Jump to content


Photo

Trojan.Tracur keeps coming back...


  • This topic is locked This topic is locked
24 replies to this topic

#1 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 28 April 2012 - 09:26 AM

I have a Trojan.Tracur virus that keeps coming back (according to Malwarebytes), interestingly, Ad-Aware does not seem to detect it. Is my computer infected or not? How can I get rid of trojan.tracur so it does not come back?
Following are the scan reports:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Linda Hughes at 0:44:46 on 2012-04-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1115 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OA001Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\linda hughes\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [OA001Mon] c:\windows\OA001Mon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248832565437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5FDD0D54-FC8A-4A82-BC41-106426E6208E} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8788B720-1F60-4A59-B5FF-6075EA038DB8} : DhcpNameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-4-6 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-4-6 40840]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-4-6 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-4-6 185864]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-4-22 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-22 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-22 212568]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-6 443168]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-4-6 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-4-6 23176]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-29 654408]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-4-22 74968]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-3-1 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-5 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-5 32808]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009-6-5 300672]
R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009-6-5 378368]
R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009-6-5 76328]
R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009-6-5 14976]
R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009-6-5 14976]
R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009-6-5 387200]
R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009-6-5 431616]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009-6-5 402944]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-5 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-29 22344]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-6-5 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-6-5 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-6-5 280096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-22 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-22 94040]
R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009-6-5 25640]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-6-5 232744]
S0 pkyqhq;pkyqhq; [x]
S0 yyftbyn;yyftbyn; [x]
S2 Browser32;Computer Browser ; [x]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2009-9-13 99568]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009-6-5 25984]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-22 69208]
.
=============== Created Last 30 ================
.
2012-04-27 23:02:18 -------- d-s---w- C:\ComboFix
2012-04-23 04:46:06 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\Google
2012-04-23 03:07:22 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\adaware
2012-04-23 03:07:16 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-23 03:07:16 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-04-23 03:07:16 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-04-23 03:07:16 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-23 03:07:12 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-23 03:07:12 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-23 03:07:09 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-23 03:06:44 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\adawarebp
2012-04-23 03:06:44 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-04-23 03:06:43 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-23 03:06:43 -------- d-----w- c:\documents and settings\linda hughes\application data\adawaretb
2012-04-23 03:06:42 -------- d-----w- c:\program files\adawaretb
2012-04-23 03:05:37 -------- d-----w- c:\documents and settings\linda hughes\application data\Ad-Aware Antivirus
2012-04-23 02:36:50 -------- d-sha-r- C:\cmdcons
2012-04-22 21:46:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25:30 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\Windows Live Writer
2012-04-08 03:25:30 -------- d-----w- c:\documents and settings\linda hughes\application data\Windows Live Writer
2012-04-07 17:39:43 -------- d-----w- c:\windows\Performance
2012-04-07 17:39:36 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\Microsoft Corporation
2012-04-07 17:39:18 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32:34 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06:35 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 05:51:38 -------- d-----w- C:\Hide
2012-04-07 02:03:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-07 01:57:46 -------- d-----w- C:\BOOT
2012-04-07 01:57:02 -------- d-----w- C:\My Backups
2012-04-07 01:56:58 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-04-07 01:56:58 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-04-07 01:56:58 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-04-07 01:56:58 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-04-07 01:56:39 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-04-07 01:56:17 -------- d-----w- c:\program files\EaseUS
2012-04-07 01:54:43 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-07 01:50:39 -------- d-----w- c:\documents and settings\linda hughes\application data\Auslogics
2012-04-07 01:50:35 -------- d-----w- c:\program files\Auslogics
2012-04-07 01:12:39 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2012-04-22 21:46:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-07 14:19:03 3452 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-04-07 14:16:09 88 --sh--r- c:\windows\system32\588A1B5A94.sys
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 0:46:35.85 ===============

ATTACH.TXT Follows:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/27/2009 11:38:11 PM
System Uptime: 4/27/2012 7:24:09 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0K879F
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2526/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 119.595 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
==== System Restore Points ===================
.
RP1: 4/27/2012 7:25:26 PM - System Checkpoint
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Auslogics Disk Defrag
Auslogics Registry Cleaner
Auslogics Registry Defrag
BioAPI Framework
biolsp patch
Bonjour
Broadcom USH Host Components
Business Contact Manager for Outlook 2007 SP2
CCScore
Choice Guard
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
DCP32MMWrapper
Dell 5530 Wireless Broadband Package
Dell 968 AIO Printer
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
EaseUS Todo Backup Free 4.0
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Eusing Free Registry Cleaner
File Uploader
Gemalto
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
I.R.I.S. OCR
Integrated Webcam Driver (1.06.03.0309)
Intel PROSet Wireless
Intel® Network Connections 13.0.42.0
Intel® PRO Alerting Agent
Intel® PROSet/Wireless WiFi API
Intel® PROSet/Wireless WiFi Driver
Intel® Matrix Storage Manager
##nospam Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.61.0.1400
Marketsplash Shortcuts
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 5.0
netbrdg
Nikon Message Center
Nikon Transfer
Notifier
NTRU TCG Software Stack
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
PCDADDIN
PCDHELP
Picture Control Utility
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Segoe UI
SFR
SHASTA
SKIN0001
SKINXSDK
SO32MMWrapper
Sonic CinePlayer Decoder Pack
SRS Premium Sound
staticcr
tooltips
Trusted Drive Manager
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX
VPRINTOL
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WIRELESS
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
4/27/2012 9:33:52 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/27/2012 7:27:14 PM, error: Service Control Manager [7022] - The Ad-Aware service hung on starting.
4/27/2012 6:47:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.97 for the Network Card with network address 002170E9ED11 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
4/27/2012 1:01:12 PM, error: PlugPlayManager [12] - The device 'PLDS DVD+-RW DU-8A2S' (IDE\CdRomPLDS_DVD+-RW_DU-8A2S____________________4D12____\4&3ac9d9dd&0&0.1.0) disappeared from the system without first being prepared for removal.
4/25/2012 9:19:47 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
4/25/2012 8:48:28 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/24/2012 2:18:47 PM, error: System Error [1003] - Error code 000000fe, parameter1 00000004, parameter2 86faee90, parameter3 89aa2780, parameter4 00000000.
4/24/2012 2:16:16 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
4/24/2012 2:15:56 PM, error: Dhcp [1002] - The IP address lease 10.0.0.45 for the Network Card with network address 002170E9ED11 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
4/23/2012 7:48:02 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/23/2012 1:29:01 AM, error: PlugPlayManager [12] - The device 'SAMSUNG HD103SJ' (IDE\DiskSAMSUNG_HD103SJ_________________________1AJ10001\4&3ac9d9dd&0&0.2.0) disappeared from the system without first being prepared for removal.
4/22/2012 9:24:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldoCATSCustConnectService service to connect.
4/22/2012 9:24:33 PM, error: Service Control Manager [7000] - The dldoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/22/2012 9:24:24 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
4/22/2012 8:17:52 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
4/22/2012 10:39:58 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 5 time(s).
4/22/2012 10:39:30 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 4 time(s).
4/22/2012 10:38:13 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 3 time(s).
4/22/2012 10:37:39 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 2 time(s).
4/22/2012 10:30:54 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 29 April 2012 - 11:28 AM

Please, post a log from MalwareByes' AntiMalware where it is possible to see which file that is infected and in which folder it is.

It looks like you have run ComboFix. Is that correct? If yes, please post the C:\ComboFix.txt file.



#3 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 29 April 2012 - 04:26 PM

Thank-you so much for picking up on this. I appreciate your help.
Following are the two logs you requested: Malwarebytes full scan Then Combofix log.

I also ran ESET online scan, but it did not reveal any malware.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda Hughes :: DELL_LAPTOP [administrator]

Protection: Enabled

4/29/2012 1:07:10 AM
mbam-log-2012-04-29 (01-07-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221894
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BROWSER32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


ComboFix 12-04-29.01 - Linda Hughes 04/29/2012 11:04:37.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1083 [GMT -4:00]
Running from: c:\documents and settings\Linda Hughes\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-28 22:50 . 2012-04-28 22:50 -------- d-----w- c:\program files\ESET
2012-04-28 06:20 . 2012-04-28 06:38 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\NPE
2012-04-28 06:20 . 2012-04-28 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-04-23 04:46 . 2012-04-23 04:46 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google
2012-04-23 03:34 . 2012-04-23 03:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\adaware
2012-04-23 03:07 . 2011-05-11 20:26 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-04-23 03:07 . 2011-05-11 20:26 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-04-23 03:07 . 2011-04-05 21:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-23 03:07 . 2011-04-05 21:35 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-23 03:07 . 2011-04-05 21:35 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-23 03:07 . 2011-02-08 13:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-23 03:06 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-04-23 03:06 . 2012-04-26 01:53 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\adawaretb
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\adawaretb
2012-04-23 03:05 . 2012-04-27 23:01 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Ad-Aware Antivirus
2012-04-22 21:46 . 2012-04-22 21:46 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 21:46 . 2012-04-22 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Windows Live Writer
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Windows Live Writer
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\windows\Performance
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Microsoft Corporation
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32 . 2012-04-07 17:32 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06 . 2012-04-07 16:17 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 01:50 . 2012-04-07 01:53 -------- d-----w- c:\program files\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 14:46 . 2009-07-28 03:38 0 ----a-w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\WavXMapDrive.bat
2012-04-22 21:46 . 2010-08-05 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-10-29 15:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16 . 2011-07-24 17:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [4/6/2012 9:56 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [4/6/2012 9:56 PM 40840]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [4/6/2012 9:56 PM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [4/6/2012 9:56 PM 185864]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/22/2012 11:07 PM 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/22/2012 11:07 PM 332248]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/22/2012 11:07 PM 212568]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [3/29/2012 12:44 PM 1161072]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [4/6/2012 9:56 PM 61064]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [4/6/2012 9:56 PM 23176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 11:55 AM 654408]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/22/2012 11:07 PM 74968]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/5/2009 4:17 AM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/5/2009 4:17 AM 32808]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [6/5/2009 1:55 AM 300672]
R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [6/5/2009 1:55 AM 378368]
R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [6/5/2009 1:55 AM 76328]
R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [6/5/2009 1:55 AM 14976]
R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [6/5/2009 1:55 AM 14976]
R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [6/5/2009 1:55 AM 387200]
R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [6/5/2009 1:55 AM 431616]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [6/5/2009 1:55 AM 402944]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/5/2009 4:17 AM 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 11:55 AM 22344]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/5/2009 4:17 AM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/5/2009 4:17 AM 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/5/2009 4:17 AM 280096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [6/5/2009 1:55 AM 25640]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/5/2009 2:00 AM 232744]
S0 pkyqhq;pkyqhq; [x]
S0 yyftbyn;yyftbyn; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:15 PM 101720]
S2 Browser32;Computer Browser ; [x]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [9/13/2009 1:53 PM 99568]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [5/17/2011 6:35 PM 2804280]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [6/5/2009 1:55 AM 25984]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/22/2012 11:07 PM 94040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-04-29 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-28 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-28 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008Core.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008UA.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-04-29 c:\windows\Tasks\User_Feed_Synchronization-{B556E602-50A3-46B4-AA42-DB854EA58D42}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 11:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1480)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(5744)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-29 11:10:19
ComboFix-quarantined-files.txt 2012-04-29 15:10
ComboFix2.txt 2012-04-23 02:42
.
Pre-Run: 125,662,568,448 bytes free
Post-Run: 125,747,163,136 bytes free
.
- - End Of File - - A3C5C3D4FA8D501EE01405AE20E9CF78

#4 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 29 April 2012 - 06:06 PM

You are welcome :)

1.
Please, post C:\Qoobox\ComboFix2.txt.

2.
Save TDSSKiller on the Desktop:
http://support.kaspe.../tdsskiller.exe

Turn off all programs.
Run the program TDSSKiller.

Click on Start Scan.

If any threats are found select Cure and click Continue. If Cure isn't available select Skip. Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

3.
Restart the computer.
Please, download aswMBR to your desktop. http://public.avast....erek/aswMBR.exe

Double click it to start the program.
Allow it to download extra definitions.
Click the Scan button to start the scan.
When the scan has finished click the Save log button and save it to your desktop.
Post the log.

#5 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 29 April 2012 - 08:26 PM

As requested... ComboFix2.txt; then TDSSKiller log.txt; then aswMBR.txt

Again, thank-you for taking time out of your day to help.



ComboFix 12-04-22.02 - Linda Hughes 04/22/2012 22:37:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1023 [GMT -4:00]
Running from: c:\documents and settings\Linda Hughes\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL42.tmp
c:\documents and settings\All Users\SPLBC.tmp
c:\windows\isRS-000.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 01:45 . 2012-04-23 01:45 54016 ----a-w- c:\windows\system32\drivers\uuadb.sys
2012-04-22 21:46 . 2012-04-22 21:46 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 21:46 . 2012-04-22 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Windows Live Writer
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Windows Live Writer
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\windows\Performance
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Microsoft Corporation
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32 . 2012-04-07 17:32 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06 . 2012-04-07 16:17 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 01:50 . 2012-04-07 01:53 -------- d-----w- c:\program files\Auslogics
2012-03-24 14:45 . 2012-03-24 14:45 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Roxio
2012-03-24 14:22 . 2012-03-24 14:22 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\KodakGallery
2012-03-24 14:21 . 2012-03-24 14:21 -------- d-----w- c:\windows\system32\BWKDLogs
2012-03-24 14:20 . 2012-03-24 14:20 -------- d-----w- c:\program files\Common Files\Kodak
2012-03-24 14:14 . 2012-03-24 14:21 -------- d-----w- c:\program files\Kodak
2012-03-24 14:10 . 2012-03-24 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 01:25 . 2009-07-28 03:38 0 ----a-w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\WavXMapDrive.bat
2012-04-22 21:46 . 2010-08-05 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-10-29 15:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16 . 2011-07-24 17:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"OA001Mon"="c:\windows\OA001Mon.exe" [2009-03-30 24576]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [4/6/2012 9:56 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [4/6/2012 9:56 PM 40840]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [4/6/2012 9:56 PM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [4/6/2012 9:56 PM 185864]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [4/6/2012 9:56 PM 61064]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [4/6/2012 9:56 PM 23176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 11:55 AM 654408]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/5/2009 4:17 AM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/5/2009 4:17 AM 32808]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [6/5/2009 1:55 AM 300672]
R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [6/5/2009 1:55 AM 378368]
R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [6/5/2009 1:55 AM 76328]
R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [6/5/2009 1:55 AM 14976]
R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [6/5/2009 1:55 AM 14976]
R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [6/5/2009 1:55 AM 387200]
R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [6/5/2009 1:55 AM 431616]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [6/5/2009 1:55 AM 402944]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/5/2009 4:17 AM 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 11:55 AM 22344]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/5/2009 4:17 AM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/5/2009 4:17 AM 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/5/2009 4:17 AM 280096]
R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [6/5/2009 1:55 AM 25640]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/5/2009 2:00 AM 232744]
S0 pkyqhq;pkyqhq; [x]
S0 yyftbyn;yyftbyn; [x]
S2 Browser32;Computer Browser ; [x]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [9/13/2009 1:53 PM 99568]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [6/5/2009 1:55 AM 25984]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-04-07 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-08 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-01 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-07 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-23 c:\windows\Tasks\User_Feed_Synchronization-{B556E602-50A3-46B4-AA42-DB854EA58D42}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11489FB2-4B61-4D50-A899-76E3705AB984} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-22 22:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\System32\TdmNetworkProvider.dll
c:\windows\system32\NetProvCredMan.dll
.
- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\wvauth.dll
.
Completion time: 2012-04-22 22:42:26
ComboFix-quarantined-files.txt 2012-04-23 02:42
.
Pre-Run: 128,322,138,112 bytes free
Post-Run: 128,950,403,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EC63A3B16AE3CD9FFEC7AA861F966EF8



14:50:04.0750 3820 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
14:50:05.0343 3820 ============================================================
14:50:05.0343 3820 Current date / time: 2012/04/29 14:50:05.0343
14:50:05.0343 3820 SystemInfo:
14:50:05.0343 3820
14:50:05.0343 3820 OS Version: 5.1.2600 ServicePack: 3.0
14:50:05.0343 3820 Product type: Workstation
14:50:05.0343 3820 ComputerName: DELL_LAPTOP
14:50:05.0375 3820 UserName: Linda Hughes
14:50:05.0375 3820 Windows directory: C:\WINDOWS
14:50:05.0375 3820 System windows directory: C:\WINDOWS
14:50:05.0390 3820 Processor architecture: Intel x86
14:50:05.0390 3820 Number of processors: 2
14:50:05.0390 3820 Page size: 0x1000
14:50:05.0390 3820 Boot type: Normal boot
14:50:05.0390 3820 ============================================================
14:50:06.0125 3820 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:50:06.0125 3820 ============================================================
14:50:06.0125 3820 \Device\Harddisk0\DR0:
14:50:06.0125 3820 MBR partitions:
14:50:06.0125 3820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5A357, BlocksNum 0x129BE76A
14:50:06.0125 3820 ============================================================
14:50:06.0140 3820 C: <-> \Device\Harddisk0\DR0\Partition0
14:50:06.0140 3820 ============================================================
14:50:06.0140 3820 Initialize success
14:50:06.0140 3820 ============================================================
14:50:10.0140 0732 ============================================================
14:50:10.0140 0732 Scan started
14:50:10.0140 0732 Mode: Manual;
14:50:10.0140 0732 ============================================================
14:50:10.0562 0732 Abiosdsk - ok
14:50:10.0640 0732 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:50:10.0640 0732 abp480n5 - ok
14:50:10.0734 0732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:50:10.0734 0732 ACPI - ok
14:50:10.0750 0732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:50:10.0750 0732 ACPIEC - ok
14:50:10.0875 0732 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
14:50:10.0906 0732 Ad-Aware Service - ok
14:50:10.0953 0732 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:50:10.0968 0732 adpu160m - ok
14:50:11.0000 0732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:50:11.0062 0732 aec - ok
14:50:11.0125 0732 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
14:50:11.0171 0732 AESTAud - ok
14:50:11.0218 0732 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:50:11.0234 0732 AFD - ok
14:50:11.0234 0732 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:50:11.0265 0732 agp440 - ok
14:50:11.0281 0732 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:50:11.0281 0732 agpCPQ - ok
14:50:11.0296 0732 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:50:11.0296 0732 Aha154x - ok
14:50:11.0312 0732 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:50:11.0312 0732 aic78u2 - ok
14:50:11.0328 0732 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:50:11.0343 0732 aic78xx - ok
14:50:11.0390 0732 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:50:11.0406 0732 Alerter - ok
14:50:11.0421 0732 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:50:11.0437 0732 ALG - ok
14:50:11.0484 0732 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:50:11.0515 0732 AliIde - ok
14:50:11.0562 0732 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:50:11.0593 0732 alim1541 - ok
14:50:11.0609 0732 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:50:11.0625 0732 amdagp - ok
14:50:11.0640 0732 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:50:11.0671 0732 amsint - ok
14:50:11.0718 0732 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
14:50:11.0734 0732 ApfiltrService - ok
14:50:11.0796 0732 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:50:11.0812 0732 Apple Mobile Device - ok
14:50:11.0843 0732 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:50:11.0875 0732 AppMgmt - ok
14:50:11.0890 0732 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:50:11.0906 0732 Arp1394 - ok
14:50:11.0906 0732 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:50:11.0921 0732 asc - ok
14:50:11.0937 0732 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:50:11.0953 0732 asc3350p - ok
14:50:11.0953 0732 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:50:11.0968 0732 asc3550 - ok
14:50:12.0046 0732 ASFAgent (9ad6ef4d591211a93848103368125b41) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
14:50:12.0062 0732 ASFAgent - ok
14:50:12.0109 0732 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:50:12.0140 0732 aspnet_state - ok
14:50:12.0140 0732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:50:12.0156 0732 AsyncMac - ok
14:50:12.0203 0732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:50:12.0218 0732 atapi - ok
14:50:12.0218 0732 Atdisk - ok
14:50:12.0234 0732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:50:12.0265 0732 Atmarpc - ok
14:50:12.0296 0732 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:50:12.0312 0732 AudioSrv - ok
14:50:12.0328 0732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:50:12.0328 0732 audstub - ok
14:50:12.0390 0732 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:50:12.0421 0732 BcmSqlStartupSvc - ok
14:50:12.0421 0732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:50:12.0437 0732 Beep - ok
14:50:12.0500 0732 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:50:12.0578 0732 BITS - ok
14:50:12.0656 0732 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:50:12.0671 0732 Bonjour Service - ok
14:50:12.0718 0732 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:50:12.0734 0732 Browser - ok
14:50:12.0796 0732 btaudio (f688bbbe8e3e7e03e35caabd66616ddb) C:\WINDOWS\system32\drivers\btaudio.sys
14:50:12.0828 0732 btaudio - ok
14:50:12.0875 0732 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
14:50:12.0875 0732 BTDriver - ok
14:50:12.0984 0732 BTKRNL (38a3331e2f690d4cdc9de0604b9416e5) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:50:13.0015 0732 BTKRNL - ok
14:50:13.0125 0732 btwdins (d48148110ae078cb7221d0fcf20adfec) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:50:13.0156 0732 btwdins - ok
14:50:13.0328 0732 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:50:13.0359 0732 BTWDNDIS - ok
14:50:13.0375 0732 btwmodem (5922bae0cd84924b9cd7e6bb515ee070) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
14:50:13.0390 0732 btwmodem - ok
14:50:13.0390 0732 BTWUSB (d5af663711660d32ec230c6aaf7b6b83) C:\WINDOWS\system32\Drivers\btwusb.sys
14:50:13.0406 0732 BTWUSB - ok
14:50:13.0468 0732 buttonsvc32 (81a395aab3c606d5f1667cc5fc02b3d2) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
14:50:13.0484 0732 buttonsvc32 - ok
14:50:13.0562 0732 catchme - ok
14:50:13.0609 0732 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:50:13.0625 0732 cbidf - ok
14:50:13.0625 0732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:50:13.0625 0732 cbidf2k - ok
14:50:13.0640 0732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:50:13.0671 0732 CCDECODE - ok
14:50:13.0687 0732 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:50:13.0703 0732 cd20xrnt - ok
14:50:13.0734 0732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:50:13.0750 0732 Cdaudio - ok
14:50:13.0765 0732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:50:13.0765 0732 Cdfs - ok
14:50:13.0796 0732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:50:13.0812 0732 Cdrom - ok
14:50:13.0812 0732 Changer - ok
14:50:13.0843 0732 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:50:13.0859 0732 CiSvc - ok
14:50:13.0875 0732 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:50:13.0890 0732 ClipSrv - ok
14:50:13.0968 0732 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:14.0015 0732 clr_optimization_v2.0.50727_32 - ok
14:50:14.0046 0732 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:50:14.0062 0732 CmBatt - ok
14:50:14.0093 0732 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:50:14.0125 0732 CmdIde - ok
14:50:14.0156 0732 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:50:14.0234 0732 Compbatt - ok
14:50:14.0234 0732 COMSysApp - ok
14:50:14.0296 0732 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:50:14.0312 0732 Cpqarray - ok
14:50:14.0421 0732 Credential Vault Host Control Service (85d37efa93b2267ab6abf8a54735ab22) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
14:50:14.0468 0732 Credential Vault Host Control Service - ok
14:50:14.0468 0732 Credential Vault Host Storage (97ccce5d6e54a044636a6c7552fa59e5) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
14:50:14.0515 0732 Credential Vault Host Storage - ok
14:50:14.0546 0732 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:50:14.0546 0732 CryptSvc - ok
14:50:14.0578 0732 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
14:50:14.0593 0732 ctxusbm - ok
14:50:14.0609 0732 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
14:50:14.0625 0732 cvusbdrv - ok
14:50:14.0671 0732 d553bus (1b4957f756bcc7e5b23d2b6e84fc3f0e) C:\WINDOWS\system32\DRIVERS\d553bus.sys
14:50:14.0703 0732 d553bus - ok
14:50:14.0750 0732 d553card (7eaa24353b3c5589fc6648d2cb944731) C:\WINDOWS\system32\DRIVERS\d553card.sys
14:50:14.0765 0732 d553card - ok
14:50:14.0781 0732 d553gps (9d16a5902722aaceca7b25fc38caeeb0) C:\WINDOWS\system32\DRIVERS\d553gps.sys
14:50:14.0796 0732 d553gps - ok
14:50:14.0812 0732 d553mdfl (e276c9ad870ce72c9ec3a6d95786b185) C:\WINDOWS\system32\DRIVERS\d553mdfl.sys
14:50:14.0828 0732 d553mdfl - ok
14:50:14.0843 0732 d553mdfl2 (74cb6903cc8d6fa633840b368387aecc) C:\WINDOWS\system32\DRIVERS\d553mdfl2.sys
14:50:14.0843 0732 d553mdfl2 - ok
14:50:14.0859 0732 d553mdm (b7e23cb22df23065bdfd528ca7676666) C:\WINDOWS\system32\DRIVERS\d553mdm.sys
14:50:14.0906 0732 d553mdm - ok
14:50:14.0937 0732 d553mdm2 (38fe8eb16cfda18fc08b5a7b6ddb30f1) C:\WINDOWS\system32\DRIVERS\d553mdm2.sys
14:50:14.0984 0732 d553mdm2 - ok
14:50:15.0000 0732 d553nd5 (bfa2af917c240c5f97b9a2b39f595ee2) C:\WINDOWS\system32\DRIVERS\d553nd5.sys
14:50:15.0031 0732 d553nd5 - ok
14:50:15.0046 0732 d553unic (57c4fa520411a861db4284ebb7c9b1ef) C:\WINDOWS\system32\DRIVERS\d553unic.sys
14:50:15.0078 0732 d553unic - ok
14:50:15.0125 0732 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:50:15.0171 0732 dac2w2k - ok
14:50:15.0171 0732 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:50:15.0171 0732 dac960nt - ok
14:50:15.0234 0732 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:50:15.0265 0732 DcomLaunch - ok
14:50:15.0437 0732 dcpsysmgrsvc (6125cb19708c94169880346e42b00ab0) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
14:50:15.0468 0732 dcpsysmgrsvc - ok
14:50:15.0500 0732 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:50:15.0500 0732 Dhcp - ok
14:50:15.0531 0732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:50:15.0546 0732 Disk - ok
14:50:15.0593 0732 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
14:50:15.0625 0732 DLABMFSM - ok
14:50:15.0640 0732 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
14:50:15.0671 0732 DLABOIOM - ok
14:50:15.0703 0732 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:50:15.0703 0732 DLACDBHM - ok
14:50:15.0718 0732 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
14:50:15.0718 0732 DLADResM - ok
14:50:15.0734 0732 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
14:50:15.0734 0732 DLAIFS_M - ok
14:50:15.0734 0732 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
14:50:15.0765 0732 DLAOPIOM - ok
14:50:15.0765 0732 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
14:50:15.0781 0732 DLAPoolM - ok
14:50:15.0796 0732 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
14:50:15.0812 0732 DLARTL_M - ok
14:50:15.0812 0732 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
14:50:15.0828 0732 DLAUDFAM - ok
14:50:15.0828 0732 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
14:50:15.0843 0732 DLAUDF_M - ok
14:50:15.0906 0732 dldoCATSCustConnectService (eaf0eea0687beb6a6b0287f6e84c5435) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
14:50:15.0921 0732 dldoCATSCustConnectService - ok
14:50:15.0921 0732 dldo_device - ok
14:50:15.0937 0732 dmadmin - ok
14:50:16.0015 0732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:50:16.0046 0732 dmboot - ok
14:50:16.0093 0732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:50:16.0109 0732 dmio - ok
14:50:16.0109 0732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:50:16.0125 0732 dmload - ok
14:50:16.0140 0732 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:50:16.0171 0732 dmserver - ok
14:50:16.0203 0732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:50:16.0203 0732 DMusic - ok
14:50:16.0234 0732 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:50:16.0234 0732 Dnscache - ok
14:50:16.0250 0732 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:50:16.0281 0732 Dot3svc - ok
14:50:16.0312 0732 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:50:16.0328 0732 dpti2o - ok
14:50:16.0343 0732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:50:16.0343 0732 drmkaud - ok
14:50:16.0375 0732 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:50:16.0406 0732 DRVMCDB - ok
14:50:16.0406 0732 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:50:16.0421 0732 DRVNDDM - ok
14:50:16.0484 0732 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
14:50:16.0500 0732 e1yexpress - ok
14:50:16.0531 0732 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:50:16.0546 0732 EapHost - ok
14:50:16.0640 0732 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
14:50:16.0656 0732 EaseUS Agent - ok
14:50:16.0671 0732 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:50:16.0687 0732 ERSvc - ok
14:50:16.0734 0732 EUBAKUP (40f272bc66a4692c4e5a07008b3c428d) C:\WINDOWS\system32\drivers\eubakup.sys
14:50:16.0750 0732 EUBAKUP - ok
14:50:16.0765 0732 EUBKMON (be026469e2a07e27910c7cd059e89557) C:\WINDOWS\system32\drivers\EUBKMON.sys
14:50:16.0781 0732 EUBKMON - ok
14:50:16.0796 0732 EUDSKACS (b5a6d8ffb1be1ea333c96f8788c6a909) C:\WINDOWS\system32\drivers\eudskacs.sys
14:50:16.0796 0732 EUDSKACS - ok
14:50:16.0828 0732 EUFDDISK (a67bf5bb59c6c15fab47c771dbe00c20) C:\WINDOWS\system32\drivers\EuFdDisk.sys
14:50:16.0859 0732 EUFDDISK - ok
14:50:16.0906 0732 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:50:16.0906 0732 Eventlog - ok
14:50:16.0968 0732 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:50:16.0984 0732 EventSystem - ok
14:50:17.0062 0732 EvtEng (87a32636c84555525700e623662e34d9) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:50:17.0093 0732 EvtEng - ok
14:50:17.0203 0732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:50:17.0218 0732 Fastfat - ok
14:50:17.0250 0732 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:17.0250 0732 FastUserSwitchingCompatibility - ok
14:50:17.0296 0732 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:50:17.0328 0732 Fax - ok
14:50:17.0343 0732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:50:17.0343 0732 Fdc - ok
14:50:17.0359 0732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:50:17.0359 0732 Fips - ok
14:50:17.0437 0732 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:50:17.0484 0732 FLEXnet Licensing Service - ok
14:50:17.0484 0732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:50:17.0500 0732 Flpydisk - ok
14:50:17.0515 0732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:50:17.0531 0732 FltMgr - ok
14:50:17.0609 0732 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:50:17.0625 0732 FontCache3.0.0.0 - ok
14:50:17.0625 0732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:50:17.0656 0732 Fs_Rec - ok
14:50:17.0671 0732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:50:17.0687 0732 Ftdisk - ok
14:50:17.0734 0732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:50:17.0734 0732 GEARAspiWDM - ok
14:50:17.0750 0732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:50:17.0765 0732 Gpc - ok
14:50:17.0843 0732 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
14:50:17.0875 0732 Guard Agent - ok
14:50:17.0906 0732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:50:17.0937 0732 HDAudBus - ok
14:50:17.0984 0732 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:50:18.0031 0732 helpsvc - ok
14:50:18.0046 0732 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:50:18.0062 0732 HidServ - ok
14:50:18.0078 0732 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:50:18.0093 0732 hidusb - ok
14:50:18.0125 0732 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:50:18.0156 0732 hkmsvc - ok
14:50:18.0203 0732 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:50:18.0203 0732 hpn - ok
14:50:18.0265 0732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:50:18.0265 0732 HTTP - ok
14:50:18.0312 0732 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:50:18.0328 0732 HTTPFilter - ok
14:50:18.0343 0732 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:50:18.0343 0732 i2omgmt - ok
14:50:18.0375 0732 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:50:18.0390 0732 i2omp - ok
14:50:18.0437 0732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:50:18.0453 0732 i8042prt - ok
14:50:18.0562 0732 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:50:18.0578 0732 IAANTMON - ok
14:50:18.0656 0732 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
14:50:18.0656 0732 iaStor - ok
14:50:18.0750 0732 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:50:18.0781 0732 IDriverT - ok
14:50:18.0984 0732 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:50:19.0062 0732 idsvc - ok
14:50:19.0171 0732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:50:19.0203 0732 Imapi - ok
14:50:19.0265 0732 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:50:19.0265 0732 ImapiService - ok
14:50:19.0312 0732 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:50:19.0328 0732 ini910u - ok
14:50:19.0359 0732 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:50:19.0390 0732 IntelIde - ok
14:50:19.0406 0732 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:50:19.0421 0732 intelppm - ok
14:50:19.0468 0732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:50:19.0500 0732 Ip6Fw - ok
14:50:19.0515 0732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:50:19.0515 0732 IpFilterDriver - ok
14:50:19.0515 0732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:50:19.0531 0732 IpInIp - ok
14:50:19.0562 0732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:50:19.0578 0732 IpNat - ok
14:50:19.0703 0732 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
14:50:19.0703 0732 iPod Service - ok
14:50:19.0718 0732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:50:19.0734 0732 IPSec - ok
14:50:19.0734 0732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:50:19.0734 0732 IRENUM - ok
14:50:19.0781 0732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:50:19.0781 0732 isapnp - ok
14:50:19.0843 0732 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
14:50:19.0843 0732 JavaQuickStarterService - ok
14:50:19.0890 0732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:50:19.0906 0732 Kbdclass - ok
14:50:19.0937 0732 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:50:19.0937 0732 kbdhid - ok
14:50:20.0015 0732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:50:20.0031 0732 kmixer - ok
14:50:20.0046 0732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:50:20.0062 0732 KSecDD - ok
14:50:20.0093 0732 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:50:20.0093 0732 LanmanServer - ok
14:50:20.0140 0732 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:50:20.0156 0732 lanmanworkstation - ok
14:50:20.0156 0732 lbrtfdc - ok
14:50:20.0203 0732 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:50:20.0218 0732 LmHosts - ok
14:50:20.0234 0732 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
14:50:20.0250 0732 MBAMProtector - ok
14:50:20.0343 0732 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:50:20.0359 0732 MBAMService - ok
14:50:20.0390 0732 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:50:20.0421 0732 Messenger - ok
14:50:20.0421 0732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:50:20.0437 0732 mnmdd - ok
14:50:20.0453 0732 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:50:20.0468 0732 mnmsrvc - ok
14:50:20.0484 0732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:50:20.0484 0732 Modem - ok
14:50:20.0515 0732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:50:20.0531 0732 Mouclass - ok
14:50:20.0531 0732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:50:20.0546 0732 mouhid - ok
14:50:20.0562 0732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:50:20.0562 0732 MountMgr - ok
14:50:20.0593 0732 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:50:20.0609 0732 mraid35x - ok
14:50:20.0625 0732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:50:20.0640 0732 MRxDAV - ok
14:50:20.0718 0732 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:50:20.0718 0732 MRxSmb - ok
14:50:20.0750 0732 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:50:20.0796 0732 MSDTC - ok
14:50:20.0796 0732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:50:20.0812 0732 Msfs - ok
14:50:20.0812 0732 MSIServer - ok
14:50:20.0843 0732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:50:20.0859 0732 MSKSSRV - ok
14:50:20.0890 0732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:50:20.0890 0732 MSPCLOCK - ok
14:50:20.0906 0732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:50:20.0921 0732 MSPQM - ok
14:50:20.0937 0732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:50:20.0937 0732 mssmbios - ok
14:50:21.0031 0732 MSSQL$MSSMLBIZ - ok
14:50:21.0062 0732 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:50:21.0078 0732 MSSQLServerADHelper - ok
14:50:21.0109 0732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:50:21.0125 0732 MSTEE - ok
14:50:21.0156 0732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:50:21.0156 0732 Mup - ok
14:50:21.0187 0732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:50:21.0203 0732 NABTSFEC - ok
14:50:21.0218 0732 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\WINDOWS\system32\Drivers\iqvw32.sys
14:50:21.0250 0732 NAL - ok
14:50:21.0281 0732 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:50:21.0312 0732 napagent - ok
14:50:21.0343 0732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:50:21.0359 0732 NDIS - ok
14:50:21.0390 0732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:50:21.0406 0732 NdisIP - ok
14:50:21.0437 0732 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:50:21.0437 0732 NdisTapi - ok
14:50:21.0453 0732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:50:21.0453 0732 Ndisuio - ok
14:50:21.0468 0732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:50:21.0484 0732 NdisWan - ok
14:50:21.0515 0732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:50:21.0515 0732 NDProxy - ok
14:50:21.0531 0732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:50:21.0531 0732 NetBIOS - ok
14:50:21.0562 0732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:50:21.0578 0732 NetBT - ok
14:50:21.0625 0732 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:21.0625 0732 NetDDE - ok
14:50:21.0640 0732 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:21.0640 0732 NetDDEdsdm - ok
14:50:21.0671 0732 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:21.0671 0732 Netlogon - ok
14:50:21.0687 0732 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:50:21.0687 0732 Netman - ok
14:50:21.0781 0732 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:21.0828 0732 NetTcpPortSharing - ok
14:50:22.0156 0732 NETw5x32 (a3b69acd14051ae87ab9e1823a508b6d) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
14:50:22.0250 0732 NETw5x32 - ok
14:50:22.0406 0732 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:50:22.0421 0732 NIC1394 - ok
14:50:22.0453 0732 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:50:22.0468 0732 Nla - ok
14:50:22.0500 0732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:50:22.0515 0732 Npfs - ok
14:50:22.0562 0732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:50:22.0593 0732 Ntfs - ok
14:50:22.0625 0732 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:22.0625 0732 NtLmSsp - ok
14:50:22.0703 0732 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:50:22.0765 0732 NtmsSvc - ok
14:50:22.0765 0732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:50:22.0765 0732 Null - ok
14:50:23.0421 0732 nv (25167771f5afad71808b0080fe4f2312) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:50:23.0671 0732 nv - ok
14:50:23.0843 0732 NVSvc (6d409284f20e21c613fd697c0640f760) C:\WINDOWS\system32\nvsvc32.exe
14:50:23.0875 0732 NVSvc - ok
14:50:23.0890 0732 NvtSp50 - ok
14:50:23.0921 0732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:50:23.0937 0732 NwlnkFlt - ok
14:50:23.0953 0732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:50:23.0968 0732 NwlnkFwd - ok
14:50:24.0031 0732 OA001Afx (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA001Afx.sys
14:50:24.0062 0732 OA001Afx - ok
14:50:24.0125 0732 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
14:50:24.0171 0732 OA001Ufd - ok
14:50:24.0234 0732 OA001Vid (4075063d25af9da64101769854b83787) C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
14:50:24.0250 0732 OA001Vid - ok
14:50:24.0375 0732 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:50:24.0406 0732 odserv - ok
14:50:24.0468 0732 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:50:24.0468 0732 ohci1394 - ok
14:50:24.0515 0732 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:50:24.0531 0732 ose - ok
14:50:24.0562 0732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:50:24.0578 0732 Parport - ok
14:50:24.0593 0732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:50:24.0609 0732 PartMgr - ok
14:50:24.0609 0732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:50:24.0625 0732 ParVdm - ok
14:50:24.0656 0732 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
14:50:24.0656 0732 PBADRV - ok
14:50:24.0671 0732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:50:24.0687 0732 PCI - ok
14:50:24.0687 0732 PCIDump - ok
14:50:24.0718 0732 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:50:24.0750 0732 PCIIde - ok
14:50:24.0765 0732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:50:24.0781 0732 Pcmcia - ok
14:50:24.0796 0732 PDCOMP - ok
14:50:24.0796 0732 PDFRAME - ok
14:50:24.0812 0732 PDRELI - ok
14:50:24.0812 0732 PDRFRAME - ok
14:50:24.0828 0732 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:50:24.0828 0732 perc2 - ok
14:50:24.0843 0732 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:50:24.0875 0732 perc2hib - ok
14:50:24.0890 0732 pkyqhq - ok
14:50:24.0937 0732 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:50:24.0953 0732 PlugPlay - ok
14:50:24.0968 0732 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:24.0968 0732 PolicyAgent - ok
14:50:25.0000 0732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:50:25.0000 0732 PptpMiniport - ok
14:50:25.0015 0732 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:25.0015 0732 ProtectedStorage - ok
14:50:25.0046 0732 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\WINDOWS\system32\PSIService.exe
14:50:25.0062 0732 ProtexisLicensing - ok
14:50:25.0078 0732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:50:25.0078 0732 PSched - ok
14:50:25.0093 0732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:50:25.0093 0732 Ptilink - ok
14:50:25.0109 0732 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:50:25.0125 0732 PxHelp20 - ok
14:50:25.0140 0732 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:50:25.0156 0732 ql1080 - ok
14:50:25.0171 0732 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:50:25.0187 0732 Ql10wnt - ok
14:50:25.0203 0732 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:50:25.0203 0732 ql12160 - ok
14:50:25.0218 0732 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:50:25.0218 0732 ql1240 - ok
14:50:25.0234 0732 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:50:25.0250 0732 ql1280 - ok
14:50:25.0250 0732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:50:25.0265 0732 RasAcd - ok
14:50:25.0281 0732 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:50:25.0312 0732 RasAuto - ok
14:50:25.0328 0732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:50:25.0343 0732 Rasl2tp - ok
14:50:25.0390 0732 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:50:25.0406 0732 RasMan - ok
14:50:25.0406 0732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:50:25.0406 0732 RasPppoe - ok
14:50:25.0453 0732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:50:25.0468 0732 Raspti - ok
14:50:25.0484 0732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:50:25.0500 0732 Rdbss - ok
14:50:25.0500 0732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:50:25.0515 0732 RDPCDD - ok
14:50:25.0515 0732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:50:25.0531 0732 rdpdr - ok
14:50:25.0562 0732 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:50:25.0562 0732 RDPWD - ok
14:50:25.0593 0732 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:50:25.0609 0732 RDSessMgr - ok
14:50:25.0640 0732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:50:25.0656 0732 redbook - ok
14:50:25.0765 0732 RegSrvc (d1875727d04eae948f139022dcad3d47) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:50:25.0796 0732 RegSrvc - ok
14:50:25.0828 0732 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:50:25.0859 0732 RemoteAccess - ok
14:50:25.0890 0732 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:50:25.0906 0732 RemoteRegistry - ok
14:50:25.0937 0732 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:50:25.0953 0732 rimmptsk - ok
14:50:25.0984 0732 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:50:26.0015 0732 RpcLocator - ok
14:50:26.0093 0732 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:50:26.0109 0732 RpcSs - ok
14:50:26.0156 0732 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:50:26.0171 0732 RSVP - ok
14:50:26.0375 0732 S24EventMonitor (8b4459365c254196f498a3cbc2898dbb) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
14:50:26.0421 0732 S24EventMonitor - ok
14:50:26.0515 0732 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:50:26.0531 0732 s24trans - ok
14:50:26.0546 0732 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:26.0546 0732 SamSs - ok
14:50:26.0843 0732 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
14:50:26.0953 0732 SBAMSvc - ok
14:50:27.0093 0732 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys
14:50:27.0109 0732 sbaphd - ok
14:50:27.0140 0732 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys
14:50:27.0171 0732 sbapifs - ok
14:50:27.0203 0732 SbFw (eb4a2b5faa3decd33ed682a5569e287f) C:\WINDOWS\system32\drivers\SbFw.sys
14:50:27.0265 0732 SbFw - ok
14:50:27.0296 0732 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
14:50:27.0312 0732 SBFWIMCL - ok
14:50:27.0312 0732 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
14:50:27.0312 0732 SBFWIMCLMP - ok
14:50:27.0359 0732 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\WINDOWS\system32\drivers\sbhips.sys
14:50:27.0359 0732 sbhips - ok
14:50:27.0390 0732 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys
14:50:27.0406 0732 SBRE - ok
14:50:27.0437 0732 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
14:50:27.0453 0732 SbTis - ok
14:50:27.0500 0732 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:50:27.0515 0732 SCardSvr - ok
14:50:27.0531 0732 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:50:27.0578 0732 Schedule - ok
14:50:27.0609 0732 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:50:27.0625 0732 sdbus - ok
14:50:27.0640 0732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:50:27.0656 0732 Secdrv - ok
14:50:27.0656 0732 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:50:27.0671 0732 seclogon - ok
14:50:27.0796 0732 SecureStorageService (27d53cd650cc77123faf2f07023dabc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
14:50:27.0859 0732 SecureStorageService - ok
14:50:27.0875 0732 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:50:27.0875 0732 SENS - ok
14:50:27.0890 0732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:50:27.0890 0732 Serial - ok
14:50:27.0906 0732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:50:27.0921 0732 Sfloppy - ok
14:50:27.0953 0732 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:50:27.0953 0732 SharedAccess - ok
14:50:28.0000 0732 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:28.0015 0732 ShellHWDetection - ok
14:50:28.0015 0732 Simbad - ok
14:50:28.0015 0732 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:50:28.0031 0732 sisagp - ok
14:50:28.0062 0732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:50:28.0078 0732 SLIP - ok
14:50:28.0156 0732 SMManager (b0bf6833849bfa70f42e1e22dee476f8) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
14:50:28.0156 0732 SMManager - ok
14:50:28.0203 0732 Sony_EricssonWWSC (9d0e9f3d67d2260d6b146977276068d0) C:\WINDOWS\system32\DRIVERS\d553scard.sys
14:50:28.0218 0732 Sony_EricssonWWSC - ok
14:50:28.0281 0732 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:50:28.0296 0732 Sparrow - ok
14:50:28.0328 0732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:50:28.0343 0732 splitter - ok
14:50:28.0375 0732 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:50:28.0375 0732 Spooler - ok
14:50:28.0453 0732 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:50:28.0453 0732 SQLBrowser - ok
14:50:28.0515 0732 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:50:28.0546 0732 SQLWriter - ok
14:50:28.0578 0732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:50:28.0593 0732 sr - ok
14:50:28.0625 0732 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:50:28.0656 0732 srservice - ok
14:50:28.0718 0732 SRS_PremiumSound_Service (584477fdfa731af4635f5875c6b52531) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
14:50:28.0718 0732 SRS_PremiumSound_Service - ok
14:50:28.0781 0732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:50:28.0796 0732 Srv - ok
14:50:28.0843 0732 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:50:28.0843 0732 SSDPSRV - ok
14:50:28.0921 0732 STacSV (3603f3db9fba2a8fa91829681ba25afa) c:\drivers\audio\r213367\stacsv.exe
14:50:28.0937 0732 STacSV - ok
14:50:29.0109 0732 STHDA (1b76479b80ff0f6e245ba590a64102be) C:\WINDOWS\system32\drivers\sthda.sys
14:50:29.0125 0732 STHDA - ok
14:50:29.0250 0732 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:50:29.0281 0732 stisvc - ok
14:50:29.0328 0732 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:50:29.0343 0732 stllssvr - ok
14:50:29.0390 0732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:50:29.0406 0732 streamip - ok
14:50:29.0437 0732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:50:29.0453 0732 swenum - ok
14:50:29.0468 0732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:50:29.0500 0732 swmidi - ok
14:50:29.0500 0732 SwPrv - ok
14:50:29.0546 0732 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:50:29.0578 0732 symc810 - ok
14:50:29.0593 0732 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:50:29.0593 0732 symc8xx - ok
14:50:29.0609 0732 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:50:29.0640 0732 sym_hi - ok
14:50:29.0640 0732 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:50:29.0671 0732 sym_u3 - ok
14:50:29.0703 0732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:50:29.0750 0732 sysaudio - ok
14:50:29.0796 0732 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:50:29.0828 0732 SysmonLog - ok
14:50:29.0875 0732 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:50:29.0906 0732 TapiSrv - ok
14:50:29.0984 0732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:50:29.0984 0732 Tcpip - ok
14:50:30.0171 0732 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:50:30.0218 0732 tcsd_win32.exe - ok
14:50:30.0343 0732 TdmService (b6cae7741addce1d57b65e015751a274) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
14:50:30.0390 0732 TdmService - ok
14:50:30.0515 0732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:50:30.0531 0732 TDPIPE - ok
14:50:30.0562 0732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:50:30.0593 0732 TDTCP - ok
14:50:30.0625 0732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:50:30.0640 0732 TermDD - ok
14:50:30.0718 0732 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:50:30.0750 0732 TermService - ok
14:50:30.0812 0732 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:30.0812 0732 Themes - ok
14:50:30.0859 0732 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:50:30.0890 0732 TlntSvr - ok
14:50:30.0906 0732 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:50:30.0921 0732 TosIde - ok
14:50:30.0953 0732 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:50:30.0968 0732 TrkWks - ok
14:50:31.0000 0732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:50:31.0031 0732 Udfs - ok
14:50:31.0062 0732 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:50:31.0093 0732 ultra - ok
14:50:31.0140 0732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:50:31.0171 0732 Update - ok
14:50:31.0203 0732 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:50:31.0234 0732 upnphost - ok
14:50:31.0265 0732 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:50:31.0296 0732 UPS - ok
14:50:31.0328 0732 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:50:31.0375 0732 USBAAPL - ok
14:50:31.0406 0732 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:50:31.0421 0732 usbccgp - ok
14:50:31.0437 0732 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
14:50:31.0468 0732 USBCCID - ok
14:50:31.0484 0732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:50:31.0484 0732 usbehci - ok
14:50:31.0515 0732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:50:31.0531 0732 usbhub - ok
14:50:31.0562 0732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:50:31.0578 0732 usbprint - ok
14:50:31.0593 0732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:50:31.0625 0732 usbscan - ok
14:50:31.0656 0732 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:50:31.0671 0732 USBSTOR - ok
14:50:31.0703 0732 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:50:31.0718 0732 usbuhci - ok
14:50:31.0781 0732 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:50:31.0796 0732 usbvideo - ok
14:50:31.0828 0732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:50:31.0843 0732 VgaSave - ok
14:50:31.0875 0732 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:50:31.0906 0732 viaagp - ok
14:50:31.0921 0732 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:50:31.0937 0732 ViaIde - ok
14:50:31.0968 0732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:50:31.0984 0732 VolSnap - ok
14:50:32.0062 0732 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:50:32.0093 0732 VSS - ok
14:50:32.0125 0732 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:50:32.0156 0732 w32time - ok
14:50:32.0187 0732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:50:32.0203 0732 Wanarp - ok
14:50:32.0234 0732 WavxDMgr (fc2606083f35db9c497d6ba9f554d22c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
14:50:32.0281 0732 WavxDMgr - ok
14:50:32.0328 0732 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:50:32.0359 0732 Wdf01000 - ok
14:50:32.0359 0732 WDICA - ok
14:50:32.0390 0732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:50:32.0406 0732 wdmaud - ok
14:50:32.0421 0732 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:50:32.0453 0732 WebClient - ok
14:50:32.0531 0732 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:50:32.0578 0732 winmgmt - ok
14:50:32.0609 0732 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:50:32.0640 0732 WmdmPmSN - ok
14:50:32.0750 0732 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:50:32.0796 0732 Wmi - ok
14:50:32.0812 0732 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:50:32.0812 0732 WmiAcpi - ok
14:50:32.0859 0732 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:50:32.0937 0732 WmiApSrv - ok
14:50:33.0109 0732 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:50:33.0156 0732 WMPNetworkSvc - ok
14:50:33.0203 0732 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:50:33.0218 0732 WS2IFSL - ok
14:50:33.0250 0732 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:50:33.0281 0732 wscsvc - ok
14:50:33.0281 0732 WSearch - ok
14:50:33.0328 0732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:50:33.0343 0732 WSTCODEC - ok
14:50:33.0359 0732 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:50:33.0359 0732 wuauserv - ok
14:50:33.0390 0732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:50:33.0421 0732 WudfPf - ok
14:50:33.0453 0732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:50:33.0468 0732 WudfRd - ok
14:50:33.0484 0732 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:50:33.0500 0732 WudfSvc - ok
14:50:33.0546 0732 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:50:33.0546 0732 WZCSVC - ok
14:50:33.0593 0732 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:50:33.0609 0732 xmlprov - ok
14:50:33.0609 0732 yyftbyn - ok
14:50:33.0656 0732 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:50:33.0718 0732 \Device\Harddisk0\DR0 - ok
14:50:33.0718 0732 Boot (0x1200) (9fbd45bfbf2e696c64471147d615b970) \Device\Harddisk0\DR0\Partition0
14:50:33.0718 0732 \Device\Harddisk0\DR0\Partition0 - ok
14:50:33.0718 0732 ============================================================
14:50:33.0718 0732 Scan finished
14:50:33.0718 0732 ============================================================
14:50:33.0734 2824 Detected object count: 0
14:50:33.0734 2824 Actual detected object count: 0

***** END TDSSKiller Log ******






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 14:55:30
-----------------------------
14:55:30.937 OS Version: Windows 5.1.2600 Service Pack 3
14:55:30.937 Number of processors: 2 586 0x170A
14:55:30.937 ComputerName: DELL_LAPTOP UserName:
14:55:31.687 Initialize success
14:58:55.078 AVAST engine defs: 12042900
14:59:18.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:59:18.562 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8
14:59:18.562 Disk 0 MBR read successfully
14:59:18.562 Disk 0 MBR scan
14:59:18.609 Disk 0 Windows VISTA default MBR code
14:59:18.609 Disk 0 Partition 1 00 DE Dell Utility MSWIN4.1 180 MB offset 63
14:59:18.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152444 MB offset 369495
14:59:18.625 Disk 0 scanning sectors +312576705
14:59:18.718 Disk 0 scanning C:\WINDOWS\system32\drivers
14:59:31.062 Service scanning
14:59:53.734 Modules scanning
14:59:59.562 Disk 0 trace - called modules:
14:59:59.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:59:59.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a641030]
14:59:59.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a642028]
15:00:00.140 AVAST engine scan C:\WINDOWS
15:00:13.843 AVAST engine scan C:\WINDOWS\system32
15:04:00.687 AVAST engine scan C:\WINDOWS\system32\drivers
15:04:16.656 AVAST engine scan C:\Documents and Settings\Linda Hughes
15:07:02.296 File: C:\Documents and Settings\Linda Hughes\My Documents\Downloads\OTL.exe **INFECTED** Win32:Rootkit-gen [Rtk]
15:08:20.031 AVAST engine scan C:\Documents and Settings\All Users
15:10:05.046 Scan finished successfully
15:15:40.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Linda Hughes\Desktop\MBR.dat"
15:15:40.734 The log file has been saved successfully to "C:\Documents and Settings\Linda Hughes\Desktop\aswMBR.txt"


***** END aswMBR.txt ****

#6 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 29 April 2012 - 11:47 PM

You are welcome :)

Copy all lines in the box:
Killall::
Ignore::
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
Rootkit::
pkyqhq
yyftbyn
Driver::
Browser32
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.



#7 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 30 April 2012 - 03:41 AM

I did as you asked... That was 3 hours ago, I don't think ComboFix is still running. Windows appears to be hung. I'm going to force a shutdown, restart and try again.

#8 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 30 April 2012 - 04:12 AM

Failed again. It does not appear possible to run CFScript as requested. I can try to uninstall ComboFix, download it again, install it again, and try to run CFScript again, what do you think?

#9 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 30 April 2012 - 11:31 AM

Yes, please delete the ComboFix file on your desktop and download it again. Start the computer in Safe mode by tapping F8 key repeatedly during the start and select Safe mode in the menu, see http://www.microsoft...t_failsafe.mspx and then try to run ComboFix with CFScript. If still impossible we will try with other programs.



#10 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 01 May 2012 - 12:54 AM

I apologize for the delay in posting, had to go to work today. This time it did work. I'll post the ComboFix log. Unfortunately, when doing a "normal" boot, XP appears non-functional. I'm having to post this in Safe Mode.

ComboFix Log Follows:

ComboFix 12-04-31.01 - Linda Hughes 04/30/2012 18:46:25.4.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1620 [GMT -4:00]
Running from: c:\documents and settings\Linda Hughes\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Linda Hughes\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BROWSER32
-------\Service_Browser32
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 11:56 . 2012-04-30 11:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-04-28 22:50 . 2012-04-28 22:50 -------- d-----w- c:\program files\ESET
2012-04-28 06:20 . 2012-04-28 06:38 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\NPE
2012-04-28 06:20 . 2012-04-28 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-04-23 04:46 . 2012-04-23 04:46 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\adaware
2012-04-23 03:07 . 2011-05-11 20:26 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-04-23 03:07 . 2011-05-11 20:26 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-04-23 03:07 . 2011-04-05 21:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-23 03:07 . 2011-04-05 21:35 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-23 03:07 . 2011-04-05 21:35 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-23 03:07 . 2011-02-08 13:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-23 03:06 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-04-23 03:06 . 2012-04-26 01:53 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\adawaretb
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\adawaretb
2012-04-23 03:05 . 2012-04-27 23:01 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Ad-Aware Antivirus
2012-04-22 21:46 . 2012-04-22 21:46 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 21:46 . 2012-04-22 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Windows Live Writer
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Windows Live Writer
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\windows\Performance
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Microsoft Corporation
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32 . 2012-04-07 17:32 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06 . 2012-04-07 16:17 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 05:51 . 2012-04-07 02:08 -------- d-----w- C:\Hide
2012-04-07 02:03 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-07 01:57 . 2012-04-07 15:49 -------- d-----w- C:\BOOT
2012-04-07 01:57 . 2012-04-07 16:06 -------- d-----w- C:\My Backups
2012-04-07 01:56 . 2012-02-08 19:46 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-04-07 01:56 . 2011-12-23 03:09 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-04-07 01:56 . 2011-12-23 03:09 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-04-07 01:56 . 2011-12-23 03:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-04-07 01:56 . 2011-12-23 03:09 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-04-07 01:56 . 2012-04-07 01:56 -------- d-----w- c:\program files\EaseUS
2012-04-07 01:54 . 2012-04-07 01:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-07 01:50 . 2012-04-07 15:12 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Auslogics
2012-04-07 01:50 . 2012-04-07 01:53 -------- d-----w- c:\program files\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 11:47 . 2009-07-28 03:38 0 ----a-w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\WavXMapDrive.bat
2012-04-22 21:46 . 2010-08-05 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-10-29 15:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16 . 2011-07-24 17:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [4/6/2012 9:56 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [4/6/2012 9:56 PM 40840]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:15 PM 101720]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [3/29/2012 12:44 PM 1161072]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [5/17/2011 6:35 PM 2804280]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [6/5/2009 1:55 AM 300672]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [6/5/2009 1:55 AM 402944]
S0 pkyqhq;pkyqhq; [x]
S0 yyftbyn;yyftbyn; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [4/6/2012 9:56 PM 16008]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [4/6/2012 9:56 PM 185864]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/22/2012 11:07 PM 21592]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/22/2012 11:07 PM 332248]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/22/2012 11:07 PM 212568]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [9/13/2009 1:53 PM 99568]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [4/6/2012 9:56 PM 61064]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [4/6/2012 9:56 PM 23176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 11:55 AM 654408]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/22/2012 11:07 PM 74968]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/5/2009 4:17 AM 112512]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/5/2009 4:17 AM 32808]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [6/5/2009 1:55 AM 378368]
S3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [6/5/2009 1:55 AM 76328]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [6/5/2009 1:55 AM 14976]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [6/5/2009 1:55 AM 14976]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [6/5/2009 1:55 AM 387200]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [6/5/2009 1:55 AM 431616]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [6/5/2009 1:55 AM 25984]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/5/2009 4:17 AM 244368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 11:55 AM 22344]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/5/2009 4:17 AM 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/5/2009 4:17 AM 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/5/2009 4:17 AM 280096]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/22/2012 11:07 PM 94040]
S3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [6/5/2009 1:55 AM 25640]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/5/2009 2:00 AM 232744]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-04-29 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-28 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008Core.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008UA.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-04-30 c:\windows\Tasks\User_Feed_Synchronization-{B556E602-50A3-46B4-AA42-DB854EA58D42}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 18:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(372)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(616)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-04-30 18:55:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 22:55
.
Pre-Run: 127,800,979,456 bytes free
Post-Run: 127,777,710,080 bytes free
.
- - End Of File - - FAA2AF4C89462CC8103FE8B35CD2E9B4

Thank-you.

#11 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 01 May 2012 - 04:46 AM

Just so you know... After another reboot into normal mode, XP is working again.

#12 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 01 May 2012 - 10:57 AM

Good that XP is working again.

Copy all lines in the box:
Killall::
Driver::
pkyqhq
yyftbyn
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

#13 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 01 May 2012 - 01:32 PM

Here you go... ComboFixLog3.txt follows:


ComboFix 12-05-01.01 - Linda Hughes 05/01/2012 7:57.5.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1611 [GMT -4:00]
Running from: c:\documents and settings\Linda Hughes\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Linda Hughes\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pkyqhq
-------\Service_yyftbyn
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-04-30 11:56 . 2012-04-30 11:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-04-28 22:50 . 2012-04-28 22:50 -------- d-----w- c:\program files\ESET
2012-04-28 06:20 . 2012-04-28 06:38 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\NPE
2012-04-28 06:20 . 2012-04-28 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-04-23 04:46 . 2012-04-23 04:46 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\adaware
2012-04-23 03:07 . 2011-05-11 20:26 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-04-23 03:07 . 2011-05-11 20:26 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-04-23 03:07 . 2011-04-05 21:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-23 03:07 . 2011-04-05 21:35 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-23 03:07 . 2011-04-05 21:35 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-23 03:07 . 2011-02-08 13:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-23 03:06 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-04-23 03:06 . 2012-04-26 01:53 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\adawaretb
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\adawaretb
2012-04-23 03:05 . 2012-04-27 23:01 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Ad-Aware Antivirus
2012-04-22 21:46 . 2012-04-22 21:46 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 21:46 . 2012-04-22 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Windows Live Writer
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Windows Live Writer
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\windows\Performance
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Microsoft Corporation
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32 . 2012-04-07 17:32 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06 . 2012-04-07 16:17 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 05:51 . 2012-04-07 02:08 -------- d-----w- C:\Hide
2012-04-07 02:03 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-07 01:57 . 2012-04-07 15:49 -------- d-----w- C:\BOOT
2012-04-07 01:57 . 2012-04-07 16:06 -------- d-----w- C:\My Backups
2012-04-07 01:56 . 2012-02-08 19:46 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-04-07 01:56 . 2011-12-23 03:09 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-04-07 01:56 . 2011-12-23 03:09 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-04-07 01:56 . 2011-12-23 03:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-04-07 01:56 . 2011-12-23 03:09 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-04-07 01:56 . 2012-04-07 01:56 -------- d-----w- c:\program files\EaseUS
2012-04-07 01:54 . 2012-04-07 01:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-07 01:50 . 2012-04-07 15:12 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Auslogics
2012-04-07 01:50 . 2012-04-07 01:53 -------- d-----w- c:\program files\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 23:59 . 2009-07-28 03:38 0 ----a-w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\WavXMapDrive.bat
2012-04-22 21:46 . 2010-08-05 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-10-29 15:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16 . 2011-07-24 17:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-30_22.53.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 16:16 . 2012-05-01 12:07 98632 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2012-05-01 12:07 514768 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [4/6/2012 9:56 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [4/6/2012 9:56 PM 40840]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/22/2012 11:07 PM 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:15 PM 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/22/2012 11:07 PM 212568]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [3/29/2012 12:44 PM 1161072]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [5/17/2011 6:35 PM 2804280]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [6/5/2009 1:55 AM 300672]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [6/5/2009 1:55 AM 402944]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/5/2009 4:17 AM 244368]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [4/6/2012 9:56 PM 16008]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [4/6/2012 9:56 PM 185864]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/22/2012 11:07 PM 21592]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [9/13/2009 1:53 PM 99568]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [4/6/2012 9:56 PM 61064]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [4/6/2012 9:56 PM 23176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 11:55 AM 654408]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/22/2012 11:07 PM 74968]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/5/2009 4:17 AM 112512]
S3 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/5/2009 4:17 AM 32808]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [6/5/2009 1:55 AM 378368]
S3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [6/5/2009 1:55 AM 76328]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [6/5/2009 1:55 AM 14976]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [6/5/2009 1:55 AM 14976]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [6/5/2009 1:55 AM 387200]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [6/5/2009 1:55 AM 431616]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [6/5/2009 1:55 AM 25984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 11:55 AM 22344]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/5/2009 4:17 AM 148056]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/5/2009 4:17 AM 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/5/2009 4:17 AM 280096]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/22/2012 11:07 PM 94040]
S3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [6/5/2009 1:55 AM 25640]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/5/2009 2:00 AM 232744]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-04-29 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-05-01 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-28 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008Core.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008UA.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-05-01 c:\windows\Tasks\User_Feed_Synchronization-{B556E602-50A3-46B4-AA42-DB854EA58D42}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 08:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1368)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-05-01 08:25:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 12:25
ComboFix2.txt 2012-04-30 22:55
.
Pre-Run: 127,641,141,248 bytes free
Post-Run: 127,695,880,192 bytes free
.
- - End Of File - - 5106748CA50A68A902B7FA5990B8D8EA


Thank-you

#14 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 01 May 2012 - 01:57 PM

1. Copy all lines in the box:
Killall::
DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir
Quit::
and paste into Notepad.
Save the file on the desktop with the name CFScript.

Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.

2. Does MalwareBytes AntiMalware find anything now?

3. Please, run DDS and post its logs, too.


#15 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 02 May 2012 - 04:13 AM

As requested...
1. ComboFix Log
2. Malwarebytes Log
3. DDS.txt
4. attach.txt


ComboFix 12-05-01.02 - Linda Hughes 05/01/2012 20:08:47.6.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1580 [GMT -4:00]
Running from: c:\documents and settings\Linda Hughes\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Linda Hughes\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-04-30 11:56 . 2012-04-30 11:56 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-04-28 22:50 . 2012-04-28 22:50 -------- d-----w- c:\program files\ESET
2012-04-28 06:20 . 2012-04-28 06:38 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\NPE
2012-04-28 06:20 . 2012-04-28 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-04-23 04:46 . 2012-04-23 04:46 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\adaware
2012-04-23 03:07 . 2011-05-11 20:26 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-04-23 03:07 . 2011-05-11 20:26 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-04-23 03:07 . 2011-04-05 21:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-23 03:07 . 2011-04-05 21:35 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-23 03:07 . 2011-04-05 21:35 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-23 03:07 . 2011-02-08 13:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-04-23 03:07 . 2012-04-23 03:07 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-23 03:06 . 2012-04-23 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-04-23 03:06 . 2012-04-26 01:53 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\adawaretb
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-23 03:06 . 2012-04-23 03:06 -------- d-----w- c:\program files\adawaretb
2012-04-23 03:05 . 2012-04-27 23:01 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Ad-Aware Antivirus
2012-04-22 21:46 . 2012-04-22 21:46 -------- d-----w- c:\program files\Common Files\Java
2012-04-22 21:46 . 2012-04-22 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Windows Live Writer
2012-04-08 03:25 . 2012-04-08 03:25 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Windows Live Writer
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\windows\Performance
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Microsoft Corporation
2012-04-07 17:39 . 2012-04-07 17:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32 . 2012-04-07 17:32 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06 . 2012-04-07 16:17 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 05:51 . 2012-04-07 02:08 -------- d-----w- C:\Hide
2012-04-07 02:03 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-07 01:57 . 2012-04-07 15:49 -------- d-----w- C:\BOOT
2012-04-07 01:57 . 2012-04-07 16:06 -------- d-----w- C:\My Backups
2012-04-07 01:56 . 2012-02-08 19:46 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-04-07 01:56 . 2011-12-23 03:09 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-04-07 01:56 . 2011-12-23 03:09 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-04-07 01:56 . 2011-12-23 03:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-04-07 01:56 . 2011-12-23 03:09 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-04-07 01:56 . 2012-04-07 01:56 -------- d-----w- c:\program files\EaseUS
2012-04-07 01:54 . 2012-04-07 01:54 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-07 01:50 . 2012-04-07 15:12 -------- d-----w- c:\documents and settings\Linda Hughes\Application Data\Auslogics
2012-04-07 01:50 . 2012-04-07 01:53 -------- d-----w- c:\program files\Auslogics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 00:15 . 2009-07-28 03:38 0 ----a-w- c:\documents and settings\Linda Hughes\Local Settings\Application Data\WavXMapDrive.bat
2012-04-22 21:46 . 2010-08-05 00:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-10-29 15:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16 . 2011-07-24 17:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2010-05-12 20:42 . 2010-05-12 20:42 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 21:22 . 2010-05-12 21:22 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 20:43 . 2010-05-12 20:43 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 20:42 . 2010-05-12 20:42 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 20:42 . 2010-05-12 20:42 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 20:41 . 2010-05-12 20:41 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 20:42 . 2010-05-12 20:42 31160 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 20:42 . 2010-05-12 20:42 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 17:55 . 2010-04-14 17:55 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 20:43 . 2010-05-12 20:43 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-30_22.53.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-02 00:13 . 2012-05-02 00:13 16384 c:\windows\temp\Perflib_Perfdata_8e0.dat
+ 2008-04-25 16:16 . 2012-05-02 00:19 98632 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2012-05-02 00:19 514768 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 15:24 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]
"nwiz"="nwiz.exe" [2008-08-28 1630208]
"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-28 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-12-19 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-12-22 145408]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-01-16 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-01-16 95544]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-01-19 667648]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-01-16 15360]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-03-01 1810432]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-8-15 604776]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-2-6 1095456]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\Agent.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TbService.exe"=
"c:\\Program Files\\EaseUS\\Todo Backup\\bin\\TBConsoleUI.exe"=
"c:\\Program Files\\adawaretb\\dtUser.exe"=
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [4/6/2012 9:56 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [4/6/2012 9:56 PM 40840]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/16/2010 4:22 PM 65584]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [4/6/2012 9:56 PM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [4/6/2012 9:56 PM 185864]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [4/22/2012 11:07 PM 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/22/2012 11:07 PM 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/29/2011 2:15 PM 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/22/2012 11:07 PM 212568]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [3/29/2012 12:44 PM 1161072]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 6:56 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 12:07 PM 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [1/22/2009 11:19 AM 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [1/22/2009 11:19 AM 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/6/2009 9:06 PM 443168]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [4/6/2012 9:56 PM 61064]
R2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [4/6/2012 9:56 PM 23176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/29/2011 11:55 AM 654408]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [5/17/2011 6:35 PM 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [4/22/2012 11:07 PM 74968]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 7:09 PM 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/5/2009 4:17 AM 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [6/5/2009 4:17 AM 32808]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [6/5/2009 1:55 AM 300672]
R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [6/5/2009 1:55 AM 378368]
R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [6/5/2009 1:55 AM 76328]
R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [6/5/2009 1:55 AM 14976]
R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [6/5/2009 1:55 AM 14976]
R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [6/5/2009 1:55 AM 387200]
R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [6/5/2009 1:55 AM 431616]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [6/5/2009 1:55 AM 402944]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [6/5/2009 4:17 AM 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/29/2011 11:55 AM 22344]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [6/5/2009 4:17 AM 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [6/5/2009 4:17 AM 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [6/5/2009 4:17 AM 280096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/22/2012 11:07 PM 94040]
R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [6/5/2009 1:55 AM 25640]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [6/5/2009 2:00 AM 232744]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [9/13/2009 1:53 PM 99568]
S3 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 6:28 AM 42832]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [6/5/2009 1:55 AM 25984]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/22/2012 11:07 PM 69208]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 16:44]
.
2012-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2012-04-29 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-05-01 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-28 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 02:12]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008Core.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336150676-2409307216-1122387371-1008UA.job
- c:\documents and settings\Linda Hughes\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-23 04:46]
.
2012-05-02 c:\windows\Tasks\User_Feed_Synchronization-{B556E602-50A3-46B4-AA42-DB854EA58D42}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.1
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-01 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1496)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(1360)
c:\windows\system32\WININET.dll
c:\docume~1\LINDAH~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\drivers\audio\r213367\stacsv.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\dldocoms.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\fxssvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-05-01 20:22:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 00:22
ComboFix2.txt 2012-05-01 12:25
ComboFix3.txt 2012-04-30 22:55
.
Pre-Run: 127,640,358,912 bytes free
Post-Run: 125,480,235,008 bytes free
.
- - End Of File - - 984091BA5B3D7A4E5736BB60F91BFDC6


Malwarebytes Log follows:



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda Hughes :: DELL_LAPTOP [administrator]

Protection: Enabled

5/1/2012 9:06:03 PM
mbam-log-2012-05-01 (21-06-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287045
Time elapsed: 52 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



dds.txt follows:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Linda Hughes at 22:01:21 on 2012-05-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1109 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] "c:\program files\wave systems corp\SecureUpgrade.exe"
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://bh-c2s-asa1.browardhealth.org/+CSCOL+/csvrloader32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248832565437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{5FDD0D54-FC8A-4A82-BC41-106426E6208E} : DhcpNameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-4-6 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-4-6 40840]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-4-6 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-4-6 185864]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-4-22 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-22 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-22 212568]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-12-29 320800]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-2-6 443168]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-4-6 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-4-6 23176]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-29 654408]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-4-22 74968]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-3-1 77824]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-6-5 112512]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-6-5 32808]
R3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\drivers\d553bus.sys [2009-6-5 300672]
R3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\drivers\d553card.sys [2009-6-5 378368]
R3 d553gps;Dell Wireless 5530 HSPA Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\d553gps.sys [2009-6-5 76328]
R3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\d553mdfl.sys [2009-6-5 14976]
R3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\drivers\d553mdfl2.sys [2009-6-5 14976]
R3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\d553mdm.sys [2009-6-5 387200]
R3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\drivers\d553mdm2.sys [2009-6-5 431616]
R3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\drivers\d553unic.sys [2009-6-5 402944]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-5 244368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-29 22344]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-6-5 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-6-5 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-6-5 280096]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-22 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-22 94040]
R3 Sony_EricssonWWSC;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\d553scard.sys [2009-6-5 25640]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-6-5 232744]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2009-9-13 99568]
S3 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\drivers\d553nd5.sys [2009-6-5 25984]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver; [x]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-22 69208]
.
=============== Created Last 30 ================
.
2012-04-30 11:58:26 98816 ----a-w- c:\windows\sed.exe
2012-04-30 11:58:26 518144 ----a-w- c:\windows\SWREG.exe
2012-04-30 11:58:26 256000 ----a-w- c:\windows\PEV.exe
2012-04-30 11:58:26 208896 ----a-w- c:\windows\MBR.exe
2012-04-28 22:50:16 -------- d-----w- c:\program files\ESET
2012-04-28 06:20:42 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\NPE
2012-04-28 06:20:42 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-04-23 04:46:06 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\Google
2012-04-23 03:07:22 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\adaware
2012-04-23 03:07:16 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-23 03:07:16 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-04-23 03:07:16 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-04-23 03:07:16 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-23 03:07:12 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-23 03:07:12 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-23 03:07:09 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-23 03:06:44 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\adawarebp
2012-04-23 03:06:44 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-04-23 03:06:43 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-23 03:06:43 -------- d-----w- c:\documents and settings\linda hughes\application data\adawaretb
2012-04-23 03:06:42 -------- d-----w- c:\program files\adawaretb
2012-04-23 03:05:37 -------- d-----w- c:\documents and settings\linda hughes\application data\Ad-Aware Antivirus
2012-04-23 02:36:50 -------- d-sha-r- C:\cmdcons
2012-04-22 21:46:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-08 03:25:30 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\Windows Live Writer
2012-04-08 03:25:30 -------- d-----w- c:\documents and settings\linda hughes\application data\Windows Live Writer
2012-04-07 17:39:43 -------- d-----w- c:\windows\Performance
2012-04-07 17:39:36 -------- d-----w- c:\documents and settings\linda hughes\local settings\application data\Microsoft Corporation
2012-04-07 17:39:18 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-04-07 17:32:34 -------- d-----w- c:\program files\Microsoft Download Manager
2012-04-07 16:06:35 -------- d-----w- c:\windows\system32\NtmsData
2012-04-07 05:51:38 -------- d-----w- C:\Hide
2012-04-07 02:03:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-07 01:57:46 -------- d-----w- C:\BOOT
2012-04-07 01:57:02 -------- d-----w- C:\My Backups
2012-04-07 01:56:58 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-04-07 01:56:58 40840 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-04-07 01:56:58 185864 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-04-07 01:56:58 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-04-07 01:56:39 20616 ----a-w- c:\windows\system32\fbnative.exe
2012-04-07 01:56:17 -------- d-----w- c:\program files\EaseUS
2012-04-07 01:54:43 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-04-07 01:50:39 -------- d-----w- c:\documents and settings\linda hughes\application data\Auslogics
2012-04-07 01:50:35 -------- d-----w- c:\program files\Auslogics
2012-04-07 01:12:39 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2012-04-22 21:46:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-07 14:19:03 3452 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-04-07 14:16:09 88 --sh--r- c:\windows\system32\588A1B5A94.sys
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 17:16:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:03:03.31 ===============


attach.txt follows:



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/27/2009 11:38:11 PM
System Uptime: 5/1/2012 8:12:48 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0K879F
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz | Microprocessor | 2500/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 116.837 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
==== System Restore Points ===================
.
RP1: 5/1/2012 7:59:17 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Auslogics Disk Defrag
Auslogics Registry Cleaner
Auslogics Registry Defrag
BioAPI Framework
biolsp patch
Bonjour
Broadcom USH Host Components
Business Contact Manager for Outlook 2007 SP2
CCScore
Choice Guard
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Corel Snapfire muvee autoProducer add-on
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
DCP32MMWrapper
Dell 5530 Wireless Broadband Package
Dell 968 AIO Printer
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
EaseUS Todo Backup Free 4.0
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
ESET Online Scanner v3
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Eusing Free Registry Cleaner
File Uploader
Gemalto
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Update
I.R.I.S. OCR
Integrated Webcam Driver (1.06.03.0309)
Intel PROSet Wireless
Intel® Network Connections 13.0.42.0
Intel® PRO Alerting Agent
Intel® PROSet/Wireless WiFi API
Intel® PROSet/Wireless WiFi Driver
Intel® Matrix Storage Manager
##nospam Configuration Utility
iTunes
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Malwarebytes Anti-Malware version 1.61.0.1400
Marketsplash Shortcuts
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 5.0
netbrdg
Nikon Message Center
Nikon Transfer
Notifier
NTRU TCG Software Stack
NVIDIA Drivers
OfotoXMI
OGA Notifier 2.0.0048.0
PCDADDIN
PCDHELP
Picture Control Utility
PowerDVD DX
Preboot Manager
Private Information Manager
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Secure Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Segoe UI
SFR
SHASTA
SKIN0001
SKINXSDK
SO32MMWrapper
Sonic CinePlayer Decoder Pack
SRS Premium Sound
staticcr
tooltips
Trusted Drive Manager
tsp patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX
VPRINTOL
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WIRELESS
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
5/1/2012 7:59:57 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
5/1/2012 7:59:57 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
5/1/2012 7:59:57 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
5/1/2012 7:13:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
5/1/2012 7:13:58 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/30/2012 7:59:41 AM, error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
4/30/2012 7:58:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm EUDSKACS EUFDDISK Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd SbFw SbTis Tcpip WS2IFSL
4/30/2012 7:58:14 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2012 7:58:14 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2012 7:58:14 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2012 7:58:14 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2012 7:58:14 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2012 7:58:14 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/30/2012 7:57:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/30/2012 7:56:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/30/2012 7:49:36 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 a26b19e2, parameter3 ba507c3c, parameter4 ba507938.
4/30/2012 7:44:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm EUDSKACS EUFDDISK Fips intelppm sbaphd
4/30/2012 7:19:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
4/29/2012 8:27:32 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 8:27:32 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 8:27:32 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:35:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
4/29/2012 7:35:00 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The TdmService service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Smith Micro Connection Manager Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Guard Agent service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The dldo_device service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The ASF Agent service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:19 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/29/2012 7:15:19 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 7:15:19 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The Credential Vault Host Storage service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The Credential Vault Host Control Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The Business Contact Manager SQL Server Startup Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 7:15:18 PM, error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/29/2012 11:07:44 AM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 5 time(s).
4/29/2012 11:07:11 AM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 4 time(s).
4/29/2012 11:05:16 AM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 3 time(s).
4/29/2012 11:04:20 AM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 2 time(s).
4/29/2012 10:51:46 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 10:51:45 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
4/29/2012 10:51:45 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
4/28/2012 8:06:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR250\0000 disappeared from the system without first being prepared for removal.
4/28/2012 8:05:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dldoCATSCustConnectService service to connect.
4/28/2012 8:05:06 AM, error: Service Control Manager [7000] - The dldoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/28/2012 8:04:57 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
4/28/2012 11:39:33 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
4/27/2012 7:27:14 PM, error: Service Control Manager [7022] - The Ad-Aware service hung on starting.
4/27/2012 6:57:28 PM, error: Service Control Manager [7034] - The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).
4/27/2012 6:47:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.97 for the Network Card with network address 002170E9ED11 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
4/27/2012 1:01:12 PM, error: PlugPlayManager [12] - The device 'PLDS DVD+-RW DU-8A2S' (IDE\CdRomPLDS_DVD+-RW_DU-8A2S____________________4D12____\4&3ac9d9dd&0&0.1.0) disappeared from the system without first being prepared for removal.
4/27/2012 1:01:11 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/26/2012 11:22:52 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
4/26/2012 10:40:56 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
4/25/2012 8:48:28 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
4/24/2012 2:18:47 PM, error: System Error [1003] - Error code 000000fe, parameter1 00000004, parameter2 86faee90, parameter3 89aa2780, parameter4 00000000.
4/24/2012 2:15:56 PM, error: Dhcp [1002] - The IP address lease 10.0.0.45 for the Network Card with network address 002170E9ED11 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


Thank-you

Edited by Earle, 02 May 2012 - 04:29 AM.


#16 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 02 May 2012 - 01:13 PM

I cannot see anything malicious in the logs.

I cann't see in any ComboFix log that ComboFix has restored the normal files it moved the first time. Please check inside C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\ if you can see the files:
fusion.dll.vir
mscoree.dll.vir
mscoree.dll.local.vir
mscorsn.dll.vir
mscorwks.dll.vir
msvcr71.dll.vir
regtlib.exe.vir

#17 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 May 2012 - 01:08 AM

The C:\Qoobox\Quarantine\C\ directory is empty.

#18 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 03 May 2012 - 01:04 PM

Then nothing can be restored, of course.

Is everything al-right with the computer now?
In that case I will give you instructions of how to uninstall the special tools.

#19 Earle

Earle

    Member

  • Members
  • PipPip
  • 14 posts

Posted 03 May 2012 - 07:00 PM

Seems to be OK, except that from a cold start or an occasion reboot the computer will come up to the desktop but hang. Forcing a power off, then power on restart will usually fix this. I am afraid of trashing files shutting down this way. Otherwise I am ready for clean-up.
Thank-you again for all your help.

#20 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 8126 posts

Posted 03 May 2012 - 07:13 PM

That not good. Please, run TDSSKiller and aswMBR again following the instructions you got earlier.

Restart the computer.
Please, save RougueKiller on the Desktop.
http://www.sur-la-to...om/RogueKiller/
Turn off all running programs.

Start RougueKiller. If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

Wait until "Prescan" has finished.
Click on "Scan" button in upper right corner.
Wait until the scan has finished.

A report with a name similar to RKreport.txt should have been created on the desktop.
Please, post it in your answer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users