&REV_01\4&360A6DE&0&00E1
Service: BCM43XX
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CD1028&REV_01\4&2FE911E8&0&0AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CD1028&REV_0A\4&2FE911E8&0&0BF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01CD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01CD1028&REV_05\4&2FE911E8&0&0CF0
Service:
.
==== System Restore Points ===================
.
RP147: 4/23/2012 6:31:49 PM - System Checkpoint
RP148: 4/24/2012 7:47:00 PM - System Checkpoint
RP149: 4/26/2012 6:06:47 AM - System Checkpoint
RP150: 4/27/2012 4:04:03 PM - System Checkpoint
RP151: 4/28/2012 4:29:57 PM - System Checkpoint
RP152: 4/29/2012 5:10:25 PM - System Checkpoint
RP153: 4/30/2012 9:33:30 PM - System Checkpoint
RP154: 5/1/2012 9:00:19 PM - TITANUIMRES[0x10111101]
RP155: 5/3/2012 3:45:48 PM - System Checkpoint
RP156: 5/5/2012 8:59:34 AM - System Checkpoint
RP157: 5/6/2012 12:26:28 PM - System Checkpoint
RP158: 5/7/2012 7:55:26 PM - System Checkpoint
RP159: 5/9/2012 6:02:20 AM - System Checkpoint
RP160: 5/11/2012 10:02:19 PM - Software Distribution Service 3.0
RP161: 5/13/2012 10:19:07 AM - System Checkpoint
RP162: 5/15/2012 6:09:36 AM - System Checkpoint
RP163: 5/16/2012 6:08:07 PM - System Checkpoint
RP164: 5/17/2012 9:58:58 PM - System Checkpoint
RP165: 5/19/2012 11:55:40 AM - System Checkpoint
RP166: 5/20/2012 12:04:18 PM - System Checkpoint
RP167: 5/21/2012 4:42:29 PM - System Checkpoint
RP168: 5/21/2012 8:55:26 PM - Software Distribution Service 3.0
RP169: 5/22/2012 6:17:54 AM - Software Distribution Service 3.0
RP170: 5/23/2012 4:20:19 PM - System Checkpoint
RP171: 5/24/2012 4:28:52 PM - System Checkpoint
RP172: 5/25/2012 5:24:37 PM - System Checkpoint
RP173: 5/26/2012 5:25:20 PM - System Checkpoint
RP174: 5/27/2012 6:55:51 PM - System Checkpoint
RP175: 5/29/2012 3:54:59 PM - System Checkpoint
RP176: 5/30/2012 5:17:10 PM - System Checkpoint
RP177: 5/31/2012 5:24:34 PM - System Checkpoint
RP178: 6/1/2012 9:00:06 PM - TITANUIMRES[0x10111101]
RP179: 6/2/2012 9:35:37 PM - System Checkpoint
RP180: 6/3/2012 10:35:25 PM - System Checkpoint
RP181: 6/4/2012 4:08:47 PM - Software Distribution Service 3.0
RP182: 6/5/2012 4:49:27 PM - System Checkpoint
RP183: 6/9/2012 7:43:12 PM - System Checkpoint
RP184: 6/9/2012 11:33:48 PM - Installed QuickTime
RP185: 6/11/2012 9:07:10 AM - System Checkpoint
RP186: 6/12/2012 11:06:34 AM - System Checkpoint
RP187: 6/13/2012 1:33:07 PM - System Checkpoint
RP188: 6/13/2012 1:50:11 PM - Software Distribution Service 3.0
RP189: 6/14/2012 9:47:59 PM - System Checkpoint
RP190: 6/16/2012 8:41:17 PM - System Checkpoint
RP191: 6/18/2012 2:43:23 PM - System Checkpoint
RP192: 6/19/2012 10:50:08 PM - System Checkpoint
RP193: 6/21/2012 9:24:51 PM - System Checkpoint
RP194: 6/23/2012 11:15:10 AM - System Checkpoint
RP195: 6/24/2012 10:04:55 PM - System Checkpoint
RP196: 6/27/2012 12:54:36 PM - System Checkpoint
RP197: 6/28/2012 9:27:35 PM - System Checkpoint
RP198: 6/30/2012 10:05:52 PM - System Checkpoint
RP199: 7/1/2012 9:00:07 PM - TITANUIMRES[0x10111101]
RP200: 7/2/2012 9:58:11 PM - System Checkpoint
RP201: 7/4/2012 1:16:13 PM - System Checkpoint
RP202: 7/6/2012 2:55:57 PM - System Checkpoint
RP203: 7/9/2012 4:46:52 PM - System Checkpoint
RP204: 7/11/2012 4:53:56 PM - System Checkpoint
RP205: 7/11/2012 10:44:22 PM - Software Distribution Service 3.0
RP206: 7/13/2012 12:09:16 PM - System Checkpoint
RP207: 7/14/2012 1:12:53 PM - System Checkpoint
RP208: 7/15/2012 3:31:02 PM - System Checkpoint
RP209: 7/16/2012 8:52:23 PM - System Checkpoint
RP210: 7/18/2012 6:50:56 PM - System Checkpoint
RP211: 7/19/2012 10:04:53 PM - System Checkpoint
RP212: 7/20/2012 10:22:28 PM - System Checkpoint
RP213: 7/22/2012 12:45:41 AM - Removed iTunes
RP214: 7/22/2012 6:14:39 PM - Restore Operation
RP215: 7/22/2012 6:18:23 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Coupon Printer for Windows
Dell Resource CD
Dell Wireless WLAN Card
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 31
Lexmark S600 Series
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Drivers
OpenOffice.org 3.1
Paint.NET v3.5.10
QuickSet
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Sound Blaster ADVANCED MB Drivers
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VoiceOver Kit
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/22/2012 2:10:37 AM, error: Service Control Manager [7022] - The Java Quick Starter service hung on starting.
7/22/2012 2:05:43 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe. Reference error message: The operation completed successfully. .
7/22/2012 2:05:43 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" on line 0.
7/22/2012 2:04:33 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
7/22/2012 2:04:33 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/22/2012 12:59:50 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Administrator\My Documents\Downloads\iTunesSetup.exe. Reference error message: The operation completed successfully. .
7/22/2012 12:59:50 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Documents and Settings\Administrator\My Documents\Downloads\iTunesSetup.exe" on line 0.
7/22/2012 12:58:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.
7/22/2012 12:58:31 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2012 12:57:57 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe. Reference error message: The operation completed successfully. .
7/22/2012 12:57:57 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" on line 0.
7/22/2012 12:57:33 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
7/22/2012 12:57:32 AM, error: Service Control Manager [7034] - The lxed_device service terminated unexpectedly. It has done this 2 time(s).
7/22/2012 12:57:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/22/2012 12:57:32 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2012 12:57:31 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/22/2012 12:57:31 AM, error: Service Control Manager [7034] - The lxed_device service terminated unexpectedly. It has done this 1 time(s).
7/22/2012 12:57:31 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/22/2012 12:57:30 AM, error: Service Control Manager [7022] - The NVIDIA Display Driver Service service hung on starting.
7/22/2012 12:57:30 AM, error: Service Control Manager [7022] - The Apple Mobile Device service hung on starting.
7/22/2012 12:57:19 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/22/2012 12:57:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MBAMService service to connect.
7/22/2012 12:57:19 AM, error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2012 12:57:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
7/22/2012 12:57:18 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/22/2012 12:55:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/22/2012 1:16:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
7/22/2012 1:11:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV Fips intelppm tmtdi
7/22/2012 1:10:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/22/2012 1:07:43 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/20/2012 12:59:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SeaPort service to connect.
7/20/2012 12:59:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxedCATSCustConnectService service to connect.
7/20/2012 12:59:57 PM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2012 12:59:57 PM, error: Service Control Manager [7000] - The lxedCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
not sure if its important, but also just noticed, if I restart laptop and let it automatically connect to network for internet access, the aquiring ip address problem is not present, it connects quicklly and normally, however if I disable connection and then enable then that problem is there.
will check for reply tomorrow afternoon.
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 07/23/2012 17:16:57
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] nvuojx.dll -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll -> KILLED [TermProc]
¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Conduit (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Conduit (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Conduit (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Conduit (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-790525478-1450960922-839522115-500[...]\Run : Conduit (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll",CreateInstance) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Conduit (rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll",CreateInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FAKED] redbook.sys : c:\windows\system32\drivers\redbook.sys --> CANNOT FIX
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0x89C42740)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x89AF14C0)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x89C41540)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89C41840)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x89AF1880)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89AF1020)
SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0x89C42D40)
SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0x89C43640)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x89AF1A60)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89AF11C0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89C41B40)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x89C43C20)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x89C41E40)
SSDT[192] : NtRenameKey @ 0x806239F8 -> HOOKED (Unknown @ 0x89C43040)
SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0x89C43340)
SSDT[240] : NtSetSystemInformation @ 0x8060FC04 -> HOOKED (Unknown @ 0x89AF16A0)
SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0x89C42A40)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89C42140)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89C42440)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89C43E00)
S_SSDT[548] : Unknown -> HOOKED (Unknown @ 0x89AF2FC0)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x89AF2DA0)
¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS721010G9SA00 +++++
--- User ---
[MBR] b18bf910c10b4277493cdc73ef114df7
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 89996 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 184410135 | Size: 2047 Mo
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 188603100 | Size: 3302 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

=================================================================

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-23 17:34:23
-----------------------------
17:34:23.656 OS Version: Windows 5.1.2600 Service Pack 3
17:34:23.656 Number of processors: 2 586 0xF06
17:34:23.656 ComputerName: E1705 UserName:
17:34:24.468 Initialize success
17:34:31.375 AVAST engine defs: 12072302
17:34:34.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:34:34.640 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
17:34:34.671 Disk 0 MBR read successfully
17:34:34.687 Disk 0 MBR scan
17:34:34.703 Disk 0 Windows XP default MBR code
17:34:34.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
17:34:34.718 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 89996 MB offset 96390
17:34:34.734 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 184410135
17:34:34.765 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3302 MB offset 188603100
17:34:34.796 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 184410198
17:34:34.828 Disk 0 scanning sectors +195366465
17:34:34.906 Disk 0 scanning C:\WINDOWS\system32\drivers
17:34:51.125 File: C:\WINDOWS\system32\drivers\redbook.sys **INFECTED** Win32:Sirefef-PL [Rtk]
17:34:57.203 Disk 0 trace - called modules:
17:34:57.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba1ab698]<<
17:34:57.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6fcab8]
17:34:57.203 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a53b950]
17:34:57.203 \Driver\00000474[0x8a53bd60] -> IRP_MJ_CREATE -> 0xba1ab698
17:34:57.890 AVAST engine scan C:\WINDOWS
17:35:11.515 AVAST engine scan C:\WINDOWS\system32
17:38:54.703 AVAST engine scan C:\WINDOWS\system32\drivers
17:39:13.515 File: C:\WINDOWS\system32\drivers\redbook.sys **INFECTED** Win32:Sirefef-PL [Rtk]
17:39:23.546 AVAST engine scan C:\Documents and Settings\Administrator
17:48:19.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:48:19.312 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
20:03:44.0625 2340 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
20:03:45.0437 2340 ============================================================
20:03:45.0437 2340 Current date / time: 2012/07/23 20:03:45.0437
20:03:45.0437 2340 SystemInfo:
20:03:45.0437 2340
20:03:45.0437 2340 OS Version: 5.1.2600 ServicePack: 3.0
20:03:45.0437 2340 Product type: Workstation
20:03:45.0437 2340 ComputerName: E1705
20:03:45.0437 2340 UserName: Administrator
20:03:45.0437 2340 Windows directory: C:\WINDOWS
20:03:45.0437 2340 System windows directory: C:\WINDOWS
20:03:45.0437 2340 Processor architecture: Intel x86
20:03:45.0437 2340 Number of processors: 2
20:03:45.0437 2340 Page size: 0x1000
20:03:45.0437 2340 Boot type: Normal boot
20:03:45.0437 2340 ============================================================
20:03:47.0515 2340 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:03:47.0531 2340 ============================================================
20:03:47.0531 2340 \Device\Harddisk0\DR0:
20:03:47.0531 2340 MBR partitions:
20:03:47.0531 2340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0xAFC6791
20:03:47.0562 2340 ============================================================
20:03:47.0796 2340 C: <-> \Device\Harddisk0\DR0\Partition0
20:03:47.0796 2340 ============================================================
20:03:47.0796 2340 Initialize success
20:03:47.0796 2340 ============================================================
20:04:08.0078 1000 ============================================================
20:04:08.0078 1000 Scan started
20:04:08.0078 1000 Mode: Manual;
20:04:08.0078 1000 ============================================================
20:04:08.0437 1000 Abiosdsk - ok
20:04:08.0453 1000 abp480n5 - ok
20:04:08.0500 1000 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:04:08.0515 1000 ACPI - ok
20:04:08.0546 1000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:04:08.0546 1000 ACPIEC - ok
20:04:08.0640 1000 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:04:08.0656 1000 AdobeFlashPlayerUpdateSvc - ok
20:04:08.0656 1000 adpu160m - ok
20:04:08.0687 1000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:04:08.0703 1000 aec - ok
20:04:08.0750 1000 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:04:08.0765 1000 AFD - ok
20:04:08.0765 1000 Aha154x - ok
20:04:08.0765 1000 aic78u2 - ok
20:04:08.0781 1000 aic78xx - ok
20:04:08.0812 1000 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:04:08.0812 1000 Alerter - ok
20:04:08.0843 1000 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:04:08.0843 1000 ALG - ok
20:04:08.0859 1000 AliIde - ok
20:04:08.0859 1000 amsint - ok
20:04:08.0968 1000 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:04:08.0968 1000 Amsp - ok
20:04:09.0000 1000 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
20:04:09.0031 1000 APPDRV - ok
20:04:09.0093 1000 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:09.0093 1000 Apple Mobile Device - ok
20:04:09.0156 1000 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:04:09.0156 1000 AppMgmt - ok
20:04:09.0203 1000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:04:09.0203 1000 Arp1394 - ok
20:04:09.0203 1000 asc - ok
20:04:09.0218 1000 asc3350p - ok
20:04:09.0218 1000 asc3550 - ok
20:04:09.0328 1000 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:04:09.0343 1000 aspnet_state - ok
20:04:09.0359 1000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:04:09.0359 1000 AsyncMac - ok
20:04:09.0390 1000 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:04:09.0390 1000 atapi - ok
20:04:09.0390 1000 Atdisk - ok
20:04:09.0421 1000 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:04:09.0421 1000 Atmarpc - ok
20:04:09.0468 1000 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:04:09.0468 1000 AudioSrv - ok
20:04:09.0515 1000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:04:09.0515 1000 audstub - ok
20:04:09.0609 1000 BBSvc (9c53c3ec25c109badfa2b386a3446f16) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:04:09.0625 1000 BBSvc - ok
20:04:09.0718 1000 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:04:09.0734 1000 BCM43XX - ok
20:04:09.0750 1000 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:04:09.0765 1000 bcm4sbxp - ok
20:04:09.0796 1000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:04:09.0796 1000 Beep - ok
20:04:09.0875 1000 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:04:09.0875 1000 Bonjour Service - ok
20:04:09.0937 1000 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:04:09.0937 1000 Browser - ok
20:04:09.0968 1000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:04:09.0984 1000 cbidf2k - ok
20:04:09.0984 1000 cd20xrnt - ok
20:04:09.0984 1000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:04:09.0984 1000 Cdaudio - ok
20:04:10.0031 1000 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:04:10.0031 1000 Cdfs - ok
20:04:10.0078 1000 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:04:10.0078 1000 Cdrom - ok
20:04:10.0125 1000 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:04:10.0156 1000 cercsr6 - ok
20:04:10.0156 1000 Changer - ok
20:04:10.0171 1000 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:04:10.0187 1000 CiSvc - ok
20:04:10.0187 1000 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:04:10.0187 1000 ClipSrv - ok
20:04:10.0312 1000 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:10.0359 1000 clr_optimization_v2.0.50727_32 - ok
20:04:10.0375 1000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:04:10.0390 1000 CmBatt - ok
20:04:10.0390 1000 CmdIde - ok
20:04:10.0406 1000 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:04:10.0421 1000 Compbatt - ok
20:04:10.0421 1000 COMSysApp - ok
20:04:10.0421 1000 Cpqarray - ok
20:04:10.0484 1000 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:04:10.0484 1000 CryptSvc - ok
20:04:10.0531 1000 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:04:10.0531 1000 ctsfm2k - ok
20:04:10.0562 1000 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
20:04:10.0578 1000 CTUSFSYN - ok
20:04:10.0578 1000 dac2w2k - ok
20:04:10.0578 1000 dac960nt - ok
20:04:10.0656 1000 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:04:10.0671 1000 DcomLaunch - ok
20:04:10.0718 1000 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:04:10.0718 1000 Dhcp - ok
20:04:10.0734 1000 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:04:10.0734 1000 Disk - ok
20:04:10.0734 1000 dmadmin - ok
20:04:10.0843 1000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:04:10.0875 1000 dmboot - ok
20:04:10.0906 1000 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:04:10.0906 1000 dmio - ok
20:04:10.0937 1000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:04:10.0937 1000 dmload - ok
20:04:10.0968 1000 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:04:10.0968 1000 dmserver - ok
20:04:10.0984 1000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:04:10.0984 1000 DMusic - ok
20:04:11.0031 1000 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:04:11.0031 1000 Dnscache - ok
20:04:11.0109 1000 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:04:11.0109 1000 Dot3svc - ok
20:04:11.0109 1000 dpti2o - ok
20:04:11.0125 1000 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:04:11.0140 1000 drmkaud - ok
20:04:11.0171 1000 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:04:11.0171 1000 EapHost - ok
20:04:11.0171 1000 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:04:11.0171 1000 ERSvc - ok
20:04:11.0234 1000 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:04:11.0234 1000 Eventlog - ok
20:04:11.0296 1000 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:04:11.0296 1000 EventSystem - ok
20:04:11.0359 1000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:04:11.0359 1000 Fastfat - ok
20:04:11.0421 1000 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:04:11.0421 1000 FastUserSwitchingCompatibility - ok
20:04:11.0437 1000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:04:11.0437 1000 Fdc - ok
20:04:11.0453 1000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:04:11.0453 1000 Fips - ok
20:04:11.0453 1000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:04:11.0453 1000 Flpydisk - ok
20:04:11.0500 1000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:04:11.0515 1000 FltMgr - ok
20:04:11.0625 1000 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:04:11.0625 1000 FontCache3.0.0.0 - ok
20:04:11.0640 1000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:04:11.0640 1000 Fs_Rec - ok
20:04:11.0656 1000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:04:11.0656 1000 Ftdisk - ok
20:04:11.0687 1000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:04:11.0687 1000 Gpc - ok
20:04:11.0718 1000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:04:11.0718 1000 HDAudBus - ok
20:04:11.0765 1000 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:04:11.0765 1000 helpsvc - ok
20:04:11.0765 1000 HidServ - ok
20:04:11.0781 1000 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:04:11.0796 1000 hidusb - ok
20:04:11.0843 1000 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:04:11.0843 1000 hkmsvc - ok
20:04:11.0843 1000 hpn - ok
20:04:11.0906 1000 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:04:11.0921 1000 HSFHWAZL - ok
20:04:12.0031 1000 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:04:12.0046 1000 HSF_DPV - ok
20:04:12.0125 1000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:04:12.0125 1000 HTTP - ok
20:04:12.0140 1000 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:04:12.0156 1000 HTTPFilter - ok
20:04:12.0156 1000 i2omgmt - ok
20:04:12.0156 1000 i2omp - ok
20:04:12.0187 1000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:04:12.0203 1000 i8042prt - ok
20:04:12.0406 1000 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:04:12.0421 1000 idsvc - ok
20:04:12.0437 1000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:04:12.0437 1000 Imapi - ok
20:04:12.0468 1000 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:04:12.0484 1000 ImapiService - ok
20:04:12.0484 1000 ini910u - ok
20:04:12.0484 1000 IntelIde - ok
20:04:12.0531 1000 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:04:12.0531 1000 intelppm - ok
20:04:12.0562 1000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:04:12.0562 1000 Ip6Fw - ok
20:04:12.0578 1000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:04:12.0593 1000 IpFilterDriver - ok
20:04:12.0609 1000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:04:12.0609 1000 IpInIp - ok
20:04:12.0656 1000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:04:12.0656 1000 IpNat - ok
20:04:12.0687 1000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:04:12.0703 1000 IPSec - ok
20:04:12.0718 1000 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:04:12.0718 1000 IRENUM - ok
20:04:12.0750 1000 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:04:12.0750 1000 isapnp - ok
20:04:12.0859 1000 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
20:04:12.0875 1000 JavaQuickStarterService - ok
20:04:12.0890 1000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:04:12.0890 1000 Kbdclass - ok
20:04:12.0937 1000 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:04:12.0937 1000 kmixer - ok
20:04:12.0968 1000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:04:12.0968 1000 KSecDD - ok
20:04:13.0015 1000 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:04:13.0015 1000 lanmanserver - ok
20:04:13.0046 1000 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:04:13.0046 1000 lanmanworkstation - ok
20:04:13.0062 1000 lbrtfdc - ok
20:04:13.0078 1000 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:04:13.0078 1000 LmHosts - ok
20:04:13.0156 1000 lxedCATSCustConnectService (1f37f74e1f719b0d75f0398f1f397f66) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxedserv.exe
20:04:13.0171 1000 lxedCATSCustConnectService - ok
20:04:13.0171 1000 lxed_device - ok
20:04:13.0203 1000 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
20:04:13.0203 1000 MBAMProtector - ok
20:04:13.0343 1000 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:04:13.0453 1000 MBAMService - ok
20:04:13.0500 1000 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:04:13.0500 1000 mdmxsdk - ok
20:04:13.0531 1000 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:04:13.0531 1000 Messenger - ok
20:04:13.0562 1000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:04:13.0562 1000 mnmdd - ok
20:04:13.0609 1000 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:04:13.0609 1000 mnmsrvc - ok
20:04:13.0625 1000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:04:13.0640 1000 Modem - ok
20:04:13.0828 1000 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
20:04:13.0859 1000 monfilt - ok
20:04:13.0875 1000 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:04:13.0875 1000 Mouclass - ok
20:04:13.0906 1000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:04:13.0906 1000 mouhid - ok
20:04:13.0921 1000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:04:13.0921 1000 MountMgr - ok
20:04:14.0015 1000 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:04:14.0031 1000 MozillaMaintenance - ok
20:04:14.0031 1000 mraid35x - ok
20:04:14.0062 1000 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:04:14.0062 1000 MRxDAV - ok
20:04:14.0140 1000 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:04:14.0140 1000 MRxSmb - ok
20:04:14.0187 1000 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:04:14.0187 1000 MSDTC - ok
20:04:14.0203 1000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:04:14.0218 1000 Msfs - ok
20:04:14.0218 1000 MSIServer - ok
20:04:14.0234 1000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:04:14.0234 1000 MSKSSRV - ok
20:04:14.0250 1000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:04:14.0250 1000 MSPCLOCK - ok
20:04:14.0265 1000 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:04:14.0265 1000 MSPQM - ok
20:04:14.0296 1000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:04:14.0296 1000 mssmbios - ok
20:04:14.0328 1000 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:04:14.0328 1000 Mup - ok
20:04:14.0406 1000 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:04:14.0421 1000 napagent - ok
20:04:14.0468 1000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:04:14.0468 1000 NDIS - ok
20:04:14.0515 1000 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:04:14.0515 1000 NdisTapi - ok
20:04:14.0515 1000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:04:14.0531 1000 Ndisuio - ok
20:04:14.0531 1000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:04:14.0546 1000 NdisWan - ok
20:04:14.0562 1000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:04:14.0562 1000 NDProxy - ok
20:04:14.0593 1000 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:04:14.0593 1000 NetBIOS - ok
20:04:14.0625 1000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:04:14.0625 1000 NetBT - ok
20:04:14.0671 1000 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:04:14.0687 1000 NetDDE - ok
20:04:14.0687 1000 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:04:14.0687 1000 NetDDEdsdm - ok
20:04:14.0734 1000 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:04:14.0734 1000 Netlogon - ok
20:04:14.0765 1000 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:04:14.0765 1000 Netman - ok
20:04:14.0875 1000 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:04:14.0890 1000 NetTcpPortSharing - ok
20:04:14.0906 1000 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:04:14.0906 1000 NIC1394 - ok
20:04:14.0968 1000 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:04:14.0968 1000 Nla - ok
20:04:15.0015 1000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:04:15.0015 1000 Npfs - ok
20:04:15.0078 1000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:04:15.0093 1000 Ntfs - ok
20:04:15.0093 1000 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:04:15.0093 1000 NtLmSsp - ok
20:04:15.0171 1000 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:04:15.0187 1000 NtmsSvc - ok
20:04:15.0218 1000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:04:15.0234 1000 Null - ok
20:04:15.0953 1000 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:04:16.0156 1000 nv - ok
20:04:16.0312 1000 NVSvc (7ee6243758619a391491148eabf0e7b7) C:\WINDOWS\system32\nvsvc32.exe
20:04:16.0328 1000 NVSvc - ok
20:04:16.0375 1000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:04:16.0375 1000 NwlnkFlt - ok
20:04:16.0390 1000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:04:16.0390 1000 NwlnkFwd - ok
20:04:16.0437 1000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:04:16.0437 1000 ohci1394 - ok
20:04:16.0437 1000 OMCI - ok
20:04:16.0484 1000 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:04:16.0484 1000 ossrv - ok
20:04:16.0500 1000 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:04:16.0500 1000 Parport - ok
20:04:16.0515 1000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:04:16.0515 1000 PartMgr - ok
20:04:16.0546 1000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:04:16.0546 1000 ParVdm - ok
20:04:16.0562 1000 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:04:16.0562 1000 PCI - ok
20:04:16.0562 1000 PCIDump - ok
20:04:16.0578 1000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:04:16.0578 1000 PCIIde - ok
20:04:16.0609 1000 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:04:16.0609 1000 Pcmcia - ok
20:04:16.0609 1000 PDCOMP - ok
20:04:16.0625 1000 PDFRAME - ok
20:04:16.0625 1000 PDRELI - ok
20:04:16.0625 1000 PDRFRAME - ok
20:04:16.0640 1000 perc2 - ok
20:04:16.0640 1000 perc2hib - ok
20:04:16.0703 1000 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:04:16.0703 1000 PlugPlay - ok
20:04:16.0718 1000 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:04:16.0718 1000 PolicyAgent - ok
20:04:16.0734 1000 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:04:16.0750 1000 PptpMiniport - ok
20:04:16.0750 1000 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:04:16.0750 1000 ProtectedStorage - ok
20:04:16.0781 1000 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:04:16.0781 1000 PSched - ok
20:04:16.0781 1000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:04:16.0796 1000 Ptilink - ok
20:04:16.0796 1000 ql1080 - ok
20:04:16.0796 1000 Ql10wnt - ok
20:04:16.0796 1000 ql12160 - ok
20:04:16.0812 1000 ql1240 - ok
20:04:16.0812 1000 ql1280 - ok
20:04:16.0828 1000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:04:16.0843 1000 RasAcd - ok
20:04:16.0875 1000 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:04:16.0875 1000 RasAuto - ok
20:04:16.0890 1000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:04:16.0906 1000 Rasl2tp - ok
20:04:16.0953 1000 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:04:16.0953 1000 RasMan - ok
20:04:16.0968 1000 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:04:16.0968 1000 RasPppoe - ok
20:04:16.0968 1000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:04:16.0984 1000 Raspti - ok
20:04:17.0015 1000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:04:17.0015 1000 Rdbss - ok
20:04:17.0031 1000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:04:17.0031 1000 RDPCDD - ok
20:04:17.0062 1000 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:04:17.0062 1000 rdpdr - ok
20:04:17.0125 1000 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:04:17.0125 1000 RDPWD - ok
20:04:17.0156 1000 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:04:17.0171 1000 RDSessMgr - ok
20:04:17.0187 1000 redbook (9a3cc780983d12c5a834f681a590380f) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:04:17.0187 1000 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 9a3cc780983d12c5a834f681a590380f, Fake md5: f828dd7e1419b6653894a8f97a0094c5
20:04:17.0187 1000 redbook ( Virus.Win32.ZAccess.c ) - infected
20:04:17.0187 1000 redbook - detected Virus.Win32.ZAccess.c (0)
20:04:17.0234 1000 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:04:17.0234 1000 RemoteAccess - ok
20:04:17.0265 1000 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:04:17.0265 1000 RemoteRegistry - ok
20:04:17.0281 1000 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:04:17.0296 1000 RpcLocator - ok
20:04:17.0375 1000 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:04:17.0390 1000 RpcSs - ok
20:04:17.0406 1000 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:04:17.0406 1000 RSVP - ok
20:04:17.0437 1000 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:04:17.0437 1000 SamSs - ok
20:04:17.0453 1000 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:04:17.0453 1000 SCardSvr - ok
20:04:17.0515 1000 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:04:17.0515 1000 Schedule - ok
20:04:17.0546 1000 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:04:17.0546 1000 sdbus - ok
20:04:17.0671 1000 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:04:17.0671 1000 SeaPort - ok
20:04:17.0703 1000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:04:17.0703 1000 Secdrv - ok
20:04:17.0718 1000 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:04:17.0734 1000 seclogon - ok
20:04:17.0734 1000 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:04:17.0734 1000 SENS - ok
20:04:17.0750 1000 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:04:17.0765 1000 Serial - ok
20:04:17.0781 1000 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:04:17.0781 1000 Sfloppy - ok
20:04:17.0828 1000 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:04:17.0828 1000 ShellHWDetection - ok
20:04:17.0828 1000 Simbad - ok
20:04:17.0828 1000 Sparrow - ok
20:04:17.0875 1000 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:04:17.0875 1000 splitter - ok
20:04:17.0921 1000 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:04:17.0921 1000 Spooler - ok
20:04:17.0937 1000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:04:17.0937 1000 sr - ok
20:04:17.0968 1000 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:04:17.0968 1000 srservice - ok
20:04:18.0000 1000 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:04:18.0000 1000 Srv - ok
20:04:18.0031 1000 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:04:18.0031 1000 SSDPSRV - ok
20:04:18.0187 1000 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
20:04:18.0203 1000 STHDA - ok
20:04:18.0234 1000 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:04:18.0250 1000 stisvc - ok
20:04:18.0296 1000 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:04:18.0312 1000 swenum - ok
20:04:18.0328 1000 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:04:18.0328 1000 swmidi - ok
20:04:18.0328 1000 SwPrv - ok
20:04:18.0343 1000 symc810 - ok
20:04:18.0343 1000 symc8xx - ok
20:04:18.0343 1000 sym_hi - ok
20:04:18.0343 1000 sym_u3 - ok
20:04:18.0375 1000 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:04:18.0375 1000 sysaudio - ok
20:04:18.0421 1000 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:04:18.0421 1000 SysmonLog - ok
20:04:18.0468 1000 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:04:18.0468 1000 TapiSrv - ok
20:04:18.0546 1000 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:04:18.0562 1000 Tcpip - ok
20:04:18.0578 1000 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:04:18.0578 1000 TDPIPE - ok
20:04:18.0593 1000 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:04:18.0609 1000 TDTCP - ok
20:04:18.0609 1000 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:04:18.0609 1000 TermDD - ok
20:04:18.0656 1000 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:04:18.0671 1000 TermService - ok
20:04:18.0718 1000 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:04:18.0718 1000 Themes - ok
20:04:18.0765 1000 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:04:18.0765 1000 TlntSvr - ok
20:04:18.0828 1000 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
20:04:18.0828 1000 tmactmon - ok
20:04:18.0859 1000 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
20:04:18.0859 1000 tmcomm - ok
20:04:18.0875 1000 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
20:04:18.0875 1000 tmevtmgr - ok
20:04:18.0906 1000 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
20:04:18.0906 1000 tmtdi - ok
20:04:18.0921 1000 TosIde - ok
20:04:18.0953 1000 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:04:18.0968 1000 TrkWks - ok
20:04:19.0000 1000 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:04:19.0000 1000 Udfs - ok
20:04:19.0015 1000 UIUSys - ok
20:04:19.0015 1000 ultra - ok
20:04:19.0093 1000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:04:19.0109 1000 Update - ok
20:04:19.0140 1000 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:04:19.0156 1000 upnphost - ok
20:04:19.0171 1000 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:04:19.0187 1000 UPS - ok
20:04:19.0234 1000 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:04:19.0234 1000 USBAAPL - ok
20:04:19.0250 1000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:04:19.0250 1000 usbehci - ok
20:04:19.0296 1000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:04:19.0296 1000 usbhub - ok
20:04:19.0328 1000 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:04:19.0328 1000 usbscan - ok
20:04:19.0359 1000 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:04:19.0359 1000 USBSTOR - ok
20:04:19.0375 1000 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:04:19.0375 1000 usbuhci - ok
20:04:19.0390 1000 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:04:19.0390 1000 VgaSave - ok
20:04:19.0390 1000 ViaIde - ok
20:04:19.0421 1000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:04:19.0421 1000 VolSnap - ok
20:04:19.0484 1000 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:04:19.0484 1000 VSS - ok
20:04:19.0531 1000 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:04:19.0531 1000 W32Time - ok
20:04:19.0546 1000 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:04:19.0562 1000 Wanarp - ok
20:04:19.0562 1000 WDICA - ok
20:04:19.0578 1000 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:04:19.0578 1000 wdmaud - ok
20:04:19.0609 1000 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:04:19.0609 1000 WebClient - ok
20:04:19.0718 1000 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:04:19.0750 1000 winachsf - ok
20:04:19.0843 1000 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:04:19.0843 1000 winmgmt - ok
20:04:19.0859 1000 wltrysvc - ok
20:04:19.0890 1000 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:04:19.0906 1000 WmdmPmSN - ok
20:04:20.0000 1000 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:04:20.0015 1000 Wmi - ok
20:04:20.0062 1000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:04:20.0062 1000 WmiAcpi - ok
20:04:20.0093 1000 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:04:20.0109 1000 WmiApSrv - ok
20:04:20.0296 1000 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:04:20.0328 1000 WMPNetworkSvc - ok
20:04:20.0375 1000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:04:20.0375 1000 WudfPf - ok
20:04:20.0421 1000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:04:20.0421 1000 WudfRd - ok
20:04:20.0437 1000 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:04:20.0437 1000 WudfSvc - ok
20:04:20.0515 1000 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:04:20.0531 1000 WZCSVC - ok
20:04:20.0578 1000 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:04:20.0593 1000 xmlprov - ok
20:04:20.0609 1000 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:04:21.0125 1000 \Device\Harddisk0\DR0 - ok
20:04:21.0140 1000 Boot (0x1200) (bc8fa4b971d0c05891e0e62896f65aab) \Device\Harddisk0\DR0\Partition0
20:04:21.0140 1000 \Device\Harddisk0\DR0\Partition0 - ok
20:04:21.0140 1000 ============================================================
20:04:21.0140 1000 Scan finished
20:04:21.0140 1000 ============================================================
20:04:21.0171 2256 Detected object count: 1
20:04:21.0171 2256 Actual detected object count: 1
20:04:28.0890 2256 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine
20:04:28.0984 2256 C:\WINDOWS\$NtUninstallKB59513$\2001051452\@ - copied to quarantine
20:04:29.0093 2256 C:\WINDOWS\$NtUninstallKB59513$\2001051452\Desktop.ini - copied to quarantine
20:04:52.0187 2256 C:\WINDOWS\$NtUninstallKB59513$\2001051452\L\00000004.@ - copied to quarantine
 
Very good :)

Post new aswMBR log.

Next....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
heres the new aswmbr log as requested will continue with combofix shortly
thanks

===================================================================================
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-23 22:56:30
-----------------------------
22:56:30.765 OS Version: Windows 5.1.2600 Service Pack 3
22:56:30.765 Number of processors: 2 586 0xF06
22:56:30.765 ComputerName: E1705 UserName:
22:56:31.843 Initialize success
22:56:48.718 AVAST engine defs: 12072302
22:56:50.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:56:50.656 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
22:56:50.671 Disk 0 MBR read successfully
22:56:50.671 Disk 0 MBR scan
22:56:50.718 Disk 0 Windows XP default MBR code
22:56:50.718 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
22:56:50.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 89996 MB offset 96390
22:56:50.765 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 184410135
22:56:50.796 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3302 MB offset 188603100
22:56:50.828 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 184410198
22:56:50.859 Disk 0 scanning sectors +195366465
22:56:50.937 Disk 0 scanning C:\WINDOWS\system32\drivers
22:57:09.843 File: C:\WINDOWS\system32\drivers\redbook.sys **INFECTED** Win32:Sirefef-PL [Rtk]
22:57:15.812 Disk 0 trace - called modules:
22:57:15.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xba15b698]<<
22:57:15.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6cbab8]
22:57:15.828 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a60c030]
22:57:15.828 \Driver\00000482[0x8a612178] -> IRP_MJ_CREATE -> 0xba15b698
22:57:16.468 AVAST engine scan C:\WINDOWS
22:57:35.015 AVAST engine scan C:\WINDOWS\system32
23:01:25.734 AVAST engine scan C:\WINDOWS\system32\drivers
23:01:43.812 File: C:\WINDOWS\system32\drivers\redbook.sys **INFECTED** Win32:Sirefef-PL [Rtk]
23:01:51.359 AVAST engine scan C:\Documents and Settings\Administrator
23:03:02.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
23:03:02.187 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
 
combofix log:

ComboFix 12-07-24.01 - Administrator 07/23/2012 23:22:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1706 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll
c:\windows\$NtUninstallKB59513$
c:\windows\$NtUninstallKB59513$\2001051452\@
c:\windows\$NtUninstallKB59513$\2001051452\Desktop.ini
c:\windows\$NtUninstallKB59513$\2001051452\L\00000004.@
c:\windows\$NtUninstallKB59513$\2001051452\L\201d3dde
c:\windows\$NtUninstallKB59513$\2001051452\L\apbafigw
c:\windows\$NtUninstallKB59513$\2001051452\U\00000004.@
c:\windows\$NtUninstallKB59513$\2001051452\U\00000008.@
c:\windows\$NtUninstallKB59513$\2001051452\U\000000cb.@
c:\windows\$NtUninstallKB59513$\2001051452\U\80000000.@
c:\windows\$NtUninstallKB59513$\2001051452\U\80000032.@
c:\windows\$NtUninstallKB59513$\555431526
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK
c:\windows\system32\drivers\DELL_XPS_MP061 .MRK
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A6.tmp
.
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 03:20 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-07-24 03:20 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-07-23 23:30 . 2012-07-24 00:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-22 03:36 . 2012-07-22 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\036DFF592B17D9790007873A7B07D287
2012-07-14 17:26 . 2012-07-14 17:26 -------- d-----w- C:\Malwarebytes
2012-07-14 14:55 . 2012-07-14 14:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-14 14:55 . 2012-07-14 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-14 14:55 . 2012-07-14 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-14 14:55 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:23 . 2012-04-11 09:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-11 22:23 . 2011-10-13 03:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-06 23:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-10-13 00:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2011-10-13 00:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-10-13 00:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-10-13 00:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2011-10-13 00:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-06 23:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-06 23:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-06 23:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-10-13 00:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-10-13 00:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-10-13 00:41 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-10-13 00:41 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-10-12 23:59 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-20 17:00 . 2012-06-20 04:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-28 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 81920]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files\Lexmark S600 Series\ezprint.exe" [2011-01-23 148280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [10/12/2011 10:12 PM 188272]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/14/2012 10:55 AM 655944]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/12/2011 10:14 PM 64080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/14/2012 10:55 AM 22344]
S2 lxedCATSCustConnectService;lxedCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxedserv.exe [10/17/2011 8:12 PM 193192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 5:14 AM 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [5/16/2011 10:32 AM 191752]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/20/2012 12:07 AM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:23]
.
2012-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\06jkd509.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
Toolbar-10 - (no file)
HKCU-Run-Conduit - c:\documents and settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll
HKU-Default-Run-Conduit - c:\documents and settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 23:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-1450960922-839522115-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,3b,1b,e7,56,cd,
db,8a,5b,09,0b,92,ca,b5,67,0b,c9,40,19
"{B939CF93-F2CB-443D-956C-DC523D85C9DB}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,d6,22,
a0,f9,a3,57,0d,8e,6f,83,0e,39,c3,8c,ce
"{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,66,6a,
84,7a,c0,78,06,9e,6b,36,4f,5b,4e,38,a5
.
[HKEY_USERS\S-1-5-21-790525478-1450960922-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,72,1c,c2,0a,37,29,4e,85,03,54,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,1a,ed,a0,79,b6,ae,40,9a,b6,90,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(856)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\stsystra.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxedcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-07-23 23:48:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 03:48
.
Pre-Run: 73,792,933,888 bytes free
Post-Run: 74,256,998,400 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8DD0C4F666881B595A5F83F34700C4C2
 
although I have become rather obsessed with this, I must sign off for the night, will return tomorrow afternoon for further instructions..
FYI: pc speed has increased to better than normal and I am no longer recieving the malicious threat detected from malwarebytes.. I think this is looking good!!!:)
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-24 17:33:17
-----------------------------
17:33:17.468 OS Version: Windows 5.1.2600 Service Pack 3
17:33:17.468 Number of processors: 2 586 0xF06
17:33:17.468 ComputerName: E1705 UserName:
17:33:18.671 Initialize success
17:37:20.656 AVAST engine defs: 12072401
17:39:17.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:39:17.703 Disk 0 Vendor: Hitachi_HTS721010G9SA00 MCZOC10H Size: 95396MB BusType: 3
17:39:17.734 Disk 0 MBR read successfully
17:39:17.734 Disk 0 MBR scan
17:39:17.812 Disk 0 Windows XP default MBR code
17:39:17.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
17:39:17.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 89996 MB offset 96390
17:39:17.859 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 184410135
17:39:17.875 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3302 MB offset 188603100
17:39:17.937 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 184410198
17:39:17.968 Disk 0 scanning sectors +195366465
17:39:18.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:39.546 Service scanning
17:40:08.609 Modules scanning
17:40:14.125 Disk 0 trace - called modules:
17:40:14.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:40:14.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6feab8]
17:40:14.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a7604a8]
17:40:14.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a70c940]
17:40:14.765 AVAST engine scan C:\WINDOWS
17:40:37.578 AVAST engine scan C:\WINDOWS\system32
17:44:45.984 AVAST engine scan C:\WINDOWS\system32\drivers
17:45:10.109 AVAST engine scan C:\Documents and Settings\Administrator
17:59:34.000 AVAST engine scan C:\Documents and Settings\All Users
17:59:48.593 Scan finished successfully
18:09:19.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:09:19.250 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:10:09.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:10:09.671 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
18:11:03.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:11:03.218 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR2.txt"
 
Good :)

How is computer doing?

====================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I checked malwarebytes for updates as you said and ran the scan, heres the log..
all came back clean. :)
pc is running good, still no alerts from malwarebytes or trend micro, like before.. The alerts seem to stop after running the Combofix...


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.24.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: E1705 [administrator]
Protection: Enabled
7/24/2012 7:44:54 PM
mbam-log-2012-07-24 (19-44-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173985
Time elapsed: 5 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

will post OTL shortly..

thanks
 
OTL logfile created on: 7/24/2012 8:05:43 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.45% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 69.08 Gb Free Space | 78.60% Space Free | Partition Type: NTFS

Computer Name: E1705 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 19:56:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/12 22:10:11 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/02/10 10:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/02/10 09:57:40 | 001,035,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2011/01/23 19:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\ezprint.exe
PRC - [2011/01/23 19:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedmon.exe
PRC - [2010/04/14 14:00:56 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxedcoms.exe
PRC - [2009/04/23 07:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 07:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/24 17:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 22:10:30 | 000,174,432 | ---- | M] () -- C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
MOD - [2011/10/12 22:10:11 | 001,081,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
MOD - [2011/10/12 22:10:11 | 000,442,368 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\sqlite3.dll
MOD - [2011/10/12 22:10:11 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2011/10/12 22:10:11 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 19:39:39 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\ezprint.exe
MOD - [2011/01/23 19:39:37 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedmon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxeddrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedscw.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeddrpp.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeddatr.dll
MOD - [2009/04/16 14:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedcaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark S600 Series\lxedptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEDsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEDsm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/07/20 13:00:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 18:23:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/16 10:32:32 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/16 12:17:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/14 14:00:56 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxedcoms.exe -- (lxed_device)
SRV - [2010/04/14 14:00:47 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxedserv.exe -- (lxedCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/12 22:10:13 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/10/12 22:10:13 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2011/10/12 22:10:13 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2011/10/12 22:10:13 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 17:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/05/25 17:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
DRV - [2005/01/10 18:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/10 18:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=717&systemid=2&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\..\SearchScopes,DefaultScope = {0E68ADC7-0E36-4239-A8D2-40C72AB3D254}
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\..\SearchScopes\{0E68ADC7-0E36-4239-A8D2-40C72AB3D254}: "URL" = http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\..\SearchScopes\{6682134C-316C-40EA-81F5-E2AD40128CBA}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20120208,6901,0,8,0
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=717&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-1450960922-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/10/12 22:13:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/06/25 19:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 13:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 18:40:42 | 000,000,000 | ---D | M]

[2012/06/20 00:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/07/13 23:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\06jkd509.default\extensions
[2012/06/20 00:13:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/03 21:36:14 | 000,011,510 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\06JKD509.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012/07/20 13:00:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/24 21:55:22 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 22:22:19 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/23 23:38:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S600 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxedmon.exe] C:\Program Files\Lexmark S600 Series\lxedmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-790525478-1450960922-839522115-500..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1450960922-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1450960922-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1450960922-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1450960922-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1318466456626 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2089EBFD-C9E9-4D93-B139-E1DC39521D91}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/12 20:04:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 19:56:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/07/23 23:20:34 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2012/07/23 23:18:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/23 23:15:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/23 23:15:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/23 23:15:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/23 23:15:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/23 23:15:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/23 23:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2012/07/23 23:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/23 23:11:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/23 23:08:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/23 23:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/23 23:06:50 | 004,583,914 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/07/23 19:30:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/23 19:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tdsskiller
[2012/07/23 17:34:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/07/23 17:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2012/07/22 19:45:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/07/22 13:09:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/07/22 00:01:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/07/21 23:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF592B17D9790007873A7B07D287
[2012/07/14 13:26:58 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012/07/14 10:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/07/14 10:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 10:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/14 10:55:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/14 10:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 19:56:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/07/24 19:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/24 18:11:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/07/24 17:29:11 | 000,020,185 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/07/24 17:29:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/24 17:28:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/23 23:38:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/23 23:18:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/23 23:14:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/23 23:06:55 | 004,583,914 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/07/23 19:29:26 | 002,116,765 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2012/07/23 17:34:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/07/23 17:13:39 | 001,552,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2012/07/22 20:57:16 | 000,020,185 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/07/22 19:45:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/07/22 19:44:37 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\d0n73ns1.exe
[2012/07/14 10:57:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 00:12:03 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 22:47:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/11 18:23:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/11 18:23:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/03 11:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/23 23:18:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/23 23:18:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/23 23:15:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/23 23:15:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/23 23:15:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/23 23:15:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/23 23:15:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/23 19:29:20 | 002,116,765 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2012/07/23 17:32:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/07/23 17:13:38 | 001,552,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
[2012/07/22 19:44:35 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\d0n73ns1.exe
[2012/07/14 10:55:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 19:09:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/19 22:42:21 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2011/11/19 22:11:56 | 000,011,264 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2011/11/18 22:39:35 | 000,017,064 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/24 21:09:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/17 20:12:37 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxedvs.dll
[2011/10/17 20:12:36 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedcoin.dll
[2011/10/17 20:12:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxedgcfg.dll
[2011/10/17 20:12:27 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxedcui.dll
[2011/10/17 20:12:27 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxedcuir.dll
[2011/10/17 20:11:10 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedinpa.dll
[2011/10/17 20:11:10 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEDhcp.dll
[2011/10/17 20:11:10 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEDinst.dll
[2011/10/17 20:11:09 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedserv.dll
[2011/10/17 20:11:09 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedusb1.dll
[2011/10/17 20:11:09 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedpmui.dll
[2011/10/17 20:11:09 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedlmpm.dll
[2011/10/17 20:11:09 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxediesc.dll
[2011/10/17 20:11:08 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedih.exe
[2011/10/17 20:11:08 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxedins.dll
[2011/10/17 20:11:08 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxedinsb.dll
[2011/10/17 20:11:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxedinsr.dll
[2011/10/17 20:11:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxedjswr.dll
[2011/10/17 20:11:07 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedhbn3.dll
[2011/10/17 20:11:07 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxedcu.dll
[2011/10/17 20:11:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxedgrd.dll
[2011/10/17 20:11:07 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxedcub.dll
[2011/10/17 20:11:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxedcur.dll
[2011/10/17 20:11:06 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedcomc.dll
[2011/10/17 20:11:06 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedcoms.exe
[2011/10/17 20:11:06 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedcomm.dll
[2011/10/17 20:11:05 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxedcfg.exe
[2011/10/17 20:10:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEDsmr.dll
[2011/10/17 20:10:51 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEDsm.dll
[2011/10/12 21:28:57 | 000,020,185 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/10/12 21:27:29 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/10/12 21:27:28 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/10/12 21:27:28 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/10/12 21:27:27 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/10/12 21:27:27 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2011/10/12 21:27:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/10/12 21:27:26 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/10/12 21:27:25 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/10/12 21:27:25 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/10/12 21:22:25 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2011/10/12 20:25:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/10/12 20:25:32 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/10/12 20:25:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/10/12 20:07:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/12 20:01:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/12 15:51:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/12 15:50:15 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
< End of report >
OTL Extras logfile created on: 7/24/2012 8:05:43 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.45% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.89 Gb Total Space | 69.08 Gb Free Space | 78.60% Space Free | Partition Type: NTFS

Computer Name: E1705 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ie8" = Windows Internet Explorer 8
"Lexmark S600 Series" = Lexmark S600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2012 12:51:23 PM | Computer Name = E1705 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/18/2012 12:51:23 PM | Computer Name = E1705 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3984

Error - 7/18/2012 12:51:23 PM | Computer Name = E1705 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3984

Error - 7/18/2012 10:23:12 PM | Computer Name = E1705 | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 7/19/2012 1:32:47 PM | Computer Name = E1705 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/22/2012 12:53:15 AM | Computer Name = E1705 | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- Unable to install the GEAR driver set at this time.
The GEARAspiWDM service used by the GEAR driver set is scheduled to be deleted
during the next system reboot. Please reboot the system and run iTunes again.

Error - 7/22/2012 12:54:01 AM | Computer Name = E1705 | Source = MsiInstaller | ID = 10005
Description = Product: iTunes -- Unable to install the GEAR driver set at this time.
The GEARAspiWDM service used by the GEAR driver set is scheduled to be deleted
during the next system reboot. Please reboot the system and run iTunes again.

Error - 7/22/2012 1:04:04 AM | Computer Name = E1705 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 7/22/2012 8:23:03 PM | Computer Name = E1705 | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 7/23/2012 6:23:11 PM | Computer Name = E1705 | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

[ System Events ]
Error - 7/23/2012 11:22:08 PM | Computer Name = E1705 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 7/23/2012 11:22:08 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/23/2012 11:39:01 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxedCATSCustConnectService
service to connect.

Error - 7/23/2012 11:39:01 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7000
Description = The lxedCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/23/2012 11:39:01 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SeaPort service to connect.

Error - 7/23/2012 11:39:01 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7000
Description = The SeaPort service failed to start due to the following error: %%1053

Error - 7/24/2012 5:29:09 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxedCATSCustConnectService
service to connect.

Error - 7/24/2012 5:29:09 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7000
Description = The lxedCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/24/2012 5:29:09 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SeaPort service to connect.

Error - 7/24/2012 5:29:09 PM | Computer Name = E1705 | Source = Service Control Manager | ID = 7000
Description = The SeaPort service failed to start due to the following error: %%1053


< End of report >
 
OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
here is the security check log and fss.. will post the others 2 in a few mins..

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````

Farbar Service Scanner Version: 22-07-2012
Ran by Administrator (administrator) on 24-07-2012 at 20:28:30
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
**** End of log ****
 
Quick question:

I downloaded tempfile cleaner, closed out all programs and started tempfile clean, the desktop icons disappeared as the clean started then the tempfile box says, "Getting User Folders" then "Stopping Running Processes" then nothing......... I still have the hourglass symbol for my pointer. The scan appears to be stuck. hasn't appeared to do anything for 20 mins. is this normal.???.
what should I do, if anything???
I am posting from other pc now,,
 
tempcleaner done!!

about to run eset.. should I leave the box checked beside" remove found threats"??????????????? (it was checked by default)
Or just Scan archives.....
 
last log....

C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\nvuojx.dll.vir a variant of Win32/Kryptik.AIGL trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Deployment\Conduit\nvuojx.dll.vir a variant of Win32/Kryptik.AIGL trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\redbook.sys.vir Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\23.07.2012_19.30.07\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\23.07.2012_19.30.07\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\23.07.2012_20.03.45\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\23.07.2012_20.03.45\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan
 
You must log in or register to reply here.

Similar threads

D
Skype vulnerability can reveal your IP address, but Microsoft doesn't think it's that bad
Replies
4
Views
388
hahahanoobs
hahahanoobs
PriyaWalia
Former developer of Ubiquiti confessed to stealing data, trying to extort the networking...
Replies
4
Views
974
amoeba00
A
Cal Jeffrey
Wi-Fi drones were used by hackers to penetrate a financial firm's network remotely
Replies
14
Views
970
cheeseycheeseman
C

Latest posts

Back