Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen - Totally blank [Solved]

Started by mhsmused , May 16 2010 09:16 PM

  • This topic is locked This topic is locked

#1
mhsmused
Posted 16 May 2010 - 09:16 PM

mhsmused

    New Member

  • Member
  • Pip
  • 5 posts
HELP - I have ran a couple of different programs, but am unable to remove whatever this issue is. The computer will boot up, go through the windows load screen, then seems to get stuck on the blue screen just before the login would normally popup. I can run in safe-mode, but will randomly be redirected to an antivirus site telling me I need
to purchase their software. I am posting all of the logs below from the malware and spyware cleaning guide. Thanks in advance for your help!

MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4108

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/16/2010 10:39:16 PM
mbam-log-2010-05-16 (22-39-16).txt

Scan type: Quick scan
Objects scanned: 159595
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\glfonhir (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\glfonhir (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\jomisko\Local Settings\Application Data\ejlvbgduy\oynsmoetssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.


________________________________________________________________________
Erunt Ark.txt
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 22:56:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\jomisko\LOCALS~1\Temp\uflyypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwAllocateVirtualMemory [0xF6A5E750]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF71C1D72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF71A29A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF71A2B98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF71C2568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF71C2820]
SSDT sppi.sys ZwEnumerateKey [0xF7384CA4]
SSDT sppi.sys ZwEnumerateValueKey [0xF7385032]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF71C0A80]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF6A5E880]
SSDT sppi.sys ZwQueryKey [0xF738510A]
SSDT sppi.sys ZwQueryValueKey [0xF7384F8A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF71C2C8A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF71C2036]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF71A2656]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwWriteVirtualMemory [0xF6A5E9B0]

INT 0x63 ? 8A49EF00
INT 0x73 ? 8A49EF00
INT 0x73 ? 8A49EF00
INT 0x74 ? 8A49EF00
INT 0x83 ? 8A49EF00
INT 0x84 ? 8A49EF00
INT 0x94 ? 8A49EF00
INT 0xB4 ? 8A5FDBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 29A 804E4AF4 4 Bytes CALL 8345419E
.text ntoskrnl.exe!ZwYieldExecution + 4CA 804E4D24 4 Bytes JMP DAE143CE
? sppi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6FB9934 5 Bytes JMP 8A49E4E0
.text a14v0m8q.SYS F6ACC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a14v0m8q.SYS F6ACC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a14v0m8q.SYS F6ACC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a14v0m8q.SYS F6ACC3C9 1 Byte [30]
.text a14v0m8q.SYS F6ACC3C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.rsrc C:\WINDOWS\system32\DRIVERS\tcpip.sys entry point in ".rsrc" section [0xF6879A94]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[900] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[900] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
.text C:\WINDOWS\system32\svchost.exe[1736] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 022B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A2000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E46DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E45A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E47A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1972] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5FC1F8
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A44B1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A58D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A58D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A58D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A58D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A44B1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A44B1F8
Device \Driver\usbehci \Device\USBPDO-3 89AAA500
Device \Driver\usbuhci \Device\USBPDO-4 8A44B1F8
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\usbuhci \Device\USBPDO-5 8A44B1F8
Device \Driver\usbehci \Device\USBPDO-6 89AAA500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5FE1F8
Device \Driver\usbuhci \Device\USBPDO-7 8A44B1F8
Device \Driver\PCI_PNP1056 \Device\00000071 sppi.sys
Device \Driver\Cdrom \Device\CdRom0 89A64500
Device \Driver\Cdrom \Device\CdRom1 89A64500
Device \Driver\iaStor \Device\Ide\iaStor0 [F7218ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F7218ED0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\sptd \Device\3512431056 sppi.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 86EDF1F8
Device \Driver\NetBT \Device\NetbiosSmb 86EDF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F33E4AA0-BD81-4766-9963-7C24ECEAD896} 86EDF1F8
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 8A44B1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A44B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86C9D1F8
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 8A44B1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86C9D1F8
Device \Driver\usbehci \Device\USBFDO-3 89AAA500
Device \Driver\usbuhci \Device\USBFDO-4 8A44B1F8
Device \Driver\Ftdisk \Device\FtControl 8A5FE1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A44B1F8
Device \Driver\usbuhci \Device\USBFDO-6 8A44B1F8
Device \Driver\usbehci \Device\USBFDO-7 89AAA500
Device \Driver\a14v0m8q \Device\Scsi\a14v0m8q1Port1Path0Target0Lun0 89A31500
Device \Driver\a14v0m8q \Device\Scsi\a14v0m8q1 89A31500
Device \FileSystem\Cdfs \Cdfs 86C431F8
Device -> \Driver\iaStor \Device\Harddisk0\DR0 86DBBCEC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x06 0xBB 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC6 0xFF 0xBA 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x7E 0x27 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x49 0x06 0xBB 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC6 0xFF 0xBA 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x82 0x7E 0x27 0x45 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\tcpip.sys suspicious modification
File C:\WINDOWS\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----
________________________________________________________________________
OTL Extras.txt:
OTL Extras logfile created on: 5/16/2010 10:57:49 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\jomisko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 6.00 Gb Free Space | 5.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MHSXP207814
Current User Name: jomisko
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{04F0ECD9-0C90-47A0-B086-E6644A4C286E}" = RUMBA
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Previous Versions Client
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}" = Cisco Systems VPN Client 4.0.5 (A)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E15C4B8-85FC-4539-94F2-8280C0B213A3}" = LeapFrog Tag Plugin
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE4F7B1-FBD2-46A9-9BD2-91080D0D260C}" = GoogleEarth5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B40902A8-9A11-4FB5-8445-68075A504943}" = Yamaha's Digital Music Notebook
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7DD90E2-61F6-47F7-ADB3-8A61088F1F12}" = Sibelius Scorch (ActiveX Only)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E5C1C126-1687-4868-A3DD-B807176E4970}" = HP 3D DriveGuard
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom NetXtreme Ethernet Controller
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Ask Toolbar_is1" = Vuze Toolbar
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dora's World Adventure" = Dora's World Adventure
"ERUNT_is1" = ERUNT 1.1j
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP PSC 2200 Series" = HP Photo and Imaging 2.0 - hp psc 2200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LG USB Drivers" = LG USB Drivers
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mbjr32" = Math Blaster Ages 4-6
"Mickey Mouse Kindergarten" = Disney's Mickey Mouse Kindergarten
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"Reader Rabbit's Preschool" = Reader Rabbit's Preschool
"RegCure" = RegCure
"SMPlayer" = SMPlayer 0.6.7
"SpeedyPC" = SpeedyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2010 3:48:47 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2017797

Error - 5/5/2010 3:48:49 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/5/2010 3:48:49 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2019766

Error - 5/5/2010 3:48:49 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2019766

Error - 5/5/2010 3:48:51 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/5/2010 3:48:51 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2021719

Error - 5/5/2010 3:48:51 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2021719

Error - 5/5/2010 3:48:53 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/5/2010 3:48:53 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2023672

Error - 5/5/2010 3:48:53 PM | Computer Name = MHSXP207814 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2023672

[ OSession Events ]
Error - 9/28/2009 5:17:03 PM | Computer Name = 6730S-SATAIMAGE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/19/2009 4:28:40 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/19/2009 4:29:59 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 73
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 6:51:37 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/22/2009 6:51:53 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/29/2009 10:06:56 AM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/16/2009 9:59:58 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/16/2009 10:00:16 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/17/2009 12:25:40 AM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/5/2010 10:36:58 PM | Computer Name = MHSXP207814 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/16/2010 10:32:17 PM | Computer Name = MHSXP207814 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/16/2010 10:39:37 PM | Computer Name = MHSXP207814 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2010 10:45:10 PM | Computer Name = MHSXP207814 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain MANATEE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/16/2010 10:45:40 PM | Computer Name = MHSXP207814 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2010 10:46:00 PM | Computer Name = MHSXP207814 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2

Error - 5/16/2010 10:46:00 PM | Computer Name = MHSXP207814 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI SysPlant

Error - 5/16/2010 10:46:19 PM | Computer Name = MHSXP207814 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00216BA2D4EC. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 5/16/2010 10:55:49 PM | Computer Name = MHSXP207814 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/16/2010 10:58:03 PM | Computer Name = MHSXP207814 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 5/16/2010 10:58:03 PM | Computer Name = MHSXP207814 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
________________________________________________________________________
OTL Otl.txt:
OTL logfile created on: 5/16/2010 10:57:49 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\jomisko\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 6.00 Gb Free Space | 5.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MHSXP207814
Current User Name: jomisko
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/16 22:56:35 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jomisko\Desktop\OTL.exe
PRC - [2009/10/22 19:22:04 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/22 19:22:02 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 22:56:35 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jomisko\Desktop\OTL.exe
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/10 10:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/10/22 19:22:04 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/22 19:22:04 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/22 19:22:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/22 19:22:04 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/22 19:22:02 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/20 19:10:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/03/18 17:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/09/03 17:04:18 | 001,433,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 08:37:33 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100513.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 08:37:33 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100513.032\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/22 10:48:28 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/19 11:38:30 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/03/19 11:37:15 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/19 11:37:15 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/19 11:19:59 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/11/10 10:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/10/22 19:22:08 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/10/22 19:22:06 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/22 19:22:06 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/22 19:22:06 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/22 19:22:04 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/10/22 19:22:04 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/10/22 19:22:00 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/22 19:22:00 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/22 19:22:00 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/24 14:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/02 09:35:08 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/11/17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/10/09 04:32:46 | 001,810,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/08/13 12:08:44 | 000,325,144 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/07/23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/05/23 14:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 14:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/21 13:48:46 | 006,018,464 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/04/28 16:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/11 12:19:42 | 000,338,944 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/03 12:40:44 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/03 12:40:44 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/03 12:40:44 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/04/03 12:40:44 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/04/03 12:40:44 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/03/28 06:14:02 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/27 14:14:06 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/21 17:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/11/29 18:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2007/06/21 05:40:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/09/03 17:03:12 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2004/02/02 13:29:00 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 14:26:34 | 000,005,220 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.sbmc;10.*.*.*;*.manatee.k12.fl.us;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.4.4.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {0493D792-5C92-440b-81A8-AD6CDFC75212}:1.0
FF - prefs.js..network.proxy.backup.ftp: "10.29.4.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "10.29.4.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.29.4.1"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.29.4.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.29.4.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "10.29.4.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "10.29.4.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "*.sbmc,10.*.*.*,*.manatee.k12.fl.us,*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.29.4.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.29.4.1"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{0493D792-5C92-440b-81A8-AD6CDFC75212}: C:\Program Files\Yamaha Corporation\Digital Music Notebook\Common\Bootstrapper\XpCom\ [2010/04/19 10:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 22:09:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/15 22:09:54 | 000,000,000 | ---D | M]

[2009/07/07 17:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Extensions
[2009/06/16 19:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Firefox\extensions
[2009/06/16 19:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/05/15 22:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Firefox\Profiles\iqh1tutz.default\extensions
[2010/04/30 07:53:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Firefox\Profiles\iqh1tutz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/18 13:33:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Firefox\Profiles\iqh1tutz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/12 22:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jomisko\Application Data\Mozilla\Firefox\Profiles\iqh1tutz.default\extensions\[email protected]
[2010/05/15 22:09:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/16 22:32:12 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/02/20 13:30:24 | 000,000,785 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 10.2.11.1 SYS01
O1 - Hosts: 10.2.11.1 SYS01
O1 - Hosts: 10.2.11.1 SYS01
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Download Centre.lnk = C:\Program Files\Yamaha Corporation\Digital Music Notebook\Common\Download Centre\Download Centre.exe (YAMAHA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.c...dan-canvasx.cab (CanvasX Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233764255359 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233764574687 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = manatee.hs.sbmc
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\jomisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jomisko\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/04 11:13:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{556f1627-33b5-11df-b2dd-00216ba2d4ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{556f1627-33b5-11df-b2dd-00216ba2d4ec}\Shell\Explore\command - "" = system.exe
O33 - MountPoints2\{556f1627-33b5-11df-b2dd-00216ba2d4ec}\Shell\Open\command - "" = system.exe
O33 - MountPoints2\{7337cec7-4f2e-11df-b2ea-00216ba2d4ec}\Shell\AutoRun\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{7337cec7-4f2e-11df-b2ea-00216ba2d4ec}\Shell\open\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{7337cec8-4f2e-11df-b2ea-00216ba2d4ec}\Shell\AutoRun\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{7337cec8-4f2e-11df-b2ea-00216ba2d4ec}\Shell\open\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{89dc6454-5973-11df-b2eb-00216ba2d4ec}\Shell - "" = AutoRun
O33 - MountPoints2\{89dc6454-5973-11df-b2eb-00216ba2d4ec}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89dc6454-5973-11df-b2eb-00216ba2d4ec}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9f5e6757-bd84-11de-b297-00216ba2d4ec}\Shell\AutoRun\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f5e6757-bd84-11de-b297-00216ba2d4ec}\Shell\install\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f5e6757-bd84-11de-b297-00216ba2d4ec}\Shell\usermanualEnglish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f5e6757-bd84-11de-b297-00216ba2d4ec}\Shell\usermanualFrench\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{9f5e6757-bd84-11de-b297-00216ba2d4ec}\Shell\usermanualSpanish\command - "" = F:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{c6fd292b-88cf-11de-b275-aa21c35018e9}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{c6fd292c-88cf-11de-b275-aa21c35018e9}\Shell\AutoRun\command - "" = F:\PortableVault.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/04 10:59:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/16 22:56:43 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jomisko\Desktop\OTL.exe
[2010/05/16 22:34:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jomisko\Application Data\Malwarebytes
[2010/05/16 22:34:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/16 22:34:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/16 22:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/16 22:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/16 22:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/16 22:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/16 22:21:33 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jomisko\Desktop\TFC.exe
[2010/05/16 22:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC
[2010/05/16 22:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC
[2010/05/16 19:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/05/15 21:59:14 | 000,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/05/15 21:59:14 | 000,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/05/15 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/15 21:58:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2010/05/15 21:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/05/15 21:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/05/15 14:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jomisko\Local Settings\Application Data\ejlvbgduy
[2010/04/20 22:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jomisko\My Documents\Azureus Downloads
[2010/04/20 08:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/20 08:09:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/04/20 08:09:40 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010/04/20 08:09:36 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/04/19 14:05:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/04/19 14:05:06 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/04/19 10:24:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jomisko\Local Settings\Application Data\Yamaha Corporation
[2010/04/19 10:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha Corporation
[2010/04/19 10:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yamaha Corporation
[2010/04/19 10:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jomisko\Local Settings\Application Data\Downloaded Installations
[2009/02/04 12:04:33 | 000,195,112 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/02/04 12:04:30 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/05/16 22:56:35 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jomisko\Desktop\OTL.exe
[2010/05/16 22:51:42 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\qoag.sys
[2010/05/16 22:49:16 | 000,527,392 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/16 22:49:16 | 000,444,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/16 22:49:16 | 000,072,422 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/16 22:45:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/16 22:44:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/16 22:39:38 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\jomisko\NTUSER.DAT
[2010/05/16 22:39:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jomisko\ntuser.ini
[2010/05/16 22:39:36 | 004,768,656 | -H-- | M] () -- C:\Documents and Settings\jomisko\Local Settings\Application Data\IconCache.db
[2010/05/16 22:34:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/16 22:32:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\jomisko\Desktop\NTREGOPT.lnk
[2010/05/16 22:32:54 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\jomisko\Desktop\ERUNT.lnk
[2010/05/16 22:21:34 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jomisko\Desktop\TFC.exe
[2010/05/16 22:17:58 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job
[2010/05/16 22:17:58 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC.job
[2010/05/16 22:17:58 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Startup.job
[2010/05/16 22:17:56 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedyPC.lnk
[2010/05/16 19:28:38 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/05/16 19:28:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/05/16 19:28:38 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/05/16 19:28:36 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/05/15 22:15:02 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\jomisko\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 22:06:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/15 21:22:42 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/15 14:18:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2049760794-839522115-1007UA.job
[2010/05/15 14:03:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 13:16:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1249146940.job
[2010/05/13 21:54:47 | 002,151,081 | ---- | M] () -- C:\Documents and Settings\jomisko\Desktop\S08E1.pdf
[2010/05/12 20:03:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/10 13:51:12 | 000,000,313 | ---- | M] () -- C:\Documents and Settings\jomisko\My Documents\My Documents.lnk
[2010/05/09 18:53:28 | 003,695,259 | ---- | M] () -- C:\Documents and Settings\jomisko\Desktop\Chili con carne - Real Group.mp3
[2010/05/09 18:44:50 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/09 07:18:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2049760794-839522115-1007Core.job
[2010/05/05 16:16:41 | 000,001,942 | ---- | M] () -- C:\WINDOWS\System32\PDFSPO~1.ERR
[2010/05/05 16:09:39 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/05/05 16:08:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/03 19:14:11 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2010/05/01 14:50:09 | 006,352,867 | ---- | M] () -- C:\Documents and Settings\jomisko\My Documents\emerils-celebrates-20-years.pdf
[2010/04/29 17:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 11:40:30 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/20 08:52:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/19 13:06:48 | 000,014,937 | ---- | M] () -- C:\Documents and Settings\jomisko\Desktop\Discount Cards.xlsx
[2010/04/19 10:25:21 | 000,094,552 | ---- | M] () -- C:\Documents and Settings\jomisko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/19 10:23:41 | 000,000,622 | ---- | M] () -- C:\WINDOWS\DMN.INI
[2010/04/19 10:23:21 | 000,002,119 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Download Centre.lnk

========== Files Created - No Company Name ==========

[2010/05/16 22:51:42 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\qoag.sys
[2010/05/16 22:34:20 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/16 22:32:54 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\jomisko\Desktop\NTREGOPT.lnk
[2010/05/16 22:32:54 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\jomisko\Desktop\ERUNT.lnk
[2010/05/16 22:17:58 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Program Check.job
[2010/05/16 22:17:58 | 000,000,386 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC.job
[2010/05/16 22:17:58 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Startup.job
[2010/05/16 22:17:56 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedyPC.lnk
[2010/05/16 19:28:38 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/05/16 19:28:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010/05/16 19:28:38 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/05/16 19:28:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010/05/15 21:59:14 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/05/15 21:52:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/13 21:54:47 | 002,151,081 | ---- | C] () -- C:\Documents and Settings\jomisko\Desktop\S08E1.pdf
[2010/05/10 13:51:12 | 000,000,313 | ---- | C] () -- C:\Documents and Settings\jomisko\My Documents\My Documents.lnk
[2010/05/09 18:52:55 | 003,695,259 | ---- | C] () -- C:\Documents and Settings\jomisko\Desktop\Chili con carne - Real Group.mp3
[2010/05/01 14:41:59 | 006,352,867 | ---- | C] () -- C:\Documents and Settings\jomisko\My Documents\emerils-celebrates-20-years.pdf
[2010/04/19 10:23:41 | 000,000,622 | ---- | C] () -- C:\WINDOWS\DMN.INI
[2010/04/19 10:23:21 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Download Centre.lnk
[2009/12/25 22:59:07 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/09/13 22:29:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/21 15:55:38 | 000,000,430 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/07/21 15:53:52 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2009/07/02 09:35:07 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/02/05 09:10:33 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/02/04 16:10:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/02/04 16:06:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/04 16:06:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/04 16:06:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/04 16:06:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/04 16:06:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/04 16:06:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/04 12:04:33 | 001,810,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/02/04 12:04:33 | 000,034,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/02/04 12:04:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/02/04 12:03:53 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2009/02/04 12:00:08 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2008/03/31 15:30:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/09/03 17:04:16 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/10/26 22:14:23 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\vttdrve.dll
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/28 18:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/02/18 18:24:46 | 000,001,536 | ---- | M] () -- C:\aclient.cfg
[2009/02/04 11:13:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/04 11:09:43 | 000,000,213 | -HS- | M] () -- C:\boot.ini
[2009/02/20 15:49:40 | 000,000,164 | ---- | M] () -- C:\chicony.log
[2009/02/04 11:13:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/20 15:43:39 | 000,000,161 | ---- | M] () -- C:\esuinst.log
[2009/02/20 15:39:47 | 000,000,198 | ---- | M] () -- C:\esu_xpsp2.log
[2010/05/03 19:14:11 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/02/20 15:47:44 | 000,176,676 | ---- | M] () -- C:\intel_chipset.log
[2009/02/20 15:48:25 | 000,033,420 | ---- | M] () -- C:\intel_msm.log
[2009/02/04 11:13:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/04 20:57:37 | 000,000,458 | -H-- | M] () -- C:\IPH.PH
[2009/10/16 13:22:40 | 010,464,035 | ---- | M] () -- C:\ituneslib.itl
[2009/02/04 11:13:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/04 11:30:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/16 22:44:16 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2010/05/16 22:08:12 | 000,000,432 | ---- | M] () -- C:\rkill.log
[2009/02/20 15:43:39 | 000,000,227 | ---- | M] () -- C:\sedinst2.log
[2009/02/20 15:52:47 | 000,000,087 | ---- | M] () -- C:\setup.log
[2009/02/04 16:18:28 | 000,021,498 | ---- | M] () -- C:\sunjava.log
[2009/02/20 15:51:18 | 000,000,191 | ---- | M] () -- C:\syntpad.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/04 11:03:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/02/04 11:03:53 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/02/04 11:03:53 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/03/19 11:19:59 | 000,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/16 22:51:42 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\qoag.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/03/22 10:48:28 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/03/19 11:38:30 | 000,162,048 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\wpshelper.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56DA0F9E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
  • 0

Advertisements

#2
CatByte
Posted 16 May 2010 - 10:31 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • 0

#3
mhsmused
Posted 17 May 2010 - 11:49 AM

mhsmused

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Okay, I would first like to say that something is going right. While combofix was working it was forced to restart b/c there were cd emulators that I needed to take care of. When it did that I was worried it was going to get stuck b/c I was unable to put it back in safe mode (which it was running in originally). To my delight, it logged in like normal!! When it was done, all my icons came back and things seem to be running well. I am afraid to restart at this moment at the risk of it not coming back. Here is the log from combofix:

ComboFix 10-05-16.02 - jomisko 05/17/2010 13:35:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1479 [GMT -4:00]
Running from: c:\documents and settings\jomisko\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\inf
c:\windows\system32\inf\Walldata.inf

----- BITS: Possible infected sites -----

hxxp://gateway.digitalmusicnotebook.com
hxxp://hurricaneserv.manatee.hs.sbmc
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 02:17 . 2010-05-17 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC
2010-05-17 02:17 . 2010-05-17 02:17 -------- d-----w- c:\program files\SpeedyPC
2010-05-16 23:28 . 2010-05-16 23:34 -------- d-----w- c:\program files\RegCure
2010-05-16 01:59 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-16 01:59 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-16 01:59 . 2010-05-16 23:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-16 01:52 . 2010-05-17 13:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-16 01:43 . 2010-05-16 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-16 01:26 . 2010-05-16 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-05-15 18:34 . 2010-05-17 02:39 -------- d-----w- c:\documents and settings\jomisko\Local Settings\Application Data\ejlvbgduy
2010-05-15 18:34 . 2010-05-15 18:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-20 12:48 . 2010-04-20 12:48 -------- d-----w- c:\program files\MSXML 4.0
2010-04-20 12:09 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-20 12:09 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-04-20 12:09 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-04-19 18:05 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-19 18:05 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-19 14:24 . 2010-04-19 14:24 -------- d-----w- c:\documents and settings\jomisko\Local Settings\Application Data\Yamaha Corporation
2010-04-19 14:22 . 2010-04-19 14:22 -------- d-----w- c:\program files\Yamaha Corporation
2010-04-19 14:22 . 2010-04-19 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yamaha Corporation
2010-04-19 14:22 . 2010-04-19 14:22 -------- d-----w- c:\documents and settings\jomisko\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 02:34 . 2010-05-17 02:34 -------- d-----w- c:\documents and settings\jomisko\Application Data\Malwarebytes
2010-05-17 02:34 . 2010-05-17 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 02:34 . 2010-05-17 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:32 . 2010-05-17 02:32 -------- d-----w- c:\program files\ERUNT
2010-05-16 23:04 . 2010-01-10 21:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-16 01:22 . 2009-06-07 14:53 -------- d-----w- c:\documents and settings\jomisko\Application Data\Skype
2010-05-16 01:22 . 2009-06-07 14:54 -------- d-----w- c:\documents and settings\jomisko\Application Data\skypePM
2010-05-14 14:10 . 2009-02-05 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 13:48 . 2010-03-24 13:52 -------- d-----w- c:\documents and settings\jomisko\Application Data\U3
2010-05-05 20:16 . 2009-02-05 12:29 -------- d-----w- c:\program files\PDFCreator
2010-04-29 19:39 . 2010-05-17 02:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-17 02:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 17:56 . 2009-09-15 14:07 -------- d-----w- c:\program files\Finale PrintMusic 2010
2010-04-26 17:36 . 2009-07-06 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-04-21 02:47 . 2009-06-16 23:43 -------- d-----w- c:\program files\Vuze
2010-04-21 02:47 . 2009-06-16 23:44 -------- d-----w- c:\documents and settings\jomisko\Application Data\Azureus
2010-04-19 14:25 . 2010-04-08 14:33 94552 ----a-w- c:\documents and settings\jomisko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-07 18:42 . 2010-04-07 18:41 -------- d-----w- c:\program files\iTunes
2010-04-07 18:42 . 2010-04-07 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-07 18:41 . 2010-04-07 18:41 -------- d-----w- c:\program files\iPod
2010-04-07 18:41 . 2009-06-07 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 18:41 . 2009-11-25 12:30 -------- d-----w- c:\program files\QuickTime
2010-04-07 18:40 . 2009-06-07 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-07 18:40 . 2010-04-07 18:40 -------- d-----w- c:\program files\Apple Software Update
2010-04-07 16:31 . 2009-02-04 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-07 16:16 . 2010-04-07 16:16 -------- d-----w- c:\program files\Bonjour
2010-04-07 15:46 . 2010-04-07 15:46 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-31 13:43 . 2009-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 13:43 . 2010-03-31 13:43 503808 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e282a0-n\msvcp71.dll
2010-03-31 13:43 . 2010-03-31 13:43 499712 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e282a0-n\jmc.dll
2010-03-31 13:43 . 2010-03-31 13:43 348160 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e282a0-n\msvcr71.dll
2010-03-31 13:43 . 2010-03-31 13:43 61440 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27ba6311-n\decora-sse.dll
2010-03-31 13:43 . 2010-03-31 13:43 12800 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27ba6311-n\decora-d3d.dll
2010-03-31 13:43 . 2009-02-04 20:18 -------- d-----w- c:\program files\Java
2010-03-26 05:48 . 2010-03-26 05:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-22 14:51 . 2010-03-19 15:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-22 14:48 . 2010-03-19 15:05 -------- d-----w- c:\program files\Symantec
2010-03-22 14:48 . 2010-03-19 15:08 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-22 14:48 . 2010-03-19 15:08 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-22 14:48 . 2010-03-19 15:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-22 14:48 . 2010-03-19 15:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-22 14:48 . 2010-03-19 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-22 14:45 . 2010-03-22 14:45 625032 ----a-w- c:\windows\system32\SymNeti.dll
2010-03-22 14:45 . 2010-03-22 14:45 242056 ----a-w- c:\windows\system32\SymRedir.dll
2010-03-19 20:44 . 2009-06-30 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-19 15:38 . 2008-06-20 05:12 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-03-19 15:19 . 2008-01-15 14:54 10537 ----a-w- c:\windows\system32\drivers\coh_mon.cat
2010-03-19 15:19 . 2008-01-15 10:28 706 ----a-w- c:\windows\system32\drivers\COH_Mon.inf
2010-03-19 15:19 . 2008-01-12 23:32 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-03-19 15:03 . 2010-03-19 15:03 -------- d-----w- c:\program files\Photo Story 3 for Windows
2010-03-19 15:03 . 2010-01-01 14:46 -------- d-----w- c:\program files\Google
2010-03-19 15:03 . 2010-03-19 15:02 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-03-17 02:32 . 2010-03-17 02:32 423464 ----a-w- c:\documents and settings\jomisko\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28 . 2009-02-04 20:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 22:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-22 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Download Centre.lnk - c:\program files\Yamaha Corporation\Digital Music Notebook\Common\Download Centre\Download Centre.exe [2009-11-10 419160]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-2-4 197904]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2009-2-5 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-2146520231-682003330-5420\Scripts\Logon\0\0]
"Script"=Teachers.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/15/2010 9:59 PM 206256]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2/4/2009 11:55 AM 24064]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [6/16/2009 7:44 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [6/16/2009 7:44 PM 234888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/4/2009 8:57 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/19/2010 11:38 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/23/2008 12:31 PM 44800]
S0 srfuve;srfuve;c:\windows\system32\drivers\qoag.sys --> c:\windows\system32\drivers\qoag.sys [?]
S0 tqxggqrf;tqxggqrf;c:\windows\system32\drivers\aeud.sys --> c:\windows\system32\drivers\aeud.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 10:47 AM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 7:32 PM 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/4/2009 12:07 PM 193840]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2009 10:59 PM 18560]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [6/21/2007 5:40 AM 56448]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/2/2009 9:35 AM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 22:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-15 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4249146940.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 14:46]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 14:46]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2049760794-839522115-1007Core.job
- c:\documents and settings\jomisko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 14:46]

2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2049760794-839522115-1007UA.job
- c:\documents and settings\jomisko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 14:46]

2010-05-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-17 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-17 c:\windows\Tasks\SpeedyPC Program Check.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]

2010-05-17 c:\windows\Tasks\SpeedyPC Startup.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]

2010-05-17 c:\windows\Tasks\SpeedyPC.job
- c:\program files\SpeedyPC\SpeedyPC.exe [2010-03-18 00:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 10.4.4.1:8080
uInternet Settings,ProxyOverride = *.sbmc;10.*.*.*;*.manatee.k12.fl.us;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-Symantec Antvirus
AddRemove-Adobe Shockwave Player - c:\windows\system32\adobe\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 13:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\jomisko\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1464)
c:\windows\SYSTEM32\SYSFER.DLL
.
Completion time: 2010-05-17 13:44:32
ComboFix-quarantined-files.txt 2010-05-17 17:44

Pre-Run: 6,354,026,496 bytes free
Post-Run: 6,330,433,536 bytes free

- - End Of File - - 4D20C2C759079492916B765856C03D88
  • 0

#4
CatByte
Posted 17 May 2010 - 02:06 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Are you familiar with these proxy settings, if so what are they used for?

uInternet Settings,ProxyServer = 10.4.4.1:8080
uInternet Settings,ProxyOverride = *.sbmc;10.*.*.*;*.manatee.k12.fl.us;*.local

Please allow ComboFix to install the recovery Console when it requests to do so, it's important to have it installed.

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.geekstogo.com/forum/Blue-Screen-Totally-blank-t277071.html

Collect::
c:\windows\system32\drivers\qoag.sys 
c:\windows\system32\drivers\aeud.sys 

Folder::
c:\documents and settings\jomisko\Local Settings\Application Data\ejlvbgduy

Driver::
srfuve
tqxggqrf

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#5
mhsmused
Posted 18 May 2010 - 03:01 PM

mhsmused

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
It's a proxy at my work. I didn't think about it getting in the way. I did this run at home - it went through the process of installing that recovery thing. Here is the latest log:

ComboFix 10-05-16.06 - jomisko 05/18/2010 16:29:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.1253 [GMT -4:00]
Running from: c:\documents and settings\jomisko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jomisko\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jomisko\Local Settings\Application Data\ejlvbgduy

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srfuve
-------\Service_tqxggqrf


((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-17 02:34 . 2010-05-17 02:34 -------- d-----w- c:\documents and settings\jomisko\Application Data\Malwarebytes
2010-05-17 02:34 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 02:34 . 2010-05-17 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 02:34 . 2010-05-17 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 02:34 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 02:32 . 2010-05-17 02:32 -------- d-----w- c:\program files\ERUNT
2010-05-16 23:28 . 2010-05-16 23:34 -------- d-----w- c:\program files\RegCure
2010-05-16 01:59 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-16 01:59 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-16 01:59 . 2010-05-16 23:09 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-16 01:52 . 2010-05-17 13:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-16 01:43 . 2010-05-16 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-16 01:26 . 2010-05-16 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-05-15 18:34 . 2010-05-15 18:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-20 12:48 . 2010-04-20 12:48 -------- d-----w- c:\program files\MSXML 4.0
2010-04-20 12:09 . 2010-02-12 04:33 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-20 12:09 . 2009-12-24 06:59 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-04-20 12:09 . 2010-01-13 14:01 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-04-19 18:05 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-19 18:05 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-19 14:24 . 2010-04-19 14:24 -------- d-----w- c:\documents and settings\jomisko\Local Settings\Application Data\Yamaha Corporation
2010-04-19 14:22 . 2010-04-19 14:22 -------- d-----w- c:\program files\Yamaha Corporation
2010-04-19 14:22 . 2010-04-19 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yamaha Corporation
2010-04-19 14:22 . 2010-04-19 14:22 -------- d-----w- c:\documents and settings\jomisko\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 20:22 . 2010-03-19 15:05 -------- d-----w- c:\program files\Symantec
2010-05-18 20:22 . 2010-03-19 15:08 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-18 20:22 . 2010-03-19 15:08 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-18 20:22 . 2010-03-19 15:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-18 20:22 . 2010-03-19 15:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-16 23:04 . 2010-01-10 21:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-16 01:22 . 2009-06-07 14:53 -------- d-----w- c:\documents and settings\jomisko\Application Data\Skype
2010-05-16 01:22 . 2009-06-07 14:54 -------- d-----w- c:\documents and settings\jomisko\Application Data\skypePM
2010-05-14 14:10 . 2009-02-05 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 13:48 . 2010-03-24 13:52 -------- d-----w- c:\documents and settings\jomisko\Application Data\U3
2010-05-05 20:16 . 2009-02-05 12:29 -------- d-----w- c:\program files\PDFCreator
2010-04-28 17:56 . 2009-09-15 14:07 -------- d-----w- c:\program files\Finale PrintMusic 2010
2010-04-26 17:36 . 2009-07-06 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-04-21 02:47 . 2009-06-16 23:43 -------- d-----w- c:\program files\Vuze
2010-04-21 02:47 . 2009-06-16 23:44 -------- d-----w- c:\documents and settings\jomisko\Application Data\Azureus
2010-04-19 14:25 . 2010-04-08 14:33 94552 ----a-w- c:\documents and settings\jomisko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-07 18:42 . 2010-04-07 18:41 -------- d-----w- c:\program files\iTunes
2010-04-07 18:42 . 2010-04-07 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-07 18:41 . 2010-04-07 18:41 -------- d-----w- c:\program files\iPod
2010-04-07 18:41 . 2009-06-07 13:45 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 18:41 . 2009-11-25 12:30 -------- d-----w- c:\program files\QuickTime
2010-04-07 18:40 . 2009-06-07 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-07 18:40 . 2010-04-07 18:40 -------- d-----w- c:\program files\Apple Software Update
2010-04-07 16:31 . 2009-02-04 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-04-07 16:16 . 2010-04-07 16:16 -------- d-----w- c:\program files\Bonjour
2010-04-07 15:46 . 2010-04-07 15:46 1956656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-03-31 13:43 . 2009-02-04 20:18 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 13:43 . 2010-03-31 13:43 503808 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e282a0-n\msvcp71.dll
2010-03-31 13:43 . 2010-03-31 13:43 499712 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e282a0-n\jmc.dll
2010-03-31 13:43 . 2010-03-31 13:43 348160 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-46e282a0-n\msvcr71.dll
2010-03-31 13:43 . 2010-03-31 13:43 61440 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27ba6311-n\decora-sse.dll
2010-03-31 13:43 . 2010-03-31 13:43 12800 ----a-w- c:\documents and settings\jomisko\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27ba6311-n\decora-d3d.dll
2010-03-31 13:43 . 2009-02-04 20:18 -------- d-----w- c:\program files\Java
2010-03-26 05:48 . 2010-03-26 05:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-22 14:51 . 2010-03-19 15:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-22 14:48 . 2010-03-19 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-22 14:45 . 2010-03-22 14:45 625032 ----a-w- c:\windows\system32\SymNeti.dll
2010-03-22 14:45 . 2010-03-22 14:45 242056 ----a-w- c:\windows\system32\SymRedir.dll
2010-03-19 20:44 . 2009-06-30 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-19 15:38 . 2008-06-20 05:12 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-03-19 15:19 . 2008-01-12 23:32 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-03-17 02:32 . 2010-03-17 02:32 423464 ----a-w- c:\documents and settings\jomisko\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 08:28 . 2009-02-04 20:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 22:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-22 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Download Centre.lnk - c:\program files\Yamaha Corporation\Digital Music Notebook\Common\Download Centre\Download Centre.exe [2009-11-10 419160]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-2-4 197904]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico [2009-2-5 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1409082233-2146520231-682003330-5420\Scripts\Logon\0\0]
"Script"=Teachers.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/15/2010 9:59 PM 206256]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2/4/2009 11:55 AM 24064]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [6/16/2009 7:44 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [6/16/2009 7:44 PM 234888]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/4/2009 8:57 PM 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2/4/2009 12:07 PM 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/19/2010 11:38 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/23/2008 12:31 PM 44800]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2010 10:47 AM 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 7:32 PM 23888]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2009 10:59 PM 18560]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [6/21/2007 5:40 AM 56448]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/2/2009 9:35 AM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 22:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-18 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4249146940.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 14:46]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 14:46]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2049760794-839522115-1007Core.job
- c:\documents and settings\jomisko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 14:46]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-2049760794-839522115-1007UA.job
- c:\documents and settings\jomisko\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-08 14:46]

2010-05-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-18 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]

2010-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-04-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 10.4.4.1:8080
uInternet Settings,ProxyOverride = *.sbmc;10.*.*.*;*.manatee.k12.fl.us;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1468)
c:\windows\SYSTEM32\SYSFER.DLL

- - - - - - - > 'explorer.exe'(2296)
c:\windows\SYSTEM32\SYSFER.DLL
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-05-18 16:43:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 20:43
ComboFix2.txt 2010-05-17 17:44

Pre-Run: 6,284,709,888 bytes free
Post-Run: 6,173,470,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EC6F379DB74A1BBDF9041BADC688BC3C
  • 0

#6
CatByte
Posted 18 May 2010 - 03:54 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:

  • Open your Malwarebytes' Anti-Malware program and select the update tab, select update now
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so.


NEXT


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner:
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

  • 0

#7
mhsmused
Posted 19 May 2010 - 04:26 AM

mhsmused

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the 2 reports you requested:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4114

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/18/2010 8:46:39 PM
mbam-log-2010-05-18 (20-46-39).txt

Scan type: Quick scan
Objects scanned: 162636
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, May 19, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 19, 2010 00:28:03
Records in database: 4129822
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 81729
Threats found: 3
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 02:17:01


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AD80000\4BDDC363.VBN Infected: Trojan-Dropper.Win32.Typic.bbv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0AD80001\4BDF1B35.VBN Infected: Trojan.Win32.Qhost.kgy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\tcpip.sys.vir Infected: Rootkit.Win32.TDSS.ap 1

Selected area has been scanned.
  • 0

#8
CatByte
Posted 19 May 2010 - 04:51 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Just some housekeeping to do now,

Please do the following:


Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 20 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 20 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT


Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If any logs/tools remain on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.



    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
  • 0

#9
mhsmused
Posted 19 May 2010 - 06:59 AM

mhsmused

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
THANK YOU SOOOOO MUCH. I will heed your warnings and hope to avoid these problems in the future! Thanks again for everything.
  • 0

#10
CatByte
Posted 19 May 2010 - 07:24 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
You are more than welcome

stay safe :)

~CB
  • 0

#11
CatByte
Posted 19 May 2010 - 07:24 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP